Jump to content

Ping.exe and redirects


Recommended Posts

Hello,

A few days ago I noticed Ping.exe was taking up a huge amount of CPU time and firefox would periodically redirect me to some random site. I downloaded malwarebytes and ran a scan. It detectect several trojans which I then quarantined and deleted. Upon reboot the ping.exe and redirects continued. Now, when I run a Malwarebytes scan, it does not detect anything. Thanks for any help you can provide. Below are DDS, Attach, and Mbam log:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by TwoSnoutMBA at 7:45:18 on 2012-03-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2117 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Windows\system32\lxducoms.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [Google Update] "C:\Users\TwoSnoutMBA\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\Users\TWOSNO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.wakemed.org/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1291FAB0-CC32-4D1E-A337-1C844D73F044} : DhcpNameServer = 10.4.5.100 10.4.2.100

TCP: Interfaces\{704E985C-BA21-4EB2-B339-DFB961B7FC73} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\24C657560284F6573756 : DhcpNameServer = 207.69.188.186 207.69.188.187

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\34570714A4F65602143636563737022556175796275637020557273686163756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\4425147414E414D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\541637476596C6C6167656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\753405C475946494 : DhcpNameServer = 24.25.5.60 24.25.5.61

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\TwoSnoutMBA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]

R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]

R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-3 444224]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-5 705856]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxduserv.exe [2008-5-23 29184]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-03-29 16:28:44 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes

2012-03-29 16:28:28 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-29 16:28:27 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-29 16:28:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-29 14:24:58 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-28 15:58:19 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-28 15:38:24 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-28 15:38:02 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-03-28 15:36:55 -------- d-----we C:\Windows\system64

2012-03-27 15:59:16 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14D8FC0A-F989-4566-A94A-F7B48B710E70}\mpengine.dll

2012-03-25 19:59:30 20569 ----a-w- C:\Windows\gsk7bui.exe

2012-03-25 19:59:26 306688 ----a-w- C:\Windows\IsUninst.exe

2012-03-25 19:57:41 -------- d-----w- C:\Program Files (x86)\IBM

2012-03-25 19:54:41 -------- d-----w- C:\ProgramData\IBM

2012-03-25 19:44:14 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\zubc

2012-03-25 19:44:10 -------- d-----w- C:\Program Files (x86)\ZUBC

2012-03-25 19:43:15 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload

2012-03-22 18:33:45 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org

2012-03-22 18:30:31 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-03-18 15:55:35 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Local\Google

2012-03-18 12:19:42 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 12:19:42 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 11:10:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-15 11:10:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-15 11:10:56 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 14:17:11 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 14:17:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 14:17:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 14:16:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 14:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 14:16:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 14:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 14:16:26 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 14:16:26 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 14:16:26 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

.

==================== Find3M ====================

.

2012-03-29 16:58:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 7:45:43.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/13/2010 1:07:13 PM

System Uptime: 3/30/2012 4:50:21 PM (15 hours ago)

.

Motherboard: Dell Inc. | | 0F642T

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 13.344 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Juniper Network Connect Virtual Adapter

Device ID: ROOT\DSNCADPT\0000

Manufacturer: Juniper

Name: Juniper Network Connect Virtual Adapter

PNP Device ID: ROOT\DSNCADPT\0000

Service: dsNcAdpt

.

==== System Restore Points ===================

.

RP228: 3/20/2012 11:48:37 AM - Windows Update

RP229: 3/22/2012 2:25:10 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

RP230: 3/22/2012 2:26:16 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP231: 3/22/2012 2:29:30 PM - Installed Java 6 Update 22

RP232: 3/22/2012 2:30:05 PM - Installed OpenOffice.org 3.3

RP233: 3/27/2012 7:22:26 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Reader 9.4.6

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Audacity 1.3.12 (Unicode)

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Click to Call with Skype

CRT-71

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

DPL 7

DPL 7 Demo

ECL Viewer

Express Zip File Compression Software

FFmpeg for Audacity on Windows

FlipShare

Frontline Excel Solvers V11.5

Google Calendar Sync

Google Chrome

GoToAssist 8.0.0.514

GoToMeeting 4.5.0.457

HamsterFreeVideoConverter

IBM Installation Manager

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

Juniper Networks Network Connect 6.5.0

Juniper Networks Setup Client

Junk Mail filter update

Lexmark Printable Web

Live! Cam Avatar Creator

LoJack Factory Installer

Malwarebytes Anti-Malware version 1.60.1.1000

Markstrat Team

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Click-to-Run 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Starter 2010 - English

Microsoft Office Word MUI (English) 2007

Microsoft redistributable runtime DLLs VS2005 SP1(x86)

Microsoft redistributable runtime DLLs VS2008 SP1(x86)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

microsoft.vs6

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

msxml4sys32

OnLive

OpenOffice.org 3.3

PowerDVD DX

QuickTime

Rosetta Stone Ltd Services

Roxio Burn

Safari

SAP Business Explorer

SAP GUI for Windows 7.20

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Skype™ 5.5

sqaote32

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VitalSource Bookshelf

VLC media player 1.1.9

WebEx

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

Xtranormal State

Xtranormal State - Showpak-Beiges

Xtranormal State - Showpak-FM-Preview

Xtranormal State - SoundPack-Starter Kit

Xtranormal State - Voicepack-British-Graham22k

Xtranormal State - Voicepack-British-Lucy22k

Xtranormal State - Voicepack-English-UK-Daniel

Xtranormal State - Voicepack-English-UK-Serena

Xtranormal State - Voicepack-English-US-Samantha

Xtranormal State - Voicepack-English-US-Tom

Xtranormal State - Voicepack-USEnglish-Heather22k

Xtranormal State - Voicepack-USEnglish-Ryan22k

Zip Unzip By Click 1.0

.

==== Event Viewer Messages From Past Week ========

.

3/31/2012 7:24:19 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/31/2012 7:19:14 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

3/29/2012 8:20:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/29/2012 8:20:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.

3/29/2012 8:20:52 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/29/2012 8:20:52 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2012 8:20:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/29/2012 8:20:50 PM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.

3/29/2012 8:20:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80036ddb60, 0xfffff80000b9c4d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-25381-01.

3/29/2012 8:18:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

3/29/2012 8:17:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

3/29/2012 8:15:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

3/29/2012 8:14:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

3/29/2012 8:13:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

3/29/2012 8:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

3/29/2012 12:41:28 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.

3/27/2012 8:59:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TURNIP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.

3/27/2012 8:55:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAURICIO-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.

3/27/2012 8:48:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer AVNI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.

3/27/2012 8:41:47 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.218.97 did not allow the name to be claimed by this computer.

3/27/2012 8:31:22 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.218.203 did not allow the name to be claimed by this computer.

3/27/2012 7:59:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MITCHIEE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.

3/27/2012 7:57:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.

3/27/2012 7:36:24 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.217.248 did not allow the name to be claimed by this computer.

3/27/2012 7:22:33 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.223.206 did not allow the name to be claimed by this computer.

3/27/2012 7:11:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.

3/27/2012 6:39:04 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.217.141 did not allow the name to be claimed by this computer.

3/27/2012 6:08:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SAHAR-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.

3/26/2012 6:12:12 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.218.234. The computer with the IP address 152.14.218.221 did not allow the name to be claimed by this computer.

3/26/2012 4:12:17 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

3/26/2012 4:11:49 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.101. The computer with the IP address 152.14.221.182 did not allow the name to be claimed by this computer.

3/26/2012 11:35:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

.

