Jump to content

TwoSnout

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. TwoSnout
    Catbyte, I have performed the procedures above. Your assistance and guidance have been invaluable. Thanks for your help.
  2. TwoSnout
    Hi Catbyte, ComboFix Script run, Log below. Adobe Reader X installed. Old Java deleted. New Java (JRE 6) installed. Temporary internet files deleted. Fawning gratitude sheepishly reiterated ComboFix 12-04-03.02 - TwoSnoutMBA 04/04/2012 21:58:56.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2907 [GMT -4:00] Running from: c:\users\TwoSnoutMBA\Desktop\ComboFix.exe Command switches used :: c:\users\TwoSnoutMBA\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\programdata\Microsoft\Windows\DRM\B9EF.tmp" "c:\programdata\Microsoft\Windows\DRM\BA2E.tmp" "c:\users\All Users\Microsoft\Windows\DRM\B9EF.tmp" "c:\users\All Users\Microsoft\Windows\DRM\BA2E.tmp" "c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675" "c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb" "c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f" "c:\users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe" "c:\users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe" "c:\users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\B9EF.tmp c:\programdata\Microsoft\Windows\DRM\BA2E.tmp c:\users\All Users\Microsoft\Windows\DRM\B9EF.tmp c:\users\All Users\Microsoft\Windows\DRM\BA2E.tmp c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675 c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f c:\users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe c:\users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe c:\users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 ))))))))))))))))))))))))))))))) . . 2012-04-05 02:06 . 2012-04-05 02:06 -------- d-----w- c:\users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\temp 2012-04-05 02:06 . 2012-04-05 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-04 11:30 . 2012-04-04 11:30 -------- d-----w- c:\program files (x86)\ESET 2012-04-03 15:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBB7C0A-3135-4F01-981E-C8191426BD78}\mpengine.dll 2012-04-02 11:39 . 2012-04-02 11:39 0 ----a-w- c:\windows\SysWow64\shoB02C.tmp 2012-04-02 02:44 . 2012-04-02 04:07 -------- d-----w- C:\FRST 2012-04-01 16:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files\Carbonite 2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\programdata\Carbonite 2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files (x86)\Carbonite 2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\Malwarebytes 2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\programdata\Malwarebytes 2012-03-29 16:28 . 2012-04-01 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-29 14:24 . 2012-03-29 16:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-28 15:36 . 2012-03-28 15:36 -------- d-----we c:\windows\system64 2012-03-25 19:59 . 2007-05-21 00:05 20569 ----a-w- c:\windows\gsk7bui.exe 2012-03-25 19:59 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe 2012-03-25 19:57 . 2012-03-25 20:01 -------- d-----w- c:\program files (x86)\IBM 2012-03-25 19:54 . 2012-03-25 19:58 -------- d-----w- c:\programdata\IBM 2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\zubc 2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\program files (x86)\ZUBC 2012-03-22 18:33 . 2012-03-22 18:33 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org 2012-03-22 18:30 . 2012-03-22 18:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2012-03-18 15:55 . 2012-03-29 22:09 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Local\Google 2012-03-18 15:55 . 2012-03-18 15:55 -------- d-----w- c:\program files (x86)\Google 2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-15 11:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 11:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 11:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 14:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 14:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 14:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 14:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 14:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 14:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 14:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 14:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 14:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 14:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-01 13:20 . 2010-10-23 15:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-04-01 13:20 . 2010-07-13 22:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-04-01 13:19 . 2010-07-13 22:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-04-01 13:19 . 2010-07-13 22:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-03-01 02:58 . 2011-05-20 23:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 13:18 . 2010-08-06 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-04-03_15.58.31 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-03 16:27 . 2012-04-03 16:27 14211 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-04-03 15:52 . 2012-04-03 15:52 14211 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2010-07-05 15:58 . 2012-04-03 16:30 38882 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-05 02:10 39734 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-07-14 13:44 . 2012-04-05 02:10 15628 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308426390-700880266-2043658470-1001_UserData.bin + 2010-07-13 17:03 . 2012-04-04 23:47 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-13 17:03 . 2012-04-03 14:51 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-13 17:03 . 2012-04-03 14:51 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-07-13 17:03 . 2012-04-04 23:47 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-03 14:51 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-04 23:47 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-07-05 15:58 . 2012-04-03 16:30 38882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-05 02:10 39734 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-07-14 13:44 . 2012-04-05 02:10 15628 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308426390-700880266-2043658470-1001_UserData.bin + 2010-07-13 17:03 . 2012-04-04 23:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-13 17:03 . 2012-04-03 14:51 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-13 17:03 . 2012-04-03 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-07-13 17:03 . 2012-04-04 23:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-04 23:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-03 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-04-04 11:39 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2010-07-24 11:06 . 2012-04-05 02:07 6264 c:\windows\system64\wdi\ERCQueuedResolutions.dat + 2010-07-24 11:06 . 2012-04-05 02:07 6264 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-04-03 15:53 . 2012-04-03 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-03 16:28 . 2012-04-05 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-03 16:28 . 2012-04-05 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-03 15:53 . 2012-04-03 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:54 . 2012-04-03 15:56 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-03 16:31 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-07-14 17:07 . 2012-04-05 01:41 302588 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-07-14 17:07 . 2012-04-05 01:41 302588 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2009-07-14 05:01 . 2012-04-03 16:27 446116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-04-02 12:05 446116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:54 . 2012-04-03 16:31 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-03 15:56 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-03 15:56 11075584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-03 16:31 11075584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984] "Malwarebytes' Anti-Malware"="c:\pente\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360] S2 MBAMService;MBAMService;c:\pente\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520] "lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/ FF - prefs.js: network.proxy.type - 4 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-04-04 22:14:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-05 02:14 ComboFix2.txt 2012-04-03 16:03 . Pre-Run: 31,426,105,344 bytes free Post-Run: 31,349,108,736 bytes free . - - End Of File - - E872D6BE92ED0A6D0101C9E07E05DCBC
  3. TwoSnout
    Hello, Folder C:\windows\system64 has 2,705 files in it, most of which look like the contents of system32. Per your instructions, I ran ESET scanner. Log follows... C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\ProgramData\Microsoft\Windows\DRM\B9EF.tmp Win64/Olmarik.AH trojan C:\ProgramData\Microsoft\Windows\DRM\BA2E.tmp Win64/Olmarik.AH trojan C:\Users\All Users\Microsoft\Windows\DRM\B9EF.tmp Win64/Olmarik.AH trojan C:\Users\All Users\Microsoft\Windows\DRM\BA2E.tmp Win64/Olmarik.AH trojan C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675 Java/Agent.DW trojan C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb Java/Exploit.CVE-2012-0507.E trojan C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f a variant of Java/Exploit.CVE-2011-3544.AV trojan C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe a variant of Win32/InstallMonetizer.AA application C:\Users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe Win32/OpenCandy application C:\Users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application
  4. TwoSnout