==== End Of File ===========================

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.29.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

TwoSnoutMBA :: TWOSNOUTMBA-PC [administrator]

Protection: Enabled

3/29/2012 12:31:41 PM

mbam-log-2012-03-29 (12-31-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219845

Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Detected: 4

HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

(end)

Link to post
Share on other sites

  • Staff

Hi,

Please run the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Per your instructions, here is the frst.txt log:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012

Ran by SYSTEM at 01-04-2012 23:06:13

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-21] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-21] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-21] (Intel Corporation)

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2008-09-10] ()

HKLM\...\Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [16040 2008-09-10] ()

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2916584 2010-08-12] (ESET)

HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)

HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059984 2012-03-16] (Carbonite, Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Pente\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)

HKU\Mcx1-TWOSNOUTMBA-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)

HKU\TwoSnoutMBA\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)

HKU\TwoSnoutMBA\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2011-11-11] (Apple Inc.)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)

2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6684304 2012-03-16] (Carbonite, Inc. (www.carbonite.com))

3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2010-08-12] (ESET)

2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2010-08-12] (ESET)

2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-09-17] ()

2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)

2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1039360 2009-10-16] ( )

2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [594600 2008-05-23] ( )

2 MailService; C:\Program Files (x86)\IBM\RationalSDLC\ClearQuest\mailservice.exe [81408 2010-07-30] (IBM Corporation)

2 MBAMService; "C:\Pente\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)

3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)

2 RosettaStoneDaemon; "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe" [444224 2009-09-03] (Rosetta Stone Ltd.)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)

3 dsNcAdpt; C:\Windows\System32\Drivers\dsNcAdpt.sys [32768 2009-08-12] (Juniper Networks)

2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [168544 2010-07-29] (ESET)

1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [141264 2010-07-29] (ESET)

2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [126320 2010-07-29] (ESET)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-01 20:31 - 2009-07-13 20:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp

2012-04-01 20:29 - 2012-04-01 21:04 - 0010934 ____A C:\Users\TwoSnoutMBA\Desktop\Case 2 Executive summary.docx

2012-04-01 20:12 - 2012-04-01 20:12 - 0044274 ____A C:\Users\TwoSnoutMBA\Downloads\xhan2_vnaraya2_Case_1_ExecSummary.docx

2012-04-01 11:41 - 2011-12-10 14:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-04-01 11:38 - 2012-04-01 11:39 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\TwoSnoutMBA\Downloads\mbam--setup-1.60.1.1000.exe

2012-04-01 09:52 - 2012-04-01 09:52 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(3).xls

2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\ProgramData\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files (x86)\Carbonite

2012-03-31 16:53 - 2012-03-31 17:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Remote

2012-03-31 16:53 - 2012-03-31 17:46 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Remote

2012-03-31 06:36 - 2012-03-31 06:36 - 0024950 ____A C:\Users\TwoSnoutMBA\Desktop\DDS.txt

2012-03-29 17:08 - 2012-03-29 17:08 - 0739864 ____A (Google Inc.) C:\Users\TwoSnoutMBA\Downloads\ChromeSetup.exe

2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\My Documents\mbam-log-2012-03-29 (12-31-41).txt

2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\Documents\mbam-log-2012-03-29 (12-31-41).txt

2012-03-29 11:28 - 2012-04-01 09:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\ProgramData\Malwarebytes

2012-03-29 11:06 - 2012-03-29 11:27 - 0127202 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_12.06.54_log.txt

2012-03-29 09:24 - 2012-03-29 11:27 - 0000000 ____D C:\TDSSKiller_Quarantine

2012-03-29 09:23 - 2012-03-29 09:25 - 0127400 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_10.23.07_log.txt

2012-03-28 18:47 - 2012-03-29 06:08 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 9

2012-03-28 10:36 - 2012-03-28 10:36 - 0000000 ____D C:\Windows\system64

2012-03-27 18:25 - 2012-03-27 18:25 - 0739192 ____A C:\Users\TwoSnoutMBA\Downloads\Dealer_Aggregate_Demand.xlsx

2012-03-27 18:11 - 2012-03-27 18:12 - 0528914 ____A C:\Users\TwoSnoutMBA\Downloads\inventory_plots_update.xlsx

2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank.xlsx

2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank(1).xlsx

2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2 MBA553.xlsx

2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2 MBA553.xlsx

2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx

2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx

2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm

2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm

2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\My Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc

2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc

2012-03-26 17:26 - 2012-03-26 17:26 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations(1).xlsx

2012-03-26 16:33 - 2012-03-26 16:33 - 0022110 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_SimQuick_Case_1.xlsx

2012-03-26 16:30 - 2012-03-26 16:33 - 0022123 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_SimQuick_Case_1.xlsx

2012-03-26 16:30 - 2012-03-26 16:33 - 0022123 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_SimQuick_Case_1.xlsx

2012-03-26 16:03 - 2012-03-26 17:19 - 0317315 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_C.xlsm

2012-03-26 16:03 - 2012-03-26 17:19 - 0317315 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_C.xlsm

2012-03-26 15:59 - 2012-03-26 17:18 - 0317859 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_B.xlsm

2012-03-26 15:59 - 2012-03-26 17:18 - 0317859 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_B.xlsm

2012-03-26 15:55 - 2012-03-26 17:18 - 0317299 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_A.xlsm

2012-03-26 15:55 - 2012-03-26 17:18 - 0317299 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_A.xlsm

2012-03-26 15:18 - 2012-03-26 15:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(10).docx

2012-03-25 21:20 - 2012-03-25 21:20 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_(1).docx

2012-03-25 14:59 - 2007-05-20 19:05 - 0020569 ____A (IBM Corporation) C:\Windows\gsk7bui.exe

2012-03-25 14:59 - 1998-10-29 15:45 - 0306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe

2012-03-25 14:57 - 2012-03-25 15:01 - 0000000 ____D C:\Program Files (x86)\IBM

2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\Users\All Users\IBM

2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\Users\All Users\Application Data\IBM

2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\ProgramData\IBM

2012-03-25 14:46 - 2012-03-25 14:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win

2012-03-25 14:45 - 2012-03-25 14:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows

2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\Public\Desktop\Zip Unzip By Click.lnk

2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\All Users\Desktop\Zip Unzip By Click.lnk

2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\zubc

2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\zubc

2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Program Files (x86)\ZUBC

2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\bytewdownload

2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\bytewdownload

2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload

2012-03-25 14:42 - 2012-03-25 14:42 - 0323072 ____A (Bytewise Software) C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe

2012-03-25 12:58 - 2012-03-25 13:19 - 149059388 ____A C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows.zip

2012-03-25 12:57 - 2012-03-25 14:28 - 1340753072 ____A C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win.zip

2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(2).xls

2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(1).xls

2012-03-24 14:21 - 2012-03-25 10:30 - 0073216 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 2.xls

2012-03-24 14:21 - 2012-03-25 10:30 - 0073216 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 2.xls

2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\OpenOffice.org

2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org

2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk

2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.3.lnk

2012-03-22 13:30 - 2012-03-22 13:30 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3

2012-03-22 13:24 - 2012-03-22 13:25 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\OpenOffice.org 3.3 (en-US) Installation Files

2012-03-22 13:20 - 2012-03-22 13:24 - 158067944 ____A C:\Users\TwoSnoutMBA\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

2012-03-21 18:20 - 2012-03-21 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 8

2012-03-21 16:06 - 2012-03-25 10:28 - 0011194 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 1.xlsx

2012-03-21 16:06 - 2012-03-25 10:28 - 0011194 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 1.xlsx

2012-03-20 11:54 - 2012-03-20 11:54 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(2).xlsx

2012-03-20 11:54 - 2012-03-20 11:54 - 0032154 ____A C:\Users\TwoSnoutMBA\Desktop\Input Sheet for Program demand Rev4.xlsx

2012-03-20 11:52 - 2012-03-28 18:57 - 0168960 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Model Template 032012.xls

2012-03-20 11:04 - 2012-03-20 11:04 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process(1).docx

2012-03-20 11:03 - 2012-03-20 11:03 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process.docx

2012-03-20 10:54 - 2012-03-20 10:54 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112(1).xls

2012-03-19 19:23 - 2012-03-20 11:53 - 0324820 ____A C:\Users\TwoSnoutMBA\My Documents\SimQuick_TemplateEx3.xlsm

2012-03-19 19:23 - 2012-03-20 11:53 - 0324820 ____A C:\Users\TwoSnoutMBA\Documents\SimQuick_TemplateEx3.xlsm

2012-03-19 18:59 - 2012-03-19 18:59 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_.docx

2012-03-19 18:06 - 2012-03-19 18:06 - 0589824 ____A C:\Users\TwoSnoutMBA\Downloads\SimQuick_Template.XLS

2012-03-19 11:33 - 2012-03-19 11:33 - 0104502 ____A C:\Users\TwoSnoutMBA\Downloads\1C2F2120-02E0-4B73-A5D8-743FEA4BC918.JPG

2012-03-19 10:53 - 2012-03-19 10:53 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(4).docx

2012-03-18 11:18 - 2012-03-18 11:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(9).docx