    Hi, Here is the Malwarebytes log and the Combofix log. Thanks again for all your help! Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.02.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 TwoSnoutMBA :: TWOSNOUTMBA-PC [administrator] Protection: Enabled 4/2/2012 7:57:49 AM mbam-log-2012-04-02 (07-57-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220341 Time elapsed: 6 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) ********************************************************************************************************************************************************* ComboFix 12-04-03.02 - TwoSnoutMBA 04/03/2012 11:41:29.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2264 [GMT -4:00] Running from: c:\users\TwoSnoutMBA\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload\installmanager.exe c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload\zip_unzip_installer_file.exe c:\users\TwoSnoutMBA\AppData\Roaming\Remote c:\users\TwoSnoutMBA\AppData\Roaming\Remote\dllx4_shrd c:\users\TwoSnoutMBA\AppData\Roaming\Remote\ffcd c:\users\TwoSnoutMBA\AppData\Roaming\Remote\kkjt c:\users\TwoSnoutMBA\AppData\Roaming\Remote\mxd1.txt c:\users\TwoSnoutMBA\AppData\Roaming\Remote\n.dat c:\users\TwoSnoutMBA\AppData\Roaming\Remote\r.dat c:\users\TwoSnoutMBA\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 ))))))))))))))))))))))))))))))) . . 2012-04-03 15:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBB7C0A-3135-4F01-981E-C8191426BD78}\mpengine.dll 2012-04-02 11:39 . 2012-04-02 11:39 0 ----a-w- c:\windows\SysWow64\shoB02C.tmp 2012-04-02 02:44 . 2012-04-02 04:07 -------- d-----w- C:\FRST 2012-04-01 16:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files\Carbonite 2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\programdata\Carbonite 2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files (x86)\Carbonite 2012-03-31 21:53 . 2012-03-31 21:53 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA2E.tmp 2012-03-31 21:53 . 2012-03-31 21:53 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9EF.tmp 2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\Malwarebytes 2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\programdata\Malwarebytes 2012-03-29 16:28 . 2012-04-01 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-29 14:24 . 2012-03-29 16:27 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-28 15:36 . 2012-03-28 15:36 -------- d-----we c:\windows\system64 2012-03-25 19:59 . 2007-05-21 00:05 20569 ----a-w- c:\windows\gsk7bui.exe 2012-03-25 19:59 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe 2012-03-25 19:57 . 2012-03-25 20:01 -------- d-----w- c:\program files (x86)\IBM 2012-03-25 19:54 . 2012-03-25 19:58 -------- d-----w- c:\programdata\IBM 2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\zubc 2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\program files (x86)\ZUBC 2012-03-22 18:33 . 2012-03-22 18:33 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org 2012-03-22 18:30 . 2012-03-22 18:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2012-03-18 15:55 . 2012-03-29 22:09 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Local\Google 2012-03-18 15:55 . 2012-03-18 15:55 -------- d-----w- c:\program files (x86)\Google 2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-15 11:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 11:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 11:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 14:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 14:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 14:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 14:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 14:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 14:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 14:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 14:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 14:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 14:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-01 13:20 . 2010-10-23 15:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-04-01 13:20 . 2010-07-13 22:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-04-01 13:19 . 2010-07-13 22:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-04-01 13:19 . 2010-07-13 22:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-03-01 02:58 . 2011-05-20 23:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 13:18 . 2010-08-06 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984] "Malwarebytes' Anti-Malware"="c:\pente\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360] S2 MBAMService;MBAMService;c:\pente\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520] "lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/ FF - prefs.js: network.proxy.type - 4 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe . ************************************************************************** . Completion time: 2012-04-03 12:02:59 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-03 16:02 . Pre-Run: 29,251,768,320 bytes free Post-Run: 32,570,585,088 bytes free . - - End Of File - - 7A0A73964DD7ACA5B8A10B27C5302011
  5. TwoSnout
    Hello I think we got it! I ran the frst64 fix (see log below). When I rebooted I still had a suspicious looking scvhost.exe using a lot of cycles so I ran malwarebytes scan again and cleared the trojan svchost. Since the reboot, my computer has showed no signs of infection (its been about 14 hours). Thank you so much for your help, CatByte! Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012 Ran by SYSTEM at 2012-04-02 07:50:59 R:1 Running from F:\ ============================================== C:\Windows\SysWOW64\shoEEB2.tmp moved successfully. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored. ========= bootrec /FixMbr ========= ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ========= End of CMD: ========= ========= bootrec /fixboot ========= ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ========= End of CMD: ========= The operation completed successfully. The operation completed successfully. ==== End of Fixlog ====
  6. TwoSnout
    Per your instructions, here is the frst.txt log: Scan result of Farbar Recovery Scan Tool Version: 15-03-2012 Ran by SYSTEM at 01-04-2012 23:06:13 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-21] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-21] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-21] (Intel Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2008-09-10] () HKLM\...\Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [16040 2008-09-10] () HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2916584 2010-08-12] (ESET) HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] () HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] () HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059984 2012-03-16] (Carbonite, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Pente\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation) HKU\Mcx1-TWOSNOUTMBA-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) HKU\TwoSnoutMBA\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.) HKU\TwoSnoutMBA\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2011-11-11] (Apple Inc.) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell) HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-01-13] (Softthinks) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 ==================== Services (Whitelisted) ====== 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) 2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.) 2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6684304 2012-03-16] (Carbonite, Inc. (www.carbonite.com)) 3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2010-08-12] (ESET) 2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2010-08-12] (ESET) 2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-09-17] () 2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.) 2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1039360 2009-10-16] ( ) 2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [594600 2008-05-23] ( ) 2 MailService; C:\Program Files (x86)\IBM\RationalSDLC\ClearQuest\mailservice.exe [81408 2010-07-30] (IBM Corporation) 2 MBAMService; "C:\Pente\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation) 3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation) 2 RosettaStoneDaemon; "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe" [444224 2009-09-03] (Rosetta Stone Ltd.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.) ========================== Drivers (Whitelisted) ============= 1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.) 3 dsNcAdpt; C:\Windows\System32\Drivers\dsNcAdpt.sys [32768 2009-08-12] (Juniper Networks) 2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [168544 2010-07-29] (ESET) 1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [141264 2010-07-29] (ESET) 2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [126320 2010-07-29] (ESET) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-04-01 20:31 - 2009-07-13 20:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp 2012-04-01 20:29 - 2012-04-01 21:04 - 0010934 ____A C:\Users\TwoSnoutMBA\Desktop\Case 2 Executive summary.docx 2012-04-01 20:12 - 2012-04-01 20:12 - 0044274 ____A C:\Users\TwoSnoutMBA\Downloads\xhan2_vnaraya2_Case_1_ExecSummary.docx 2012-04-01 11:41 - 2011-12-10 14:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-01 11:38 - 2012-04-01 11:39 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\TwoSnoutMBA\Downloads\mbam--setup-1.60.1.1000.exe 2012-04-01 09:52 - 2012-04-01 09:52 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(3).xls 2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\ProgramData\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files (x86)\Carbonite 2012-03-31 16:53 - 2012-03-31 17:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Remote 2012-03-31 16:53 - 2012-03-31 17:46 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Remote 2012-03-31 06:36 - 2012-03-31 06:36 - 0024950 ____A C:\Users\TwoSnoutMBA\Desktop\DDS.txt 2012-03-29 17:08 - 2012-03-29 17:08 - 0739864 ____A (Google Inc.) C:\Users\TwoSnoutMBA\Downloads\ChromeSetup.exe 2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\My Documents\mbam-log-2012-03-29 (12-31-41).txt 2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\Documents\mbam-log-2012-03-29 (12-31-41).txt 2012-03-29 11:28 - 2012-04-01 09:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\ProgramData\Malwarebytes 2012-03-29 11:06 - 2012-03-29 11:27 - 0127202 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_12.06.54_log.txt 2012-03-29 09:24 - 2012-03-29 11:27 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-03-29 09:23 - 2012-03-29 09:25 - 0127400 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_10.23.07_log.txt 2012-03-28 18:47 - 2012-03-29 06:08 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 9 2012-03-28 10:36 - 2012-03-28 10:36 - 0000000 ____D C:\Windows\system64 2012-03-27 18:25 - 2012-03-27 18:25 - 0739192 ____A C:\Users\TwoSnoutMBA\Downloads\Dealer_Aggregate_Demand.xlsx 2012-03-27 18:11 - 2012-03-27 18:12 - 0528914 ____A C:\Users\TwoSnoutMBA\Downloads\inventory_plots_update.xlsx 2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank.xlsx 2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank(1).xlsx 2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2 MBA553.xlsx 2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2 MBA553.xlsx 2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx 2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx 2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm 2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm 2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\My Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc 2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc 2012-03-26 17:26 - 2012-03-26 17:26 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations(1).xlsx 2012-03-26 16:33 - 2012-03-26 16:33 - 0022110 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_SimQuick_Case_1.xlsx 2012-03-26 16:30 - 2012-03-26 16:33 - 0022123 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_SimQuick_Case_1.xlsx 2012-03-26 16:30 - 2012-03-26 16:33 - 0022123 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_SimQuick_Case_1.xlsx 2012-03-26 16:03 - 2012-03-26 17:19 - 0317315 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_C.xlsm 2012-03-26 16:03 - 2012-03-26 17:19 - 0317315 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_C.xlsm 2012-03-26 15:59 - 2012-03-26 17:18 - 0317859 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_B.xlsm 2012-03-26 15:59 - 2012-03-26 17:18 - 0317859 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_B.xlsm 2012-03-26 15:55 - 2012-03-26 17:18 - 0317299 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_A.xlsm 2012-03-26 15:55 - 2012-03-26 17:18 - 0317299 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_A.xlsm 2012-03-26 15:18 - 2012-03-26 15:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(10).docx 2012-03-25 21:20 - 2012-03-25 21:20 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_(1).docx 2012-03-25 14:59 - 2007-05-20 19:05 - 0020569 ____A (IBM Corporation) C:\Windows\gsk7bui.exe 2012-03-25 14:59 - 1998-10-29 15:45 - 0306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2012-03-25 14:57 - 2012-03-25 15:01 - 0000000 ____D C:\Program Files (x86)\IBM 2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\Users\All Users\IBM 2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\Users\All Users\Application Data\IBM 2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\ProgramData\IBM 2012-03-25 14:46 - 2012-03-25 14:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win 2012-03-25 14:45 - 2012-03-25 14:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows 2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\Public\Desktop\Zip Unzip By Click.lnk 2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\All Users\Desktop\Zip Unzip By Click.lnk 2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\zubc 2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\zubc 2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Program Files (x86)\ZUBC 2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\bytewdownload 2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\bytewdownload 2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload 2012-03-25 14:42 - 2012-03-25 14:42 - 0323072 ____A (Bytewise Software) C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe 2012-03-25 12:58 - 2012-03-25 13:19 - 149059388 ____A C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows.zip 2012-03-25 12:57 - 2012-03-25 14:28 - 1340753072 ____A C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win.zip 2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(2).xls 2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(1).xls 2012-03-24 14:21 - 2012-03-25 10:30 - 0073216 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 2.xls 2012-03-24 14:21 - 2012-03-25 10:30 - 0073216 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 2.xls 2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk 2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk 2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\OpenOffice.org 2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org 2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk 2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.3.lnk 2012-03-22 13:30 - 2012-03-22 13:30 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3 2012-03-22 13:24 - 2012-03-22 13:25 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\OpenOffice.org 3.3 (en-US) Installation Files 2012-03-22 13:20 - 2012-03-22 13:24 - 158067944 ____A C:\Users\TwoSnoutMBA\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe 2012-03-21 18:20 - 2012-03-21 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 8 2012-03-21 16:06 - 2012-03-25 10:28 - 0011194 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 1.xlsx 2012-03-21 16:06 - 2012-03-25 10:28 - 0011194 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 1.xlsx 2012-03-20 11:54 - 2012-03-20 11:54 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(2).xlsx 2012-03-20 11:54 - 2012-03-20 11:54 - 0032154 ____A C:\Users\TwoSnoutMBA\Desktop\Input Sheet for Program demand Rev4.xlsx 2012-03-20 11:52 - 2012-03-28 18:57 - 0168960 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Model Template 032012.xls 2012-03-20 11:04 - 2012-03-20 11:04 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process(1).docx 2012-03-20 11:03 - 2012-03-20 11:03 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process.docx 2012-03-20 10:54 - 2012-03-20 10:54 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112(1).xls 2012-03-19 19:23 - 2012-03-20 11:53 - 0324820 ____A C:\Users\TwoSnoutMBA\My Documents\SimQuick_TemplateEx3.xlsm 2012-03-19 19:23 - 2012-03-20 11:53 - 0324820 ____A C:\Users\TwoSnoutMBA\Documents\SimQuick_TemplateEx3.xlsm 2012-03-19 18:59 - 2012-03-19 18:59 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_.docx 2012-03-19 18:06 - 2012-03-19 18:06 - 0589824 ____A C:\Users\TwoSnoutMBA\Downloads\SimQuick_Template.XLS 2012-03-19 11:33 - 2012-03-19 11:33 - 0104502 ____A C:\Users\TwoSnoutMBA\Downloads\1C2F2120-02E0-4B73-A5D8-743FEA4BC918.JPG 2012-03-19 10:53 - 2012-03-19 10:53 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(4).docx 2012-03-18 11:18 - 2012-03-18 11:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(9).docx 2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Google 2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Google 2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Google 2012-03-18 10:55 - 2012-03-18 10:55 - 0002212 ____A C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk 2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\Public\Desktop\Google Calendar.lnk 2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\All Users\Desktop\Google Calendar.lnk 2012-03-18 10:55 - 2012-03-18 10:55 - 0000000 ____D C:\Program Files (x86)\Google 2012-03-18 10:54 - 2012-03-18 10:54 - 1165008 ____A C:\Users\TwoSnoutMBA\Downloads\GoogleCalendarSync_Installer.exe 2012-03-15 18:37 - 2012-03-23 13:50 - 0042496 ____A C:\Users\TwoSnoutMBA\Desktop\Resume_James_Wall_int.doc 2012-03-15 06:10 - 2011-11-19 10:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-03-15 06:10 - 2011-11-19 09:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-03-15 06:10 - 2011-11-19 09:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-03-14 17:23 - 2012-03-27 18:08 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Term Project 2012-03-14 17:23 - 2012-03-26 15:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 7 2012-03-14 17:23 - 2012-03-25 10:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Midterm 2012-03-14 17:23 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 6 2012-03-14 12:59 - 2012-03-14 12:59 - 0836477 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Idec Production Planning031412.pptx 2012-03-14 09:17 - 2012-02-10 01:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-03-14 09:17 - 2012-02-10 00:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-03-14 09:17 - 2012-02-02 23:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-14 09:16 - 2012-02-17 01:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll 2012-03-14 09:16 - 2012-02-17 00:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2012-03-14 09:16 - 2012-02-16 23:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-03-14 09:16 - 2012-02-16 23:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys 2012-03-14 09:16 - 2012-01-25 01:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-03-14 09:16 - 2012-01-25 01:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-03-14 09:16 - 2012-01-25 01:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-03-14 06:10 - 2012-03-14 06:10 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112.xls 2012-03-13 19:14 - 2012-03-13 19:14 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations.xlsx 2012-03-13 19:13 - 2012-03-13 19:13 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset.xls 2012-03-12 16:29 - 2012-03-12 16:29 - 0290276 ____A C:\Users\TwoSnoutMBA\Desktop\James_Wall_Manzana_Case.pptx 2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2.xls 2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2(1).xls 2012-03-12 15:25 - 2012-03-12 15:25 - 0121384 ____A C:\Users\TwoSnoutMBA\Desktop\HW2.pdf 2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\My Documents\Homework.xlsx 2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\Documents\Homework.xlsx 2012-03-12 11:26 - 2012-03-12 11:26 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(2).docx 2012-03-11 20:28 - 2012-03-11 20:28 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(8).docx 2012-03-10 20:30 - 2012-03-11 20:11 - 0010763 ____A C:\Users\TwoSnoutMBA\My Documents\Caroline words.xlsx 2012-03-10 20:30 - 2012-03-11 20:11 - 0010763 ____A C:\Users\TwoSnoutMBA\Documents\Caroline words.xlsx 2012-03-08 11:26 - 2012-03-08 11:26 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(7).docx 2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_.docx 2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(1).docx 2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\My Documents\LenovoCover.txt 2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\Documents\LenovoCover.txt 2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\My Documents\SIPOC diagram.pptx 2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\Documents\SIPOC diagram.pptx 2012-03-02 15:38 - 2012-03-12 16:28 - 0290274 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.pptx 2012-03-02 15:38 - 2012-03-12 16:28 - 0290274 ____A C:\Users\TwoSnoutMBA\Documents\manzana.pptx 2012-03-02 15:22 - 2012-03-04 17:50 - 0009353 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.xlsx 2012-03-02 15:22 - 2012-03-04 17:50 - 0009353 ____A C:\Users\TwoSnoutMBA\Documents\manzana.xlsx ============ 3 Months Modified Files and Folders ============= 2012-04-01 23:06 - 2012-04-01 21:44 - 0000000 ____D C:\FRST 2012-04-01 21:58 - 2009-07-14 00:10 - 1986066 ____A C:\Windows\WindowsUpdate.log 2012-04-01 21:43 - 2009-07-14 00:13 - 0731422 ____A C:\Windows\System32\PerfStringBackup.INI 2012-04-01 21:39 - 2010-07-05 10:47 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2012-04-01 21:35 - 2012-01-17 20:22 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Logistics 2012-04-01 21:35 - 2012-01-17 20:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Logistics 2012-04-01 21:04 - 2012-04-01 20:29 - 0010934 ____A C:\Users\TwoSnoutMBA\Desktop\Case 2 Executive summary.docx 2012-04-01 20:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-04-01 20:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\SoftThinks 2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\SoftThinks 2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\SoftThinks 2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp 2012-04-01 20:30 - 2010-07-05 12:30 - 3190050816 __ASH C:\hiberfil.sys 2012-04-01 20:30 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-04-01 20:30 - 2009-07-13 23:51 - 0074695 ____A C:\Windows\setupact.log 2012-04-01 20:12 - 2012-04-01 20:12 - 0044274 ____A C:\Users\TwoSnoutMBA\Downloads\xhan2_vnaraya2_Case_1_ExecSummary.docx 2012-04-01 11:41 - 2010-08-01 18:05 - 0000000 ____D C:\Pente 2012-04-01 11:39 - 2012-04-01 11:38 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\TwoSnoutMBA\Downloads\mbam--setup-1.60.1.1000.exe 2012-04-01 11:23 - 2010-07-20 14:39 - 0744920 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-04-01 09:52 - 2012-04-01 09:52 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(3).xls 2012-04-01 09:07 - 2012-02-08 17:53 - 0000000 ____D C:\users\Mcx1-TWOSNOUTMBA-PC 2012-04-01 09:06 - 2012-03-29 11:28 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-01 09:06 - 2011-11-27 01:28 - 0000000 ____D C:\Windows\System32\Macromed 2012-04-01 09:06 - 2011-08-27 19:29 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\{ www.SceneTime.com } -Doctor_Who_2005.6x08.Lets_Kill_Hitler.HDTV_XviD-FoV 2012-04-01 09:06 - 2011-06-04 19:59 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who S06E07 A Good Man Goes To War (1) HDTV XviD-2HD [eztv] 2012-04-01 09:06 - 2011-06-04 19:57 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor.Who.2005.S06E07.PROPER.HDTV.XviD-BiA 2012-04-01 09:06 - 2011-05-28 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who S06E06 The Almost People (2) HDTV XviD-FQM [eztv.AVI 2012-04-01 09:06 - 2011-05-08 19:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who 2005.6x03.The Curse Of The Black Spot.720p HDTV x264-FoV 2012-04-01 09:06 - 2010-08-13 15:46 - 0000000 ____D C:\Program Files (x86)\BitTorrent 2012-04-01 09:06 - 2010-08-13 15:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\BitTorrent 2012-04-01 09:06 - 2010-08-13 15:45 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\BitTorrent 2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Microsoft Help 2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Microsoft Help 2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Microsoft Help 2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\PowerDVD DX 2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\PowerDVD DX 2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\PowerDVD DX 2012-04-01 09:06 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV 2012-04-01 09:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep 2012-04-01 09:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat 2012-04-01 09:05 - 2010-07-20 14:41 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\SoftGrid Client 2012-04-01 09:05 - 2010-07-20 14:41 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\SoftGrid Client 2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\Users\All Users\Application Data\Adobe 2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\Users\All Users\Adobe 2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\ProgramData\Adobe 2012-04-01 09:05 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration 2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\ProgramData\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files\Carbonite 2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files (x86)\Carbonite 2012-04-01 08:08 - 2010-07-13 12:07 - 0000000 ____D C:\users\TwoSnoutMBA 2012-04-01 08:08 - 2009-07-13 23:45 - 0452808 ____A C:\Windows\System32\FNTCACHE.DAT 2012-04-01 08:07 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR 2012-03-31 17:46 - 2012-03-31 16:53 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Remote 2012-03-31 17:46 - 2012-03-31 16:53 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Remote 2012-03-31 06:36 - 2012-03-31 06:36 - 0024950 ____A C:\Users\TwoSnoutMBA\Desktop\DDS.txt 2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Google 2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Google 2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Google 2012-03-29 17:08 - 2012-03-29 17:08 - 0739864 ____A (Google Inc.) C:\Users\TwoSnoutMBA\Downloads\ChromeSetup.exe 2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\My Documents\mbam-log-2012-03-29 (12-31-41).txt 2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\Documents\mbam-log-2012-03-29 (12-31-41).txt 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\ProgramData\Malwarebytes 2012-03-29 11:27 - 2012-03-29 11:06 - 0127202 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_12.06.54_log.txt 2012-03-29 11:27 - 2012-03-29 09:24 - 0000000 ____D C:\TDSSKiller_Quarantine 2012-03-29 09:25 - 2012-03-29 09:23 - 0127400 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_10.23.07_log.txt 2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\Local Settings\GDIPFONTCACHEV1.DAT 2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\AppData\Local\GDIPFONTCACHEV1.DAT 2012-03-29 06:08 - 2012-03-28 18:47 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 9 2012-03-28 18:57 - 2012-03-20 11:52 - 0168960 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Model Template 032012.xls 2012-03-28 10:36 - 2012-03-28 10:36 - 0000000 ____D C:\Windows\system64 2012-03-27 18:25 - 2012-03-27 18:25 - 0739192 ____A C:\Users\TwoSnoutMBA\Downloads\Dealer_Aggregate_Demand.xlsx 2012-03-27 18:12 - 2012-03-27 18:11 - 0528914 ____A C:\Users\TwoSnoutMBA\Downloads\inventory_plots_update.xlsx 2012-03-27 18:08 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Term Project 2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank.xlsx 2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank(1).xlsx 2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2 MBA553.xlsx 2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2 MBA553.xlsx 2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx 2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx 2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm 2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm 2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\My Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc 2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc 2012-03-26 17:26 - 2012-03-26 17:26 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations(1).xlsx 2012-03-26 17:19 - 2012-03-26 16:03 - 0317315 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_C.xlsm 2012-03-26 17:19 - 2012-03-26 16:03 - 0317315 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_C.xlsm 2012-03-26 17:18 - 2012-03-26 15:59 - 0317859 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_B.xlsm 2012-03-26 17:18 - 2012-03-26 15:59 - 0317859 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_B.xlsm 2012-03-26 17:18 - 2012-03-26 15:55 - 0317299 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_A.xlsm 2012-03-26 17:18 - 2012-03-26 15:55 - 0317299 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_A.xlsm 2012-03-26 16:33 - 2012-03-26 16:33 - 0022110 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_SimQuick_Case_1.xlsx 2012-03-26 16:33 - 2012-03-26 16:30 - 0022123 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_SimQuick_Case_1.xlsx 2012-03-26 16:33 - 2012-03-26 16:30 - 0022123 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_SimQuick_Case_1.xlsx 2012-03-26 15:22 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 7 2012-03-26 15:18 - 2012-03-26 15:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(10).docx 2012-03-25 21:20 - 2012-03-25 21:20 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_(1).docx 2012-03-25 15:01 - 2012-03-25 14:57 - 0000000 ____D C:\Program Files (x86)\IBM 