2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Google

2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Google

2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Google

2012-03-18 10:55 - 2012-03-18 10:55 - 0002212 ____A C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk

2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\Public\Desktop\Google Calendar.lnk

2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\All Users\Desktop\Google Calendar.lnk

2012-03-18 10:55 - 2012-03-18 10:55 - 0000000 ____D C:\Program Files (x86)\Google

2012-03-18 10:54 - 2012-03-18 10:54 - 1165008 ____A C:\Users\TwoSnoutMBA\Downloads\GoogleCalendarSync_Installer.exe

2012-03-15 18:37 - 2012-03-23 13:50 - 0042496 ____A C:\Users\TwoSnoutMBA\Desktop\Resume_James_Wall_int.doc

2012-03-15 06:10 - 2011-11-19 10:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-03-15 06:10 - 2011-11-19 09:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-03-15 06:10 - 2011-11-19 09:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-03-14 17:23 - 2012-03-27 18:08 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Term Project

2012-03-14 17:23 - 2012-03-26 15:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 7

2012-03-14 17:23 - 2012-03-25 10:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Midterm

2012-03-14 17:23 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 6

2012-03-14 12:59 - 2012-03-14 12:59 - 0836477 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Idec Production Planning031412.pptx

2012-03-14 09:17 - 2012-02-10 01:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-03-14 09:17 - 2012-02-10 00:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-03-14 09:17 - 2012-02-02 23:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-03-14 09:16 - 2012-02-17 01:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-03-14 09:16 - 2012-02-17 00:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-03-14 09:16 - 2012-02-16 23:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-03-14 09:16 - 2012-02-16 23:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-03-14 09:16 - 2012-01-25 01:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-03-14 09:16 - 2012-01-25 01:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-03-14 09:16 - 2012-01-25 01:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-03-14 06:10 - 2012-03-14 06:10 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112.xls

2012-03-13 19:14 - 2012-03-13 19:14 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations.xlsx

2012-03-13 19:13 - 2012-03-13 19:13 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset.xls

2012-03-12 16:29 - 2012-03-12 16:29 - 0290276 ____A C:\Users\TwoSnoutMBA\Desktop\James_Wall_Manzana_Case.pptx

2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2.xls

2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2(1).xls

2012-03-12 15:25 - 2012-03-12 15:25 - 0121384 ____A C:\Users\TwoSnoutMBA\Desktop\HW2.pdf

2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\My Documents\Homework.xlsx

2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\Documents\Homework.xlsx

2012-03-12 11:26 - 2012-03-12 11:26 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(2).docx

2012-03-11 20:28 - 2012-03-11 20:28 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(8).docx

2012-03-10 20:30 - 2012-03-11 20:11 - 0010763 ____A C:\Users\TwoSnoutMBA\My Documents\Caroline words.xlsx

2012-03-10 20:30 - 2012-03-11 20:11 - 0010763 ____A C:\Users\TwoSnoutMBA\Documents\Caroline words.xlsx

2012-03-08 11:26 - 2012-03-08 11:26 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(7).docx

2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_.docx

2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(1).docx

2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\My Documents\LenovoCover.txt

2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\Documents\LenovoCover.txt

2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\My Documents\SIPOC diagram.pptx

2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\Documents\SIPOC diagram.pptx

2012-03-02 15:38 - 2012-03-12 16:28 - 0290274 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.pptx

2012-03-02 15:38 - 2012-03-12 16:28 - 0290274 ____A C:\Users\TwoSnoutMBA\Documents\manzana.pptx

2012-03-02 15:22 - 2012-03-04 17:50 - 0009353 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.xlsx

2012-03-02 15:22 - 2012-03-04 17:50 - 0009353 ____A C:\Users\TwoSnoutMBA\Documents\manzana.xlsx

============ 3 Months Modified Files and Folders =============

2012-04-01 23:06 - 2012-04-01 21:44 - 0000000 ____D C:\FRST

2012-04-01 21:58 - 2009-07-14 00:10 - 1986066 ____A C:\Windows\WindowsUpdate.log

2012-04-01 21:43 - 2009-07-14 00:13 - 0731422 ____A C:\Windows\System32\PerfStringBackup.INI

2012-04-01 21:39 - 2010-07-05 10:47 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2012-04-01 21:35 - 2012-01-17 20:22 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Logistics

2012-04-01 21:35 - 2012-01-17 20:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Logistics

2012-04-01 21:04 - 2012-04-01 20:29 - 0010934 ____A C:\Users\TwoSnoutMBA\Desktop\Case 2 Executive summary.docx

2012-04-01 20:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-04-01 20:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\SoftThinks

2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\SoftThinks

2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\SoftThinks

2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp

2012-04-01 20:30 - 2010-07-05 12:30 - 3190050816 __ASH C:\hiberfil.sys

2012-04-01 20:30 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-04-01 20:30 - 2009-07-13 23:51 - 0074695 ____A C:\Windows\setupact.log

2012-04-01 20:12 - 2012-04-01 20:12 - 0044274 ____A C:\Users\TwoSnoutMBA\Downloads\xhan2_vnaraya2_Case_1_ExecSummary.docx

2012-04-01 11:41 - 2010-08-01 18:05 - 0000000 ____D C:\Pente

2012-04-01 11:39 - 2012-04-01 11:38 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\TwoSnoutMBA\Downloads\mbam--setup-1.60.1.1000.exe

2012-04-01 11:23 - 2010-07-20 14:39 - 0744920 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-04-01 09:52 - 2012-04-01 09:52 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(3).xls

2012-04-01 09:07 - 2012-02-08 17:53 - 0000000 ____D C:\users\Mcx1-TWOSNOUTMBA-PC

2012-04-01 09:06 - 2012-03-29 11:28 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-01 09:06 - 2011-11-27 01:28 - 0000000 ____D C:\Windows\System32\Macromed

2012-04-01 09:06 - 2011-08-27 19:29 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\{ www.SceneTime.com } -Doctor_Who_2005.6x08.Lets_Kill_Hitler.HDTV_XviD-FoV

2012-04-01 09:06 - 2011-06-04 19:59 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who S06E07 A Good Man Goes To War (1) HDTV XviD-2HD [eztv]

2012-04-01 09:06 - 2011-06-04 19:57 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor.Who.2005.S06E07.PROPER.HDTV.XviD-BiA

2012-04-01 09:06 - 2011-05-28 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who S06E06 The Almost People (2) HDTV XviD-FQM [eztv.AVI

2012-04-01 09:06 - 2011-05-08 19:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who 2005.6x03.The Curse Of The Black Spot.720p HDTV x264-FoV

2012-04-01 09:06 - 2010-08-13 15:46 - 0000000 ____D C:\Program Files (x86)\BitTorrent

2012-04-01 09:06 - 2010-08-13 15:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\BitTorrent

2012-04-01 09:06 - 2010-08-13 15:45 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\BitTorrent

2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Microsoft Help

2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Microsoft Help

2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Microsoft Help

2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\PowerDVD DX

2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\PowerDVD DX

2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\PowerDVD DX

2012-04-01 09:06 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV

2012-04-01 09:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep

2012-04-01 09:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat

2012-04-01 09:05 - 2010-07-20 14:41 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\SoftGrid Client

2012-04-01 09:05 - 2010-07-20 14:41 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\SoftGrid Client

2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\Users\All Users\Application Data\Adobe

2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\Users\All Users\Adobe

2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\ProgramData\Adobe

2012-04-01 09:05 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration

2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\ProgramData\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files\Carbonite

2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files (x86)\Carbonite

2012-04-01 08:08 - 2010-07-13 12:07 - 0000000 ____D C:\users\TwoSnoutMBA

2012-04-01 08:08 - 2009-07-13 23:45 - 0452808 ____A C:\Windows\System32\FNTCACHE.DAT

2012-04-01 08:07 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR

2012-03-31 17:46 - 2012-03-31 16:53 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Remote

2012-03-31 17:46 - 2012-03-31 16:53 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Remote

2012-03-31 06:36 - 2012-03-31 06:36 - 0024950 ____A C:\Users\TwoSnoutMBA\Desktop\DDS.txt

2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Google

2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Google

2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Google

2012-03-29 17:08 - 2012-03-29 17:08 - 0739864 ____A (Google Inc.) C:\Users\TwoSnoutMBA\Downloads\ChromeSetup.exe