2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\Users\All Users\IBM 2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\Users\All Users\Application Data\IBM 2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\ProgramData\IBM 2012-03-25 14:46 - 2012-03-25 14:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win 2012-03-25 14:45 - 2012-03-25 14:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows 2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\Public\Desktop\Zip Unzip By Click.lnk 2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\All Users\Desktop\Zip Unzip By Click.lnk 2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\zubc 2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\zubc 2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Program Files (x86)\ZUBC 2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\bytewdownload 2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\bytewdownload 2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload 2012-03-25 14:42 - 2012-03-25 14:42 - 0323072 ____A (Bytewise Software) C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe 2012-03-25 14:28 - 2012-03-25 12:57 - 1340753072 ____A C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win.zip 2012-03-25 13:19 - 2012-03-25 12:58 - 149059388 ____A C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows.zip 2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(2).xls 2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(1).xls 2012-03-25 10:33 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Midterm 2012-03-25 10:30 - 2012-03-24 14:21 - 0073216 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 2.xls 2012-03-25 10:30 - 2012-03-24 14:21 - 0073216 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 2.xls 2012-03-25 10:28 - 2012-03-21 16:06 - 0011194 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 1.xlsx 2012-03-25 10:28 - 2012-03-21 16:06 - 0011194 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 1.xlsx 2012-03-23 13:50 - 2012-03-15 18:37 - 0042496 ____A C:\Users\TwoSnoutMBA\Desktop\Resume_James_Wall_int.doc 2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk 2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk 2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\OpenOffice.org 2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org 2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk 2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.3.lnk 2012-03-22 13:30 - 2012-03-22 13:30 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3 2012-03-22 13:29 - 2010-07-05 10:38 - 0000000 ____D C:\Program Files (x86)\Java 2012-03-22 13:25 - 2012-03-22 13:24 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\OpenOffice.org 3.3 (en-US) Installation Files 2012-03-22 13:24 - 2012-03-22 13:20 - 158067944 ____A C:\Users\TwoSnoutMBA\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe 2012-03-21 18:20 - 2012-03-21 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 8 2012-03-20 11:54 - 2012-03-20 11:54 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(2).xlsx 2012-03-20 11:54 - 2012-03-20 11:54 - 0032154 ____A C:\Users\TwoSnoutMBA\Desktop\Input Sheet for Program demand Rev4.xlsx 2012-03-20 11:53 - 2012-03-19 19:23 - 0324820 ____A C:\Users\TwoSnoutMBA\My Documents\SimQuick_TemplateEx3.xlsm 2012-03-20 11:53 - 2012-03-19 19:23 - 0324820 ____A C:\Users\TwoSnoutMBA\Documents\SimQuick_TemplateEx3.xlsm 2012-03-20 11:04 - 2012-03-20 11:04 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process(1).docx 2012-03-20 11:03 - 2012-03-20 11:03 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process.docx 2012-03-20 10:54 - 2012-03-20 10:54 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112(1).xls 2012-03-19 18:59 - 2012-03-19 18:59 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_.docx 2012-03-19 18:06 - 2012-03-19 18:06 - 0589824 ____A C:\Users\TwoSnoutMBA\Downloads\SimQuick_Template.XLS 2012-03-19 11:34 - 2010-09-14 20:04 - 0073216 __ASH C:\Users\TwoSnoutMBA\Downloads\Thumbs.db 2012-03-19 11:33 - 2012-03-19 11:33 - 0104502 ____A C:\Users\TwoSnoutMBA\Downloads\1C2F2120-02E0-4B73-A5D8-743FEA4BC918.JPG 2012-03-19 10:53 - 2012-03-19 10:53 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(4).docx 2012-03-18 11:18 - 2012-03-18 11:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(9).docx 2012-03-18 10:55 - 2012-03-18 10:55 - 0002212 ____A C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk 2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\Public\Desktop\Google Calendar.lnk 2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\All Users\Desktop\Google Calendar.lnk 2012-03-18 10:55 - 2012-03-18 10:55 - 0000000 ____D C:\Program Files (x86)\Google 2012-03-18 10:54 - 2012-03-18 10:54 - 1165008 ____A C:\Users\TwoSnoutMBA\Downloads\GoogleCalendarSync_Installer.exe 2012-03-18 07:19 - 2010-07-13 12:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-03-15 06:07 - 2010-08-09 18:47 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\ProgramData\Microsoft Help 2012-03-14 17:23 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 6 2012-03-14 12:59 - 2012-03-14 12:59 - 0836477 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Idec Production Planning031412.pptx 2012-03-14 12:59 - 2012-01-25 15:48 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Articles for Biogen 2012-03-14 12:59 - 2012-01-25 15:48 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Articles for Biogen 2012-03-14 12:59 - 2011-01-23 09:51 - 0360960 __ASH C:\Users\TwoSnoutMBA\Desktop\Thumbs.db 2012-03-14 06:10 - 2012-03-14 06:10 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112.xls 2012-03-13 19:14 - 2012-03-13 19:14 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations.xlsx 2012-03-13 19:13 - 2012-03-13 19:13 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset.xls 2012-03-12 16:29 - 2012-03-12 16:29 - 0290276 ____A C:\Users\TwoSnoutMBA\Desktop\James_Wall_Manzana_Case.pptx 2012-03-12 16:28 - 2012-03-02 15:38 - 0290274 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.pptx 2012-03-12 16:28 - 2012-03-02 15:38 - 0290274 ____A C:\Users\TwoSnoutMBA\Documents\manzana.pptx 2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2.xls 2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2(1).xls 2012-03-12 15:25 - 2012-03-12 15:25 - 0121384 ____A C:\Users\TwoSnoutMBA\Desktop\HW2.pdf 2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\My Documents\Homework.xlsx 2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\Documents\Homework.xlsx 2012-03-12 11:26 - 2012-03-12 11:26 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(2).docx 2012-03-11 20:28 - 2012-03-11 20:28 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(8).docx 2012-03-11 20:11 - 2012-03-10 20:30 - 0010763 ____A C:\Users\TwoSnoutMBA\My Documents\Caroline words.xlsx 2012-03-11 20:11 - 2012-03-10 20:30 - 0010763 ____A C:\Users\TwoSnoutMBA\Documents\Caroline words.xlsx 2012-03-09 21:45 - 2011-05-12 20:50 - 0000720 ____A C:\Users\TwoSnoutMBA\Desktop\caroline words.txt 2012-03-08 22:23 - 2011-09-03 08:41 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Lenovo 2012-03-08 22:23 - 2011-09-03 08:41 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Lenovo 2012-03-08 11:26 - 2012-03-08 11:26 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(7).docx 2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_.docx 2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(1).docx 2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\My Documents\LenovoCover.txt 2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\Documents\LenovoCover.txt 2012-03-06 21:41 - 2011-11-14 07:41 - 0037376 ____A C:\Users\TwoSnoutMBA\Desktop\MBA Resume_James_Wall.doc 2012-03-06 15:22 - 2010-11-23 00:21 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer Project 2012-03-06 15:22 - 2010-11-23 00:21 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer Project 2012-03-06 15:21 - 2010-10-20 13:06 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer Sources 2012-03-06 15:21 - 2010-10-20 13:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer Sources 2012-03-06 15:20 - 2011-11-20 10:11 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\ERP 2012-03-06 15:20 - 2011-11-20 10:11 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\ERP 2012-03-06 15:20 - 2011-03-01 12:22 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\My Books 2012-03-06 15:20 - 2011-03-01 12:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\My Books 2012-03-06 15:20 - 2010-11-24 11:39 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer opening music_data 2012-03-06 15:20 - 2010-11-24 11:39 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer opening music_data 2012-03-06 15:20 - 2008-07-06 09:12 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\My eBooks 2012-03-06 15:20 - 2008-07-06 09:12 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\My eBooks 2012-03-04 17:50 - 2012-03-02 15:22 - 0009353 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.xlsx 2012-03-04 17:50 - 2012-03-02 15:22 - 0009353 ____A C:\Users\TwoSnoutMBA\Documents\manzana.xlsx 2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\My Documents\SIPOC diagram.pptx 2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\Documents\SIPOC diagram.pptx 2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\Local Settings\resmon.resmoncfg 2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\Local Settings\Application Data\resmon.resmoncfg 2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\AppData\Local\resmon.resmoncfg 2012-03-01 16:01 - 2012-03-01 13:28 - 0199168 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 030112 v3.xls 2012-03-01 16:01 - 2012-03-01 13:28 - 0199168 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 030112 v3.xls 2012-03-01 14:02 - 2012-03-01 14:02 - 0330680 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Idec Production Planning.pptx 2012-03-01 14:02 - 2012-03-01 14:02 - 0330680 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Idec Production Planning.pptx 2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(3).xls 