2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\My Documents\mbam-log-2012-03-29 (12-31-41).txt

2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\Documents\mbam-log-2012-03-29 (12-31-41).txt

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\ProgramData\Malwarebytes

2012-03-29 11:27 - 2012-03-29 11:06 - 0127202 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_12.06.54_log.txt

2012-03-29 11:27 - 2012-03-29 09:24 - 0000000 ____D C:\TDSSKiller_Quarantine

2012-03-29 09:25 - 2012-03-29 09:23 - 0127400 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_10.23.07_log.txt

2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\Local Settings\GDIPFONTCACHEV1.DAT

2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\AppData\Local\GDIPFONTCACHEV1.DAT

2012-03-29 06:08 - 2012-03-28 18:47 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 9

2012-03-28 18:57 - 2012-03-20 11:52 - 0168960 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Model Template 032012.xls

2012-03-28 10:36 - 2012-03-28 10:36 - 0000000 ____D C:\Windows\system64

2012-03-27 18:25 - 2012-03-27 18:25 - 0739192 ____A C:\Users\TwoSnoutMBA\Downloads\Dealer_Aggregate_Demand.xlsx

2012-03-27 18:12 - 2012-03-27 18:11 - 0528914 ____A C:\Users\TwoSnoutMBA\Downloads\inventory_plots_update.xlsx

2012-03-27 18:08 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Term Project

2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank.xlsx

2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank(1).xlsx

2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2 MBA553.xlsx

2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2 MBA553.xlsx

2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx

2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx

2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm

2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm

2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\My Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc

2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc

2012-03-26 17:26 - 2012-03-26 17:26 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations(1).xlsx

2012-03-26 17:19 - 2012-03-26 16:03 - 0317315 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_C.xlsm

2012-03-26 17:19 - 2012-03-26 16:03 - 0317315 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_C.xlsm

2012-03-26 17:18 - 2012-03-26 15:59 - 0317859 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_B.xlsm

2012-03-26 17:18 - 2012-03-26 15:59 - 0317859 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_B.xlsm

2012-03-26 17:18 - 2012-03-26 15:55 - 0317299 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_A.xlsm

2012-03-26 17:18 - 2012-03-26 15:55 - 0317299 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_A.xlsm

2012-03-26 16:33 - 2012-03-26 16:33 - 0022110 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_SimQuick_Case_1.xlsx

2012-03-26 16:33 - 2012-03-26 16:30 - 0022123 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_SimQuick_Case_1.xlsx

2012-03-26 16:33 - 2012-03-26 16:30 - 0022123 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_SimQuick_Case_1.xlsx

2012-03-26 15:22 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 7

2012-03-26 15:18 - 2012-03-26 15:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(10).docx

2012-03-25 21:20 - 2012-03-25 21:20 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_(1).docx

2012-03-25 15:01 - 2012-03-25 14:57 - 0000000 ____D C:\Program Files (x86)\IBM

2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\Users\All Users\IBM

2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\Users\All Users\Application Data\IBM

2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\ProgramData\IBM

2012-03-25 14:46 - 2012-03-25 14:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win

2012-03-25 14:45 - 2012-03-25 14:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows

2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\Public\Desktop\Zip Unzip By Click.lnk

2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\All Users\Desktop\Zip Unzip By Click.lnk

2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\zubc

2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\zubc

2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Program Files (x86)\ZUBC

2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\bytewdownload

2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\bytewdownload

2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload

2012-03-25 14:42 - 2012-03-25 14:42 - 0323072 ____A (Bytewise Software) C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe

2012-03-25 14:28 - 2012-03-25 12:57 - 1340753072 ____A C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win.zip

2012-03-25 13:19 - 2012-03-25 12:58 - 149059388 ____A C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows.zip

2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(2).xls

2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(1).xls

2012-03-25 10:33 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Midterm

2012-03-25 10:30 - 2012-03-24 14:21 - 0073216 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 2.xls

2012-03-25 10:30 - 2012-03-24 14:21 - 0073216 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 2.xls

2012-03-25 10:28 - 2012-03-21 16:06 - 0011194 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 1.xlsx

2012-03-25 10:28 - 2012-03-21 16:06 - 0011194 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 1.xlsx

2012-03-23 13:50 - 2012-03-15 18:37 - 0042496 ____A C:\Users\TwoSnoutMBA\Desktop\Resume_James_Wall_int.doc

2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\OpenOffice.org

2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org

2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk

2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.3.lnk

2012-03-22 13:30 - 2012-03-22 13:30 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3

2012-03-22 13:29 - 2010-07-05 10:38 - 0000000 ____D C:\Program Files (x86)\Java

2012-03-22 13:25 - 2012-03-22 13:24 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\OpenOffice.org 3.3 (en-US) Installation Files

2012-03-22 13:24 - 2012-03-22 13:20 - 158067944 ____A C:\Users\TwoSnoutMBA\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

2012-03-21 18:20 - 2012-03-21 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 8

2012-03-20 11:54 - 2012-03-20 11:54 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(2).xlsx

2012-03-20 11:54 - 2012-03-20 11:54 - 0032154 ____A C:\Users\TwoSnoutMBA\Desktop\Input Sheet for Program demand Rev4.xlsx

2012-03-20 11:53 - 2012-03-19 19:23 - 0324820 ____A C:\Users\TwoSnoutMBA\My Documents\SimQuick_TemplateEx3.xlsm

2012-03-20 11:53 - 2012-03-19 19:23 - 0324820 ____A C:\Users\TwoSnoutMBA\Documents\SimQuick_TemplateEx3.xlsm

2012-03-20 11:04 - 2012-03-20 11:04 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process(1).docx

2012-03-20 11:03 - 2012-03-20 11:03 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process.docx

2012-03-20 10:54 - 2012-03-20 10:54 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112(1).xls

2012-03-19 18:59 - 2012-03-19 18:59 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_.docx

2012-03-19 18:06 - 2012-03-19 18:06 - 0589824 ____A C:\Users\TwoSnoutMBA\Downloads\SimQuick_Template.XLS

2012-03-19 11:34 - 2010-09-14 20:04 - 0073216 __ASH C:\Users\TwoSnoutMBA\Downloads\Thumbs.db

2012-03-19 11:33 - 2012-03-19 11:33 - 0104502 ____A C:\Users\TwoSnoutMBA\Downloads\1C2F2120-02E0-4B73-A5D8-743FEA4BC918.JPG

2012-03-19 10:53 - 2012-03-19 10:53 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(4).docx

2012-03-18 11:18 - 2012-03-18 11:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(9).docx

2012-03-18 10:55 - 2012-03-18 10:55 - 0002212 ____A C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk

2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\Public\Desktop\Google Calendar.lnk

2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\All Users\Desktop\Google Calendar.lnk

2012-03-18 10:55 - 2012-03-18 10:55 - 0000000 ____D C:\Program Files (x86)\Google

2012-03-18 10:54 - 2012-03-18 10:54 - 1165008 ____A C:\Users\TwoSnoutMBA\Downloads\GoogleCalendarSync_Installer.exe

2012-03-18 07:19 - 2010-07-13 12:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-03-15 06:07 - 2010-08-09 18:47 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\Users\All Users\Microsoft Help

2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help

2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\ProgramData\Microsoft Help

2012-03-14 17:23 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 6

2012-03-14 12:59 - 2012-03-14 12:59 - 0836477 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Idec Production Planning031412.pptx

2012-03-14 12:59 - 2012-01-25 15:48 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Articles for Biogen

2012-03-14 12:59 - 2012-01-25 15:48 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Articles for Biogen

2012-03-14 12:59 - 2011-01-23 09:51 - 0360960 __ASH C:\Users\TwoSnoutMBA\Desktop\Thumbs.db

2012-03-14 06:10 - 2012-03-14 06:10 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112.xls

2012-03-13 19:14 - 2012-03-13 19:14 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations.xlsx

2012-03-13 19:13 - 2012-03-13 19:13 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset.xls

2012-03-12 16:29 - 2012-03-12 16:29 - 0290276 ____A C:\Users\TwoSnoutMBA\Desktop\James_Wall_Manzana_Case.pptx

2012-03-12 16:28 - 2012-03-02 15:38 - 0290274 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.pptx

2012-03-12 16:28 - 2012-03-02 15:38 - 0290274 ____A C:\Users\TwoSnoutMBA\Documents\manzana.pptx

2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2.xls

2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2(1).xls

2012-03-12 15:25 - 2012-03-12 15:25 - 0121384 ____A C:\Users\TwoSnoutMBA\Desktop\HW2.pdf

2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\My Documents\Homework.xlsx

2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\Documents\Homework.xlsx

2012-03-12 11:26 - 2012-03-12 11:26 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(2).docx

2012-03-11 20:28 - 2012-03-11 20:28 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(8).docx

2012-03-11 20:11 - 2012-03-10 20:30 - 0010763 ____A C:\Users\TwoSnoutMBA\My Documents\Caroline words.xlsx

2012-03-11 20:11 - 2012-03-10 20:30 - 0010763 ____A C:\Users\TwoSnoutMBA\Documents\Caroline words.xlsx

2012-03-09 21:45 - 2011-05-12 20:50 - 0000720 ____A C:\Users\TwoSnoutMBA\Desktop\caroline words.txt

2012-03-08 22:23 - 2011-09-03 08:41 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Lenovo

2012-03-08 22:23 - 2011-09-03 08:41 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Lenovo

2012-03-08 11:26 - 2012-03-08 11:26 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(7).docx

2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_.docx

2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(1).docx

2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\My Documents\LenovoCover.txt

2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\Documents\LenovoCover.txt

2012-03-06 21:41 - 2011-11-14 07:41 - 0037376 ____A C:\Users\TwoSnoutMBA\Desktop\MBA Resume_James_Wall.doc

2012-03-06 15:22 - 2010-11-23 00:21 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer Project

2012-03-06 15:22 - 2010-11-23 00:21 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer Project

2012-03-06 15:21 - 2010-10-20 13:06 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer Sources

2012-03-06 15:21 - 2010-10-20 13:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer Sources

2012-03-06 15:20 - 2011-11-20 10:11 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\ERP

2012-03-06 15:20 - 2011-11-20 10:11 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\ERP

2012-03-06 15:20 - 2011-03-01 12:22 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\My Books

2012-03-06 15:20 - 2011-03-01 12:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\My Books

2012-03-06 15:20 - 2010-11-24 11:39 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer opening music_data

2012-03-06 15:20 - 2010-11-24 11:39 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer opening music_data

2012-03-06 15:20 - 2008-07-06 09:12 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\My eBooks

2012-03-06 15:20 - 2008-07-06 09:12 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\My eBooks

2012-03-04 17:50 - 2012-03-02 15:22 - 0009353 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.xlsx

2012-03-04 17:50 - 2012-03-02 15:22 - 0009353 ____A C:\Users\TwoSnoutMBA\Documents\manzana.xlsx

2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\My Documents\SIPOC diagram.pptx

2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\Documents\SIPOC diagram.pptx

2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\Local Settings\resmon.resmoncfg

2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\Local Settings\Application Data\resmon.resmoncfg

2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\AppData\Local\resmon.resmoncfg

2012-03-01 16:01 - 2012-03-01 13:28 - 0199168 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 030112 v3.xls

2012-03-01 16:01 - 2012-03-01 13:28 - 0199168 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 030112 v3.xls

2012-03-01 14:02 - 2012-03-01 14:02 - 0330680 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Idec Production Planning.pptx

2012-03-01 14:02 - 2012-03-01 14:02 - 0330680 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Idec Production Planning.pptx

2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(3).xls

2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(2).xls

2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(1).xls

2012-03-01 13:16 - 2012-03-01 13:16 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb.xls

2012-03-01 01:31 - 2012-03-01 00:21 - 0198656 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 030112.xls

2012-03-01 01:31 - 2012-03-01 00:21 - 0198656 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 030112.xls

2012-02-29 23:18 - 2012-02-29 08:43 - 0014857 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 022912.xlsx

2012-02-29 23:18 - 2012-02-29 08:43 - 0014857 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 022912.xlsx

2012-02-29 22:13 - 2012-02-29 22:13 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template(2).xlsx

2012-02-29 22:11 - 2012-02-29 22:11 - 0108544 ____A C:\Users\TwoSnoutMBA\Downloads\biogen draft.xls

2012-02-29 21:58 - 2011-05-20 18:20 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-02-29 15:43 - 2012-02-29 15:43 - 0000162 ___AH C:\Users\TwoSnoutMBA\Desktop\~$tirement.docx

2012-02-28 21:54 - 2012-02-27 20:04 - 0019097 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model James.xlsx

2012-02-28 21:54 - 2012-02-27 20:04 - 0019097 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model James.xlsx

2012-02-28 11:07 - 2012-02-28 11:07 - 0016937 ____A C:\Users\TwoSnoutMBA\Downloads\Questions-Responses(1).xlsx

2012-02-28 10:30 - 2010-07-13 14:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Skype

2012-02-28 10:30 - 2010-07-13 14:36 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Skype

2012-02-27 18:11 - 2012-02-27 18:11 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template(1).xlsx

2012-02-27 17:13 - 2012-02-27 17:13 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(6).docx

2012-02-27 10:35 - 2011-10-11 16:26 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\rock_knocker

2012-02-27 10:35 - 2011-10-11 16:26 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\rock_knocker

2012-02-27 10:08 - 2012-02-27 10:08 - 0016937 ____A C:\Users\TwoSnoutMBA\Downloads\Questions-Responses.xlsx

2012-02-27 10:08 - 2012-02-27 10:08 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Questions-Responses.xlsx

2012-02-25 23:55 - 2012-02-25 23:55 - 0027317 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics_Homework_022512_jwall.xlsx

2012-02-25 23:55 - 2012-02-25 23:55 - 0027317 ____A C:\Users\TwoSnoutMBA\Documents\Logistics_Homework_022512_jwall.xlsx

2012-02-25 23:55 - 2012-02-25 23:55 - 0000165 ___AH C:\Users\TwoSnoutMBA\My Documents\~$Logistics_Homework_022512_jwall.xlsx

2012-02-25 23:55 - 2012-02-25 23:55 - 0000165 ___AH C:\Users\TwoSnoutMBA\Documents\~$Logistics_Homework_022512_jwall.xlsx

2012-02-25 23:55 - 2012-02-24 18:48 - 0027317 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics_Homework_022512.xlsx

2012-02-25 23:55 - 2012-02-24 18:48 - 0027317 ____A C:\Users\TwoSnoutMBA\Documents\Logistics_Homework_022512.xlsx

2012-02-25 23:21 - 2012-02-25 23:21 - 0015034 ____A C:\Users\TwoSnoutMBA\Downloads\SPC_Summary_Sheet_Blank(1).xlsx

2012-02-25 23:21 - 2012-02-25 23:21 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$SPC_Summary_Sheet_Blank(1).xlsx

2012-02-25 18:53 - 2012-02-25 18:53 - 0015034 ____A C:\Users\TwoSnoutMBA\Downloads\SPC_Summary_Sheet_Blank.xlsx

2012-02-25 18:53 - 2012-02-25 18:53 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$SPC_Summary_Sheet_Blank.xlsx

2012-02-24 19:03 - 2012-02-24 19:03 - 0050623 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Inclass_Solution(1).xlsx

2012-02-24 19:03 - 2012-02-24 19:03 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Deere_Planning_Inclass_Solution(1).xlsx

2012-02-24 18:49 - 2012-02-24 18:49 - 0050623 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Inclass_Solution.xlsx

2012-02-24 18:48 - 2012-02-24 18:48 - 0000165 ___AH C:\Users\TwoSnoutMBA\My Documents\~$Logistics_Homework_022512.xlsx

2012-02-24 18:48 - 2012-02-24 18:48 - 0000165 ___AH C:\Users\TwoSnoutMBA\Documents\~$Logistics_Homework_022512.xlsx

2012-02-24 07:09 - 2012-02-24 07:09 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Biogen template.xlsx

2012-02-23 12:12 - 2012-02-23 12:11 - 0020556 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_Resume.docx

2012-02-23 11:43 - 2009-07-13 21:34 - 0000478 ____A C:\Windows\win.ini

2012-02-23 08:18 - 2010-08-06 15:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-02-22 15:44 - 2012-02-22 15:44 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template.xlsx