2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(2).xls 2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(1).xls 2012-03-01 13:16 - 2012-03-01 13:16 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb.xls 2012-03-01 01:31 - 2012-03-01 00:21 - 0198656 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 030112.xls 2012-03-01 01:31 - 2012-03-01 00:21 - 0198656 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 030112.xls 2012-02-29 23:18 - 2012-02-29 08:43 - 0014857 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 022912.xlsx 2012-02-29 23:18 - 2012-02-29 08:43 - 0014857 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 022912.xlsx 2012-02-29 22:13 - 2012-02-29 22:13 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template(2).xlsx 2012-02-29 22:11 - 2012-02-29 22:11 - 0108544 ____A C:\Users\TwoSnoutMBA\Downloads\biogen draft.xls 2012-02-29 21:58 - 2011-05-20 18:20 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-02-29 15:43 - 2012-02-29 15:43 - 0000162 ___AH C:\Users\TwoSnoutMBA\Desktop\~$tirement.docx 2012-02-28 21:54 - 2012-02-27 20:04 - 0019097 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model James.xlsx 2012-02-28 21:54 - 2012-02-27 20:04 - 0019097 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model James.xlsx 2012-02-28 11:07 - 2012-02-28 11:07 - 0016937 ____A C:\Users\TwoSnoutMBA\Downloads\Questions-Responses(1).xlsx 2012-02-28 10:30 - 2010-07-13 14:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Skype 2012-02-28 10:30 - 2010-07-13 14:36 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Skype 2012-02-27 18:11 - 2012-02-27 18:11 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template(1).xlsx 2012-02-27 17:13 - 2012-02-27 17:13 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(6).docx 2012-02-27 10:35 - 2011-10-11 16:26 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\rock_knocker 2012-02-27 10:35 - 2011-10-11 16:26 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\rock_knocker 2012-02-27 10:08 - 2012-02-27 10:08 - 0016937 ____A C:\Users\TwoSnoutMBA\Downloads\Questions-Responses.xlsx 2012-02-27 10:08 - 2012-02-27 10:08 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Questions-Responses.xlsx 2012-02-25 23:55 - 2012-02-25 23:55 - 0027317 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics_Homework_022512_jwall.xlsx 2012-02-25 23:55 - 2012-02-25 23:55 - 0027317 ____A C:\Users\TwoSnoutMBA\Documents\Logistics_Homework_022512_jwall.xlsx 2012-02-25 23:55 - 2012-02-25 23:55 - 0000165 ___AH C:\Users\TwoSnoutMBA\My Documents\~$Logistics_Homework_022512_jwall.xlsx 2012-02-25 23:55 - 2012-02-25 23:55 - 0000165 ___AH C:\Users\TwoSnoutMBA\Documents\~$Logistics_Homework_022512_jwall.xlsx 2012-02-25 23:55 - 2012-02-24 18:48 - 0027317 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics_Homework_022512.xlsx 2012-02-25 23:55 - 2012-02-24 18:48 - 0027317 ____A C:\Users\TwoSnoutMBA\Documents\Logistics_Homework_022512.xlsx 2012-02-25 23:21 - 2012-02-25 23:21 - 0015034 ____A C:\Users\TwoSnoutMBA\Downloads\SPC_Summary_Sheet_Blank(1).xlsx 2012-02-25 23:21 - 2012-02-25 23:21 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$SPC_Summary_Sheet_Blank(1).xlsx 2012-02-25 18:53 - 2012-02-25 18:53 - 0015034 ____A C:\Users\TwoSnoutMBA\Downloads\SPC_Summary_Sheet_Blank.xlsx 2012-02-25 18:53 - 2012-02-25 18:53 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$SPC_Summary_Sheet_Blank.xlsx 2012-02-24 19:03 - 2012-02-24 19:03 - 0050623 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Inclass_Solution(1).xlsx 2012-02-24 19:03 - 2012-02-24 19:03 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Deere_Planning_Inclass_Solution(1).xlsx 2012-02-24 18:49 - 2012-02-24 18:49 - 0050623 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Inclass_Solution.xlsx 2012-02-24 18:48 - 2012-02-24 18:48 - 0000165 ___AH C:\Users\TwoSnoutMBA\My Documents\~$Logistics_Homework_022512.xlsx 2012-02-24 18:48 - 2012-02-24 18:48 - 0000165 ___AH C:\Users\TwoSnoutMBA\Documents\~$Logistics_Homework_022512.xlsx 2012-02-24 07:09 - 2012-02-24 07:09 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Biogen template.xlsx 2012-02-23 12:12 - 2012-02-23 12:11 - 0020556 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_Resume.docx 2012-02-23 11:43 - 2009-07-13 21:34 - 0000478 ____A C:\Windows\win.ini 2012-02-23 08:18 - 2010-08-06 15:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-02-22 15:44 - 2012-02-22 15:44 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template.xlsx 2012-02-21 18:23 - 2012-02-21 18:23 - 0024277 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Example.xlsx 2012-02-21 18:23 - 2012-02-21 18:23 - 0024277 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Example(1).xlsx 2012-02-21 07:18 - 2012-02-21 07:18 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(1).xlsx 2012-02-20 17:04 - 2012-02-20 17:04 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(5).docx 2012-02-20 17:03 - 2012-02-20 17:03 - 1542165 ____A C:\Users\TwoSnoutMBA\My Documents\553 HW_1 James Wall.docx 2012-02-20 17:03 - 2012-02-20 17:03 - 1542165 ____A C:\Users\TwoSnoutMBA\Documents\553 HW_1 James Wall.docx 2012-02-20 12:13 - 2012-02-20 12:13 - 0029419 ____A C:\Users\TwoSnoutMBA\Downloads\20120210_imco_brokerage_tax_doc_1099orig_3884.pdf 2012-02-18 15:28 - 2012-02-18 15:28 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_(2).docx 2012-02-17 15:58 - 2012-02-17 15:58 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(4).docx 2012-02-17 12:47 - 2010-07-13 12:10 - 0000402 __ASH C:\Users\TwoSnoutMBA\My Documents\desktop.ini 2012-02-17 12:47 - 2010-07-13 12:10 - 0000174 ___SH C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\desktop.ini 2012-02-17 12:47 - 2010-07-13 12:10 - 0000174 ___SH C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 2012-02-17 12:46 - 2010-07-05 12:30 - 0044364 ____A C:\Windows\PFRO.log 2012-02-17 12:46 - 2010-07-05 10:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-02-17 12:32 - 2010-07-20 14:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-02-17 01:38 - 2012-03-14 09:16 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll 2012-02-17 00:34 - 2012-03-14 09:16 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2012-02-16 23:58 - 2012-03-14 09:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-02-16 23:57 - 2012-03-14 09:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys 2012-02-16 12:56 - 2012-02-16 12:56 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4.xlsx 2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\Users\All Users\WebEx 2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\Users\All Users\Application Data\WebEx 2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\ProgramData\WebEx 2012-02-15 15:08 - 2012-02-15 15:08 - 0121344 ____A C:\Users\TwoSnoutMBA\My Documents\North Carolina State University MCDA-Rob Sanner.doc 2012-02-15 15:08 - 2012-02-15 15:08 - 0121344 ____A C:\Users\TwoSnoutMBA\Documents\North Carolina State University MCDA-Rob Sanner.doc 2012-02-15 14:39 - 2012-02-15 14:33 - 0013539 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 3 Agenda.docx 2012-02-15 14:30 - 2012-02-14 20:14 - 0107302 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics Forecasting Smoothing Methods.xlsm 2012-02-15 14:30 - 2012-02-14 20:14 - 0107302 ____A C:\Users\TwoSnoutMBA\Documents\Logistics Forecasting Smoothing Methods.xlsm 2012-02-14 17:48 - 2012-02-14 17:47 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(3).docx 2012-02-14 06:45 - 2011-12-12 13:29 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Novozymes Fall 2011 2012-02-14 06:45 - 2011-12-12 13:29 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Novozymes Fall 2011 2012-02-13 20:05 - 2012-02-13 20:05 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(3).docx 2012-02-13 16:26 - 2012-02-13 16:26 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_(1).docx 2012-02-12 23:44 - 2012-02-12 23:44 - 0012493 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Crucial Conversation.docx 2012-02-12 23:44 - 2012-02-12 23:44 - 0012493 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Crucial Conversation.docx 2012-02-10 01:36 - 2012-03-14 09:17 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-02-10 00:38 - 2012-03-14 09:17 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\Users\All Users\Lx_cats 2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\Users\All Users\Application Data\Lx_cats 2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\ProgramData\Lx_cats 2012-02-09 07:08 - 2012-02-09 07:08 - 0153331 ____A C:\Users\TwoSnoutMBA\My Documents\North Carolina State University MCDA.pdf 2012-02-09 07:08 - 2012-02-09 07:08 - 0153331 ____A C:\Users\TwoSnoutMBA\Documents\North Carolina State University MCDA.pdf 2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\VirtualStore 2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\VirtualStore 2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\VirtualStore 2012-02-08 17:57 - 2012-02-08 17:53 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\LocalLow 2012-02-08 17:53 - 2012-02-08 17:53 - 0000020 __ASH C:\Users\Mcx1-TWOSNOUTMBA-PC\ntuser.ini 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Templates 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Start Menu 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\PrintHood 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\NetHood 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Videos 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Pictures 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Music 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Temporary Internet Files 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\History 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\Temporary Internet Files 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\History 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Videos 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Pictures 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Music 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\Temporary Internet Files 2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\History 2012-02-08 16:29 - 2012-02-08 16:29 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary(2).docx 2012-02-08 16:28 - 2012-02-08 16:28 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary.docx 2012-02-08 16:28 - 2012-02-08 16:28 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary(1).docx 2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\Users\All Users\lxdu.log 2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\Users\All Users\Application Data\lxdu.log 2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\ProgramData\lxdu.log 2012-02-05 22:32 - 2012-02-05 22:32 - 0164675 ____A C:\Users\TwoSnoutMBA\Downloads\Multiobjective Long-Term Planning of Biopharmaceutical Manufacturing Facilities.pdf 2012-02-05 11:04 - 2012-02-05 11:04 - 0009264 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data(2).xlsx 2012-02-03 16:16 - 2012-02-02 21:32 - 0015634 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data(1).xlsx 2012-02-02 23:34 - 2012-03-14 09:17 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-02-01 14:06 - 2012-02-01 14:06 - 0015465 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel- COmpiled for team.xlsx 2012-01-31 19:54 - 2012-01-31 19:54 - 0009264 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data.xlsx 2012-01-31 19:30 - 2012-01-31 19:30 - 0107008 ____A C:\Users\TwoSnoutMBA\Downloads\Threads_-_Fixed_Cost_-_Binary_Variable.xls 2012-01-31 18:04 - 2012-01-31 18:04 - 0474740 ____A C:\Users\TwoSnoutMBA\Downloads\Gravity_Model_5-8_-_Student.xlsx 2012-01-31 18:04 - 2012-01-31 18:04 - 0474740 ____A C:\Users\TwoSnoutMBA\Downloads\Gravity_Model_5-8_-_Student(1).xlsx 2012-01-29 21:22 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\LocalLow 2012-01-29 19:12 - 2012-01-29 19:12 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(2).docx 2012-01-29 19:11 - 2012-01-29 19:11 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_.docx 2012-01-29 19:08 - 2012-01-29 19:08 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(2).docx 2012-01-29 09:10 - 2012-01-29 09:10 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen(2).xlsx 2012-01-25 16:16 - 2012-01-25 16:16 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen.xlsx 2012-01-25 16:16 - 2012-01-25 16:16 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen(1).xlsx 2012-01-25 16:11 - 2012-01-25 16:11 - 0902389 ____A C:\Users\TwoSnoutMBA\Downloads\Characterizing Markets for Biopharmaceutical Innovations Do Biologics Differ from Small Molecules.pdf 2012-01-25 16:11 - 2012-01-25 16:11 - 0511491 ____A C:\Users\TwoSnoutMBA\Downloads\The state of biopharmaceutical manufacturing.pdf 2012-01-25 15:49 - 2012-01-25 15:49 - 1146868 ____A C:\Users\TwoSnoutMBA\Downloads\A Stochastic Optimization Model to Improve Production Planning and R&D Resource Allocation in Biopharmaceutical Production Processes.pdf 2012-01-25 15:48 - 2012-01-25 15:48 - 1336123 ____A C:\Users\TwoSnoutMBA\Downloads\The dangerous quest for certainty in market forecasting(1).pdf 2012-01-25 15:47 - 2012-01-25 15:47 - 1336123 ____A C:\Users\TwoSnoutMBA\Downloads\The dangerous quest for certainty in market forecasting.pdf 2012-01-25 01:38 - 2012-03-14 09:16 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-01-25 01:38 - 2012-03-14 09:16 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-01-25 01:33 - 2012-03-14 09:16 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-01-24 20:09 - 2012-01-24 20:09 - 0020426 ____A C:\Users\TwoSnoutMBA\Downloads\CM_TelecomOptic_-_Rossetti.xlsx 2012-01-24 18:30 - 2012-01-24 18:30 - 0001188 ____A C:\Users\Public\Desktop\Express Zip File Compression Software.lnk 2012-01-24 18:30 - 2012-01-24 18:30 - 0001188 ____A C:\Users\All Users\Desktop\Express Zip File Compression Software.lnk 2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Users\All Users\NCH Software 2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Users\All Users\Application Data\NCH Software 2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\ProgramData\NCH Software 2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Program Files (x86)\NCH Software 2012-01-24 18:29 - 2012-01-24 18:29 - 1074296 ____A (NCH Software) C:\Users\TwoSnoutMBA\Downloads\zipsetup.exe 2012-01-24 18:25 - 2012-01-24 18:25 - 0337934 ____A C:\Users\TwoSnoutMBA\Downloads\SolverTable_2007.zip 2012-01-24 14:12 - 2012-01-23 22:58 - 0043209 ____A C:\Users\TwoSnoutMBA\My Documents\jgwall_EX_1.xlsx 2012-01-24 14:12 - 2012-01-23 22:58 - 0043209 ____A C:\Users\TwoSnoutMBA\Documents\jgwall_EX_1.xlsx 2012-01-23 22:13 - 2012-01-23 22:13 - 0019521 ____A C:\Users\TwoSnoutMBA\Downloads\Problem_5-3_Student_Blank.xlsx 2012-01-23 22:13 - 2012-01-23 22:13 - 0019521 ____A C:\Users\TwoSnoutMBA\Downloads\Problem_5-3_Student_Blank(1).xlsx 2012-01-20 15:22 - 2012-01-20 15:22 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(1).docx 2012-01-18 15:56 - 2012-01-18 15:56 - 0596945 ____A C:\Users\TwoSnoutMBA\Downloads\Novozymes Scope Document Draft 090611 v3.docx 2012-01-17 19:47 - 2012-01-17 19:47 - 0025290 ____A C:\Users\TwoSnoutMBA\Downloads\5-1_WA_Midwest_-_Student.xlsx 2012-01-17 11:04 - 2012-01-17 11:04 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(1).docx 2012-01-17 11:03 - 2012-01-17 11:03 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12.docx 2012-01-11 15:55 - 2012-01-11 15:55 - 0000000 ____D C:\Program Files (x86)\Frontline Systems 2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\Users\All Users\Frontline Systems 2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\Users\All Users\Application Data\Frontline Systems 2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\ProgramData\Frontline Systems 2012-01-11 15:18 - 2012-01-11 15:14 - 50028136 ____A (Frontline Systems, Inc.) C:\Users\TwoSnoutMBA\Downloads\SolverSetup.exe 2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12.docx 2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12(2).docx 2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12(1).docx 2012-01-09 14:04 - 2012-01-09 14:04 - 0014848 ____A C:\Users\TwoSnoutMBA\Downloads\ch6_examples_in_class.xls 2012-01-08 19:30 - 2012-01-08 19:30 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2.docx 2012-01-05 17:11 - 2012-01-05 17:11 - 0016801 ____A C:\Users\TwoSnoutMBA\Downloads\2012 NCSU Problem Statement - Final.docx 2012-01-05 17:11 - 2012-01-05 17:11 - 0016801 ____A C:\Users\TwoSnoutMBA\Downloads\2012 NCSU Problem Statement - Final(1).docx 2012-01-04 19:39 - 2012-01-04 19:39 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-01-04 19:39 - 2012-01-04 19:39 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-01-04 19:39 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files\iTunes 2012-01-04 19:39 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files (x86)\iTunes 2012-01-04 19:38 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files\iPod 2012-01-04 19:34 - 2010-07-13 12:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Apple Computer 2012-01-04 19:34 - 2010-07-13 12:55 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Apple Computer 2012-01-04 05:44 - 2012-02-15 11:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-01-04 05:44 - 2012-02-15 11:59 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll 2012-01-04 03:59 - 2012-02-15 11:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-01-04 03:58 - 2012-02-15 11:59 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4056.36 MB Available physical RAM: 3468.16 MB Total Pagefile: 4054.51 MB Available Pagefile: 3466.72 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:27.53 GB) NTFS 3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.04 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive g: (ATTACHE 2.0) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 117 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 218 GB 14 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 FAT Partition 39 MB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy ====================================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 117 MB 1024 B ====================================================================================================== Disk: 2 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G ATTACHE 2.0 FAT Removable 117 MB Healthy ====================================================================================================== ========================================================== TDL4: custom:26000022 ========================================================== Last Boot: 2012-03-31 08:32 ======================= End Of Log ==========================
  7. TwoSnout