2012-02-21 18:23 - 2012-02-21 18:23 - 0024277 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Example.xlsx

2012-02-21 18:23 - 2012-02-21 18:23 - 0024277 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Example(1).xlsx

2012-02-21 07:18 - 2012-02-21 07:18 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(1).xlsx

2012-02-20 17:04 - 2012-02-20 17:04 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(5).docx

2012-02-20 17:03 - 2012-02-20 17:03 - 1542165 ____A C:\Users\TwoSnoutMBA\My Documents\553 HW_1 James Wall.docx

2012-02-20 17:03 - 2012-02-20 17:03 - 1542165 ____A C:\Users\TwoSnoutMBA\Documents\553 HW_1 James Wall.docx

2012-02-20 12:13 - 2012-02-20 12:13 - 0029419 ____A C:\Users\TwoSnoutMBA\Downloads\20120210_imco_brokerage_tax_doc_1099orig_3884.pdf

2012-02-18 15:28 - 2012-02-18 15:28 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_(2).docx

2012-02-17 15:58 - 2012-02-17 15:58 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(4).docx

2012-02-17 12:47 - 2010-07-13 12:10 - 0000402 __ASH C:\Users\TwoSnoutMBA\My Documents\desktop.ini

2012-02-17 12:47 - 2010-07-13 12:10 - 0000174 ___SH C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\desktop.ini

2012-02-17 12:47 - 2010-07-13 12:10 - 0000174 ___SH C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

2012-02-17 12:46 - 2010-07-05 12:30 - 0044364 ____A C:\Windows\PFRO.log

2012-02-17 12:46 - 2010-07-05 10:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-02-17 12:32 - 2010-07-20 14:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-02-17 01:38 - 2012-03-14 09:16 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-02-17 00:34 - 2012-03-14 09:16 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-02-16 23:58 - 2012-03-14 09:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-02-16 23:57 - 2012-03-14 09:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-02-16 12:56 - 2012-02-16 12:56 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4.xlsx

2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\Users\All Users\WebEx

2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\Users\All Users\Application Data\WebEx

2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\ProgramData\WebEx

2012-02-15 15:08 - 2012-02-15 15:08 - 0121344 ____A C:\Users\TwoSnoutMBA\My Documents\North Carolina State University MCDA-Rob Sanner.doc

2012-02-15 15:08 - 2012-02-15 15:08 - 0121344 ____A C:\Users\TwoSnoutMBA\Documents\North Carolina State University MCDA-Rob Sanner.doc

2012-02-15 14:39 - 2012-02-15 14:33 - 0013539 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 3 Agenda.docx

2012-02-15 14:30 - 2012-02-14 20:14 - 0107302 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics Forecasting Smoothing Methods.xlsm

2012-02-15 14:30 - 2012-02-14 20:14 - 0107302 ____A C:\Users\TwoSnoutMBA\Documents\Logistics Forecasting Smoothing Methods.xlsm

2012-02-14 17:48 - 2012-02-14 17:47 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(3).docx

2012-02-14 06:45 - 2011-12-12 13:29 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Novozymes Fall 2011

2012-02-14 06:45 - 2011-12-12 13:29 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Novozymes Fall 2011

2012-02-13 20:05 - 2012-02-13 20:05 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(3).docx

2012-02-13 16:26 - 2012-02-13 16:26 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_(1).docx

2012-02-12 23:44 - 2012-02-12 23:44 - 0012493 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Crucial Conversation.docx

2012-02-12 23:44 - 2012-02-12 23:44 - 0012493 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Crucial Conversation.docx

2012-02-10 01:36 - 2012-03-14 09:17 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-02-10 00:38 - 2012-03-14 09:17 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\Users\All Users\Lx_cats

2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\Users\All Users\Application Data\Lx_cats

2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\ProgramData\Lx_cats

2012-02-09 07:08 - 2012-02-09 07:08 - 0153331 ____A C:\Users\TwoSnoutMBA\My Documents\North Carolina State University MCDA.pdf

2012-02-09 07:08 - 2012-02-09 07:08 - 0153331 ____A C:\Users\TwoSnoutMBA\Documents\North Carolina State University MCDA.pdf

2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\VirtualStore

2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\VirtualStore

2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\VirtualStore

2012-02-08 17:57 - 2012-02-08 17:53 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\LocalLow

2012-02-08 17:53 - 2012-02-08 17:53 - 0000020 __ASH C:\Users\Mcx1-TWOSNOUTMBA-PC\ntuser.ini

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Templates

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Start Menu

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\PrintHood

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\NetHood

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Videos

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Pictures

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Music

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Temporary Internet Files

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\History

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\Temporary Internet Files

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\History

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Videos

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Pictures

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Music

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\Temporary Internet Files

2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\History

2012-02-08 16:29 - 2012-02-08 16:29 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary(2).docx

2012-02-08 16:28 - 2012-02-08 16:28 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary.docx

2012-02-08 16:28 - 2012-02-08 16:28 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary(1).docx

2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\Users\All Users\lxdu.log

2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\Users\All Users\Application Data\lxdu.log

2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\ProgramData\lxdu.log

2012-02-05 22:32 - 2012-02-05 22:32 - 0164675 ____A C:\Users\TwoSnoutMBA\Downloads\Multiobjective Long-Term Planning of Biopharmaceutical Manufacturing Facilities.pdf

2012-02-05 11:04 - 2012-02-05 11:04 - 0009264 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data(2).xlsx

2012-02-03 16:16 - 2012-02-02 21:32 - 0015634 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data(1).xlsx

2012-02-02 23:34 - 2012-03-14 09:17 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-02-01 14:06 - 2012-02-01 14:06 - 0015465 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel- COmpiled for team.xlsx

2012-01-31 19:54 - 2012-01-31 19:54 - 0009264 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data.xlsx

2012-01-31 19:30 - 2012-01-31 19:30 - 0107008 ____A C:\Users\TwoSnoutMBA\Downloads\Threads_-_Fixed_Cost_-_Binary_Variable.xls

2012-01-31 18:04 - 2012-01-31 18:04 - 0474740 ____A C:\Users\TwoSnoutMBA\Downloads\Gravity_Model_5-8_-_Student.xlsx

2012-01-31 18:04 - 2012-01-31 18:04 - 0474740 ____A C:\Users\TwoSnoutMBA\Downloads\Gravity_Model_5-8_-_Student(1).xlsx

2012-01-29 21:22 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\LocalLow

2012-01-29 19:12 - 2012-01-29 19:12 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(2).docx

2012-01-29 19:11 - 2012-01-29 19:11 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_.docx

2012-01-29 19:08 - 2012-01-29 19:08 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(2).docx

2012-01-29 09:10 - 2012-01-29 09:10 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen(2).xlsx

2012-01-25 16:16 - 2012-01-25 16:16 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen.xlsx

2012-01-25 16:16 - 2012-01-25 16:16 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen(1).xlsx

2012-01-25 16:11 - 2012-01-25 16:11 - 0902389 ____A C:\Users\TwoSnoutMBA\Downloads\Characterizing Markets for Biopharmaceutical Innovations Do Biologics Differ from Small Molecules.pdf

2012-01-25 16:11 - 2012-01-25 16:11 - 0511491 ____A C:\Users\TwoSnoutMBA\Downloads\The state of biopharmaceutical manufacturing.pdf

2012-01-25 15:49 - 2012-01-25 15:49 - 1146868 ____A C:\Users\TwoSnoutMBA\Downloads\A Stochastic Optimization Model to Improve Production Planning and R&D Resource Allocation in Biopharmaceutical Production Processes.pdf

2012-01-25 15:48 - 2012-01-25 15:48 - 1336123 ____A C:\Users\TwoSnoutMBA\Downloads\The dangerous quest for certainty in market forecasting(1).pdf

2012-01-25 15:47 - 2012-01-25 15:47 - 1336123 ____A C:\Users\TwoSnoutMBA\Downloads\The dangerous quest for certainty in market forecasting.pdf

2012-01-25 01:38 - 2012-03-14 09:16 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-01-25 01:38 - 2012-03-14 09:16 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-01-25 01:33 - 2012-03-14 09:16 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-01-24 20:09 - 2012-01-24 20:09 - 0020426 ____A C:\Users\TwoSnoutMBA\Downloads\CM_TelecomOptic_-_Rossetti.xlsx