    Hello, A few days ago I noticed Ping.exe was taking up a huge amount of CPU time and firefox would periodically redirect me to some random site. I downloaded malwarebytes and ran a scan. It detectect several trojans which I then quarantined and deleted. Upon reboot the ping.exe and redirects continued. Now, when I run a Malwarebytes scan, it does not detect anything. Thanks for any help you can provide. Below are DDS, Attach, and Mbam log: DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by TwoSnoutMBA at 7:45:18 on 2012-03-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2117 [GMT -4:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Windows\system32\taskhost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Windows\system32\lxducoms.exe C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Windows\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [Google Update] "C:\Users\TwoSnoutMBA\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe StartupFolder: C:\Users\TWOSNO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.wakemed.org/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1291FAB0-CC32-4D1E-A337-1C844D73F044} : DhcpNameServer = 10.4.5.100 10.4.2.100 TCP: Interfaces\{704E985C-BA21-4EB2-B339-DFB961B7FC73} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\24C657560284F6573756 : DhcpNameServer = 207.69.188.186 207.69.188.187 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\34570714A4F65602143636563737022556175796275637020557273686163756 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\4425147414E414D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\541637476596C6C6167656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\753405C475946494 : DhcpNameServer = 24.25.5.60 24.25.5.61 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/ FF - prefs.js: network.proxy.type - 4 FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\TwoSnoutMBA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144] R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360] R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-3 444224] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-5 705856] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxduserv.exe [2008-5-23 29184] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] . =============== Created Last 30 ================ . 2012-03-29 16:28:44 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes 2012-03-29 16:28:28 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-29 16:28:27 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-29 16:28:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-29 14:24:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-28 15:58:19 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-28 15:38:24 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-28 15:38:02 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-03-28 15:36:55 -------- d-----we C:\Windows\system64 2012-03-27 15:59:16 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14D8FC0A-F989-4566-A94A-F7B48B710E70}\mpengine.dll 2012-03-25 19:59:30 20569 ----a-w- C:\Windows\gsk7bui.exe 2012-03-25 19:59:26 306688 ----a-w- C:\Windows\IsUninst.exe 2012-03-25 19:57:41 -------- d-----w- C:\Program Files (x86)\IBM 2012-03-25 19:54:41 -------- d-----w- C:\ProgramData\IBM 2012-03-25 19:44:14 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\zubc 2012-03-25 19:44:10 -------- d-----w- C:\Program Files (x86)\ZUBC 2012-03-25 19:43:15 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload 2012-03-22 18:33:45 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org 2012-03-22 18:30:31 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 2012-03-18 15:55:35 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Local\Google 2012-03-18 12:19:42 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-18 12:19:42 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-15 11:10:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-15 11:10:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-15 11:10:56 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 14:17:11 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 14:17:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 14:17:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 14:16:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 14:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 14:16:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 14:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 14:16:26 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 14:16:26 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 14:16:26 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll . ==================== Find3M ==================== . 2012-03-29 16:58:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll . ============= FINISH: 7:45:43.78 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/13/2010 1:07:13 PM System Uptime: 3/30/2012 4:50:21 PM (15 hours ago) . Motherboard: Dell Inc. | | 0F642T Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 13.344 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Juniper Network Connect Virtual Adapter Device ID: ROOT\DSNCADPT\0000 Manufacturer: Juniper Name: Juniper Network Connect Virtual Adapter PNP Device ID: ROOT\DSNCADPT\0000 Service: dsNcAdpt . ==== System Restore Points =================== . RP228: 3/20/2012 11:48:37 AM - Windows Update RP229: 3/22/2012 2:25:10 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 RP230: 3/22/2012 2:26:16 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 RP231: 3/22/2012 2:29:30 PM - Installed Java 6 Update 22 RP232: 3/22/2012 2:30:05 PM - Installed OpenOffice.org 3.3 RP233: 3/27/2012 7:22:26 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Reader 9.4.6 Advanced Audio FX Engine Apple Application Support Apple Software Update Audacity 1.3.12 (Unicode) Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Click to Call with Skype CRT-71 D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central DPL 7 DPL 7 Demo ECL Viewer Express Zip File Compression Software FFmpeg for Audacity on Windows FlipShare Frontline Excel Solvers V11.5 Google Calendar Sync Google Chrome GoToAssist 8.0.0.514 GoToMeeting 4.5.0.457 HamsterFreeVideoConverter IBM Installation Manager Internet TV for Windows Media Center Java Auto Updater Java 6 Update 22 Java 6 Update 29 Juniper Networks Network Connect 6.5.0 Juniper Networks Setup Client Junk Mail filter update Lexmark Printable Web Live! Cam Avatar Creator LoJack Factory Installer Malwarebytes Anti-Malware version 1.60.1.1000 Markstrat Team Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Click-to-Run 2010 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2007 Microsoft redistributable runtime DLLs VS2005 SP1(x86) Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 microsoft.vs6 Mozilla Firefox 11.0 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) msxml4sys32 OnLive OpenOffice.org 3.3 PowerDVD DX QuickTime Rosetta Stone Ltd Services Roxio Burn Safari SAP Business Explorer SAP GUI for Windows 7.20 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Skype™ 5.5 sqaote32 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VitalSource Bookshelf VLC media player 1.1.9 WebEx WildTangent Games Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.01 (32-bit) Xtranormal State Xtranormal State - Showpak-Beiges Xtranormal State - Showpak-FM-Preview Xtranormal State - SoundPack-Starter Kit Xtranormal State - Voicepack-British-Graham22k Xtranormal State - Voicepack-British-Lucy22k Xtranormal State - Voicepack-English-UK-Daniel Xtranormal State - Voicepack-English-UK-Serena Xtranormal State - Voicepack-English-US-Samantha Xtranormal State - Voicepack-English-US-Tom Xtranormal State - Voicepack-USEnglish-Heather22k Xtranormal State - Voicepack-USEnglish-Ryan22k Zip Unzip By Click 1.0 . ==== Event Viewer Messages From Past Week ======== . 3/31/2012 7:24:19 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 3/31/2012 7:19:14 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 3/29/2012 8:20:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/29/2012 8:20:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect. 3/29/2012 8:20:52 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/29/2012 8:20:52 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/29/2012 8:20:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 3/29/2012 8:20:50 PM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed. 3/29/2012 8:20:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80036ddb60, 0xfffff80000b9c4d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-25381-01. 3/29/2012 8:18:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 3/29/2012 8:17:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 3/29/2012 8:15:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 3/29/2012 8:14:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 3/29/2012 8:13:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. 3/29/2012 8:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. 3/29/2012 12:41:28 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found. 3/27/2012 8:59:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TURNIP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced. 3/27/2012 8:55:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAURICIO-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced. 3/27/2012 8:48:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer AVNI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced. 3/27/2012 8:41:47 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.218.97 did not allow the name to be claimed by this computer. 3/27/2012 8:31:22 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.218.203 did not allow the name to be claimed by this computer. 3/27/2012 7:59:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MITCHIEE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced. 3/27/2012 7:57:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced. 3/27/2012 7:36:24 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.217.248 did not allow the name to be claimed by this computer. 3/27/2012 7:22:33 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.223.206 did not allow the name to be claimed by this computer. 3/27/2012 7:11:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service. 3/27/2012 6:39:04 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.217.141 did not allow the name to be claimed by this computer. 3/27/2012 6:08:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SAHAR-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced. 3/26/2012 6:12:12 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.218.234. The computer with the IP address 152.14.218.221 did not allow the name to be claimed by this computer. 3/26/2012 4:12:17 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 3/26/2012 4:11:49 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.101. The computer with the IP address 152.14.221.182 did not allow the name to be claimed by this computer. 3/26/2012 11:35:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. . ==== End Of File =========================== Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 TwoSnoutMBA :: TWOSNOUTMBA-PC [administrator] Protection: Enabled 3/29/2012 12:31:41 PM mbam-log-2012-03-29 (12-31-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219845 Time elapsed: 6 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot. Registry Keys Detected: 4 HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot. C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.