2012-01-24 18:30 - 2012-01-24 18:30 - 0001188 ____A C:\Users\Public\Desktop\Express Zip File Compression Software.lnk

2012-01-24 18:30 - 2012-01-24 18:30 - 0001188 ____A C:\Users\All Users\Desktop\Express Zip File Compression Software.lnk

2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Users\All Users\NCH Software

2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Users\All Users\Application Data\NCH Software

2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\ProgramData\NCH Software

2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Program Files (x86)\NCH Software

2012-01-24 18:29 - 2012-01-24 18:29 - 1074296 ____A (NCH Software) C:\Users\TwoSnoutMBA\Downloads\zipsetup.exe

2012-01-24 18:25 - 2012-01-24 18:25 - 0337934 ____A C:\Users\TwoSnoutMBA\Downloads\SolverTable_2007.zip

2012-01-24 14:12 - 2012-01-23 22:58 - 0043209 ____A C:\Users\TwoSnoutMBA\My Documents\jgwall_EX_1.xlsx

2012-01-24 14:12 - 2012-01-23 22:58 - 0043209 ____A C:\Users\TwoSnoutMBA\Documents\jgwall_EX_1.xlsx

2012-01-23 22:13 - 2012-01-23 22:13 - 0019521 ____A C:\Users\TwoSnoutMBA\Downloads\Problem_5-3_Student_Blank.xlsx

2012-01-23 22:13 - 2012-01-23 22:13 - 0019521 ____A C:\Users\TwoSnoutMBA\Downloads\Problem_5-3_Student_Blank(1).xlsx

2012-01-20 15:22 - 2012-01-20 15:22 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(1).docx

2012-01-18 15:56 - 2012-01-18 15:56 - 0596945 ____A C:\Users\TwoSnoutMBA\Downloads\Novozymes Scope Document Draft 090611 v3.docx

2012-01-17 19:47 - 2012-01-17 19:47 - 0025290 ____A C:\Users\TwoSnoutMBA\Downloads\5-1_WA_Midwest_-_Student.xlsx

2012-01-17 11:04 - 2012-01-17 11:04 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(1).docx

2012-01-17 11:03 - 2012-01-17 11:03 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12.docx

2012-01-11 15:55 - 2012-01-11 15:55 - 0000000 ____D C:\Program Files (x86)\Frontline Systems

2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\Users\All Users\Frontline Systems

2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\Users\All Users\Application Data\Frontline Systems

2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\ProgramData\Frontline Systems

2012-01-11 15:18 - 2012-01-11 15:14 - 50028136 ____A (Frontline Systems, Inc.) C:\Users\TwoSnoutMBA\Downloads\SolverSetup.exe

2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12.docx

2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12(2).docx

2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12(1).docx

2012-01-09 14:04 - 2012-01-09 14:04 - 0014848 ____A C:\Users\TwoSnoutMBA\Downloads\ch6_examples_in_class.xls

2012-01-08 19:30 - 2012-01-08 19:30 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2.docx

2012-01-05 17:11 - 2012-01-05 17:11 - 0016801 ____A C:\Users\TwoSnoutMBA\Downloads\2012 NCSU Problem Statement - Final.docx

2012-01-05 17:11 - 2012-01-05 17:11 - 0016801 ____A C:\Users\TwoSnoutMBA\Downloads\2012 NCSU Problem Statement - Final(1).docx

2012-01-04 19:39 - 2012-01-04 19:39 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-01-04 19:39 - 2012-01-04 19:39 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-01-04 19:39 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files\iTunes

2012-01-04 19:39 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files (x86)\iTunes

2012-01-04 19:38 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files\iPod

2012-01-04 19:34 - 2010-07-13 12:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Apple Computer

2012-01-04 19:34 - 2010-07-13 12:55 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Apple Computer

2012-01-04 05:44 - 2012-02-15 11:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-01-04 05:44 - 2012-02-15 11:59 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll

2012-01-04 03:59 - 2012-02-15 11:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-01-04 03:58 - 2012-02-15 11:59 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 4056.36 MB

Available physical RAM: 3468.16 MB

Total Pagefile: 4054.51 MB

Available Pagefile: 3466.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:27.53 GB) NTFS

3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: (ATTACHE 2.0) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 117 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 117 MB 1024 B

======================================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G ATTACHE 2.0 FAT Removable 117 MB Healthy

======================================================================================================

==========================================================

TDL4: custom:26000022

==========================================================

Last Boot: 2012-03-31 08:32

======================= End Of Log ==========================

Link to post
Share on other sites

  • Staff

Hi

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
cmd: bootrec /fixboot
TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Link to post
Share on other sites

Hello

I think we got it! I ran the frst64 fix (see log below). When I rebooted I still had a suspicious looking scvhost.exe using a lot of cycles so I ran malwarebytes scan again and cleared the trojan svchost. Since the reboot, my computer has showed no signs of infection (its been about 14 hours). Thank you so much for your help, CatByte!

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012

Ran by SYSTEM at 2012-04-02 07:50:59 R:1

Running from F:\

==============================================

C:\Windows\SysWOW64\shoEEB2.tmp moved successfully.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

========= bootrec /fixboot =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hi,

there are still a couple of scans I would like to run to make certain we have all of the infection

(could you also post that Malwarebytes log, thanks)

Please do the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from one of these locations:
    Link 1
    Link 2
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi,

Here is the Malwarebytes log and the Combofix log. Thanks again for all your help!

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.02.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

TwoSnoutMBA :: TWOSNOUTMBA-PC [administrator]

Protection: Enabled

4/2/2012 7:57:49 AM

mbam-log-2012-04-02 (07-57-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220341

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

*********************************************************************************************************************************************************

ComboFix 12-04-03.02 - TwoSnoutMBA 04/03/2012 11:41:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2264 [GMT -4:00]

Running from: c:\users\TwoSnoutMBA\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload

c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload\installmanager.exe

c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload\zip_unzip_installer_file.exe

c:\users\TwoSnoutMBA\AppData\Roaming\Remote

c:\users\TwoSnoutMBA\AppData\Roaming\Remote\dllx4_shrd

c:\users\TwoSnoutMBA\AppData\Roaming\Remote\ffcd

c:\users\TwoSnoutMBA\AppData\Roaming\Remote\kkjt

c:\users\TwoSnoutMBA\AppData\Roaming\Remote\mxd1.txt

c:\users\TwoSnoutMBA\AppData\Roaming\Remote\n.dat

c:\users\TwoSnoutMBA\AppData\Roaming\Remote\r.dat

c:\users\TwoSnoutMBA\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))

.

.

2012-04-03 15:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBB7C0A-3135-4F01-981E-C8191426BD78}\mpengine.dll

2012-04-02 11:39 . 2012-04-02 11:39 0 ----a-w- c:\windows\SysWow64\shoB02C.tmp

2012-04-02 02:44 . 2012-04-02 04:07 -------- d-----w- C:\FRST

2012-04-01 16:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files\Carbonite

2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\programdata\Carbonite

2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files (x86)\Carbonite

2012-03-31 21:53 . 2012-03-31 21:53 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA2E.tmp

2012-03-31 21:53 . 2012-03-31 21:53 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9EF.tmp

2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\Malwarebytes

2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\programdata\Malwarebytes

2012-03-29 16:28 . 2012-04-01 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-29 14:24 . 2012-03-29 16:27 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-28 15:36 . 2012-03-28 15:36 -------- d-----we c:\windows\system64

2012-03-25 19:59 . 2007-05-21 00:05 20569 ----a-w- c:\windows\gsk7bui.exe

2012-03-25 19:59 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-03-25 19:57 . 2012-03-25 20:01 -------- d-----w- c:\program files (x86)\IBM

2012-03-25 19:54 . 2012-03-25 19:58 -------- d-----w- c:\programdata\IBM

2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\zubc

2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\program files (x86)\ZUBC

2012-03-22 18:33 . 2012-03-22 18:33 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org

2012-03-22 18:30 . 2012-03-22 18:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-03-18 15:55 . 2012-03-29 22:09 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Local\Google

2012-03-18 15:55 . 2012-03-18 15:55 -------- d-----w- c:\program files (x86)\Google

2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 11:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 11:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 11:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 14:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 14:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 14:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 14:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 14:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 14:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 14:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 14:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 14:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 14:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 13:20 . 2010-10-23 15:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-04-01 13:20 . 2010-07-13 22:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-04-01 13:19 . 2010-07-13 22:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-04-01 13:19 . 2010-07-13 22:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-01 02:58 . 2011-05-20 23:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 13:18 . 2010-08-06 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]

"Malwarebytes' Anti-Malware"="c:\pente\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]

S2 MBAMService;MBAMService;c:\pente\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]

"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

.

**************************************************************************

.

Completion time: 2012-04-03 12:02:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-03 16:02

.

Pre-Run: 29,251,768,320 bytes free

Post-Run: 32,570,585,088 bytes free

.

- - End Of File - - 7A0A73964DD7ACA5B8A10B27C5302011

Link to post
Share on other sites

  • Staff

Hi,

This isn't a normal folder c:\windows\system64

please navigate to that folder and let me know if there is anything inside it

(If it is empty > right click and delete it)

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

Hello,

Folder C:\windows\system64 has 2,705 files in it, most of which look like the contents of system32. Per your instructions, I ran ESET scanner. Log follows...

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\ProgramData\Microsoft\Windows\DRM\B9EF.tmp Win64/Olmarik.AH trojan

C:\ProgramData\Microsoft\Windows\DRM\BA2E.tmp Win64/Olmarik.AH trojan

C:\Users\All Users\Microsoft\Windows\DRM\B9EF.tmp Win64/Olmarik.AH trojan

C:\Users\All Users\Microsoft\Windows\DRM\BA2E.tmp Win64/Olmarik.AH trojan

C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675 Java/Agent.DW trojan

C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb Java/Exploit.CVE-2012-0507.E trojan

C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f a variant of Java/Exploit.CVE-2011-3544.AV trojan

C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe a variant of Win32/InstallMonetizer.AA application

C:\Users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe Win32/OpenCandy application

C:\Users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application

Link to post
Share on other sites

  • Staff

Hi,

Please run the following script:

(Allow ComboFix to update if it asks to do so)

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\ProgramData\Microsoft\Windows\DRM\B9EF.tmp
C:\ProgramData\Microsoft\Windows\DRM\BA2E.tmp
C:\Users\All Users\Microsoft\Windows\DRM\B9EF.tmp
C:\Users\All Users\Microsoft\Windows\DRM\BA2E.tmp
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f
C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe
C:\Users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe
C:\Users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

javaicon.jpgYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files Window[*]Click OK to leave the Java Control Panel.

NEXT

Please advise how your computer is running now and if there are any outstanding issues

Link to post
Share on other sites

Hi Catbyte,

ComboFix Script run, Log below. Adobe Reader X installed. Old Java deleted. New Java (JRE 6) installed. Temporary internet files deleted. Fawning gratitude sheepishly reiterated :)

ComboFix 12-04-03.02 - TwoSnoutMBA 04/04/2012 21:58:56.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2907 [GMT -4:00]

Running from: c:\users\TwoSnoutMBA\Desktop\ComboFix.exe

Command switches used :: c:\users\TwoSnoutMBA\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Microsoft\Windows\DRM\B9EF.tmp"

"c:\programdata\Microsoft\Windows\DRM\BA2E.tmp"

"c:\users\All Users\Microsoft\Windows\DRM\B9EF.tmp"

"c:\users\All Users\Microsoft\Windows\DRM\BA2E.tmp"

"c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675"

"c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb"

"c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f"

"c:\users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe"

"c:\users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe"

"c:\users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\B9EF.tmp

c:\programdata\Microsoft\Windows\DRM\BA2E.tmp

c:\users\All Users\Microsoft\Windows\DRM\B9EF.tmp

c:\users\All Users\Microsoft\Windows\DRM\BA2E.tmp

c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675

c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb

c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f

c:\users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe

c:\users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe

c:\users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))

.

.

2012-04-05 02:06 . 2012-04-05 02:06 -------- d-----w- c:\users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\temp

2012-04-05 02:06 . 2012-04-05 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-04 11:30 . 2012-04-04 11:30 -------- d-----w- c:\program files (x86)\ESET

2012-04-03 15:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBB7C0A-3135-4F01-981E-C8191426BD78}\mpengine.dll

2012-04-02 11:39 . 2012-04-02 11:39 0 ----a-w- c:\windows\SysWow64\shoB02C.tmp

2012-04-02 02:44 . 2012-04-02 04:07 -------- d-----w- C:\FRST

2012-04-01 16:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files\Carbonite

2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\programdata\Carbonite

2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files (x86)\Carbonite

2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\Malwarebytes

2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\programdata\Malwarebytes

2012-03-29 16:28 . 2012-04-01 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-29 14:24 . 2012-03-29 16:27 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-28 15:36 . 2012-03-28 15:36 -------- d-----we c:\windows\system64

2012-03-25 19:59 . 2007-05-21 00:05 20569 ----a-w- c:\windows\gsk7bui.exe

2012-03-25 19:59 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-03-25 19:57 . 2012-03-25 20:01 -------- d-----w- c:\program files (x86)\IBM

2012-03-25 19:54 . 2012-03-25 19:58 -------- d-----w- c:\programdata\IBM

2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\zubc

2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\program files (x86)\ZUBC

2012-03-22 18:33 . 2012-03-22 18:33 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org

2012-03-22 18:30 . 2012-03-22 18:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-03-18 15:55 . 2012-03-29 22:09 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Local\Google

2012-03-18 15:55 . 2012-03-18 15:55 -------- d-----w- c:\program files (x86)\Google

2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 11:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 11:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 11:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 14:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 14:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 14:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 14:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 14:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 14:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 14:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 14:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 14:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 14:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 13:20 . 2010-10-23 15:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-04-01 13:20 . 2010-07-13 22:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-04-01 13:19 . 2010-07-13 22:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-04-01 13:19 . 2010-07-13 22:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-01 02:58 . 2011-05-20 23:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 13:18 . 2010-08-06 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-03_15.58.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-03 16:27 . 2012-04-03 16:27 14211 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-04-03 15:52 . 2012-04-03 15:52 14211 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-07-05 15:58 . 2012-04-03 16:30 38882 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-05 02:10 39734 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-14 13:44 . 2012-04-05 02:10 15628 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308426390-700880266-2043658470-1001_UserData.bin

+ 2010-07-13 17:03 . 2012-04-04 23:47 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-13 17:03 . 2012-04-03 14:51 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-13 17:03 . 2012-04-03 14:51 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-07-13 17:03 . 2012-04-04 23:47 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-03 14:51 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-04 23:47 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-07-05 15:58 . 2012-04-03 16:30 38882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-05 02:10 39734 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-14 13:44 . 2012-04-05 02:10 15628 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308426390-700880266-2043658470-1001_UserData.bin

+ 2010-07-13 17:03 . 2012-04-04 23:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-13 17:03 . 2012-04-03 14:51 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-13 17:03 . 2012-04-03 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-07-13 17:03 . 2012-04-04 23:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-04 23:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-03 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-04-04 11:39 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-07-24 11:06 . 2012-04-05 02:07 6264 c:\windows\system64\wdi\ERCQueuedResolutions.dat

+ 2010-07-24 11:06 . 2012-04-05 02:07 6264 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-04-03 15:53 . 2012-04-03 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-03 16:28 . 2012-04-05 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-03 16:28 . 2012-04-05 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-03 15:53 . 2012-04-03 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2012-04-03 15:56 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-04-03 16:31 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-07-14 17:07 . 2012-04-05 01:41 302588 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-07-14 17:07 . 2012-04-05 01:41 302588 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-07-14 05:01 . 2012-04-03 16:27 446116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-02 12:05 446116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-04-03 16:31 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-03 15:56 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-03 15:56 11075584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-03 16:31 11075584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]

"Malwarebytes' Anti-Malware"="c:\pente\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]

S2 MBAMService;MBAMService;c:\pente\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]

"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-04-04 22:14:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-05 02:14

ComboFix2.txt 2012-04-03 16:03

.

Pre-Run: 31,426,105,344 bytes free

Post-Run: 31,349,108,736 bytes free

.

- - End Of File - - E872D6BE92ED0A6D0101C9E07E05DCBC

Link to post
Share on other sites

  • Staff

Hi,

We just have some housekeeping to do now,

You can delete the DDS and FRST logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:

    PC Safety and Security--What Do I Need?.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.