[SOLVED] SweetPack Virus Remnants

APGTheXeon · Apr 22, 2013

Hello there everybody,

I have removed a sweetpacks virus from my computer. I think I may have gotten it from a site that wanted me to disable adblock plus. Anyways I removed it, but am not sure all of it is gone. EDIT: "Forgot to mention that I ran TDSSkiller.exe(very handy to have) and it came up with nothing. Malwarebytes and Spybot also came up with nothing before and after I removed the virus. I also need that old Java version for work so that has to stay :/ . I think thats it here are the logs:"

Checkup.txt contents:

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 43
Java 7 Update 21
Java version out of Date!
Adobe Reader XI
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

DDS.txt Contents:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by MasterJain at 17:01:15 on 2013-04-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16291.13733 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C6366A38-AB00-11E2-A874-386077257B29}
uDefault_Page_URL = hxxp://nmd.msn.com
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C6366A38-AB00-11E2-A874-386077257B29}
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{21311AA7-C789-4BF7-BCB7-8DA643C40DFC} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4571B6A5-C356-4839-B540-2F5B9B097053} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-1 56208]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-4-1 25312]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-3-26 168544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-1 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2013-4-1 285152]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-4-5 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-12 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-1 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-7 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-5 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-5 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-1 1255736]
.
=============== Created Last 30 ================
.
2013-04-22 23:47:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-22 04:03:46 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E255C8E5-0FE0-45B3-8358-F4BB8D9A81ED}\mpengine.dll
2013-04-21 19:44:13 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-20 20:41:04 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2013-04-20 20:41:04 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2013-04-20 20:41:04 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2013-04-20 20:41:04 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2013-04-20 20:41:04 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2013-04-20 20:40:57 -------- d-----w- C:\ProgramData\EPSON
2013-04-20 20:38:43 -------- d-----w- C:\Program Files\EPSON
2013-04-20 20:38:28 101888 ----a-w- C:\Windows\System32\esxcwiad.dll
2013-04-20 20:38:28 -------- d-----w- C:\Program Files (x86)\epson
2013-04-20 19:15:05 -------- d-----w- C:\Users\MasterJain\AppData\Local\NBTExplorer
2013-04-20 18:27:33 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-20 18:25:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 18:29:15 544568 ----a-w- C:\Windows\System32\PROUnstl.exe
2013-04-19 18:00:31 -------- d-----w- C:\Windows\SysWow64\configg
2013-04-14 16:06:32 -------- d-----w- C:\Users\MasterJain\.thinkorswim
2013-04-14 04:42:02 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\HD Tune Pro
2013-04-14 04:41:58 -------- d-----w- C:\Program Files (x86)\HD Tune Pro
2013-04-13 23:33:37 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\ftblauncher
2013-04-13 21:46:48 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\Minecraft Version Changer
2013-04-13 21:33:45 -------- d-----w- C:\Users\MasterJain\AppData\Local\http___www.minecraftversi
2013-04-13 03:19:18 -------- d-----w- C:\Program Files\CPUID
2013-04-09 23:17:26 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-09 23:17:25 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-09 23:17:25 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-09 23:17:25 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-09 23:17:24 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-09 23:17:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-09 23:17:24 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-09 23:17:23 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-07 21:25:21 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-04-07 21:20:04 -------- d-----w- C:\Users\MasterJain\Tracing
2013-04-07 21:19:17 -------- d-----w- C:\Windows\en
2013-04-07 21:18:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-04-07 21:17:40 57856 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2013-04-07 21:17:26 -------- d-----w- C:\Windows\PCHEALTH
2013-04-07 21:15:47 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-04-07 21:15:47 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-04-07 21:15:47 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-04-07 21:15:47 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-04-07 21:15:47 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-04-07 21:15:47 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-04-07 21:15:35 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-04-07 21:15:35 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-04-07 21:14:10 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-04-07 21:14:10 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-04-07 21:09:58 -------- d-----w- C:\Users\MasterJain\AppData\Local\Windows Live
2013-04-07 05:08:48 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\HandBrake
2013-04-07 05:08:03 -------- d-----w- C:\Program Files\Handbrake
2013-04-07 04:37:36 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\eve Updater
2013-04-07 04:18:42 -------- d-----w- C:\Users\MasterJain\AppData\Local\Unity
2013-04-07 04:12:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-04-07 03:39:22 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FBE6BEF-822A-4519-8CEC-915C95F8B1EA}\gapaengine.dll
2013-04-07 03:36:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-04-07 03:36:26 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-04-06 22:12:16 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\PowerISO
2013-04-06 22:07:39 -------- d--h--w- C:\ProgramData\Common Files
2013-04-06 19:35:40 -------- d-----w- C:\Program Files\CCleaner
2013-04-06 06:00:47 -------- d-----w- C:\perflogs
2013-04-06 04:12:14 -------- d-----w- C:\Program Files (x86)\thinkTDA
2013-04-06 01:11:36 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-04-06 01:08:36 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-04-06 01:04:24 216576 ----a-w- C:\Windows\System32\ncsi.dll
2013-04-06 01:03:55 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-04-06 01:03:55 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-06 01:03:55 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-04-06 00:59:49 -------- d-----w- C:\Program Files (x86)\Steam
2013-04-06 00:28:43 20992 ----a-w- C:\Windows\System32\OpenCL.dll
2013-04-06 00:28:43 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2013-04-06 00:28:37 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-04-06 00:28:37 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2013-04-06 00:15:44 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-04-05 23:41:47 -------- d-----w- C:\Windows\System32\SPReview
2013-04-05 23:41:32 -------- d-----w- C:\Windows\System32\EventProviders
2013-04-05 23:39:59 754176 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-04-05 23:38:54 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2013-04-05 23:38:49 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2013-04-05 23:38:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2013-04-05 23:38:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2013-04-05 23:38:27 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-04-05 23:38:27 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-04-05 23:38:24 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-04-05 23:05:47 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-04-05 15:03:36 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\logs
2013-04-05 15:03:36 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\.techniclauncher
2013-04-05 14:58:58 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8827F02D-28E5-4217-B642-9E17B935765D}\mpengine.dll
2013-04-05 01:24:11 -------- d-----w- C:\Program Files (x86)\Citrix
2013-04-05 01:23:52 -------- d-----w- C:\Users\MasterJain\AppData\Local\Citrix
2013-04-04 22:50:31 -------- d-----w- C:\Users\MasterJain\.swt
2013-04-04 20:19:14 -------- d-----w- C:\Users\MasterJain\AppData\Local\Diagnostics
2013-04-04 17:22:44 -------- d-----w- C:\Users\MasterJain\AppData\Local\IsolatedStorage
2013-04-04 17:22:13 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\Intuit
2013-04-04 17:20:01 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2013-04-04 17:19:15 -------- d-----w- C:\Program Files (x86)\TurboTax
2013-04-04 17:18:50 -------- d-----w- C:\ProgramData\Intuit
2013-04-04 00:41:00 -------- d-----w- C:\Users\MasterJain\AppData\Local\ElevatedDiagnostics
2013-04-03 02:42:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-04-03 02:41:46 -------- d-----w- C:\Users\MasterJain\AppData\Local\Microsoft Help
2013-04-03 02:35:33 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\Juniper Networks
2013-04-02 21:50:38 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\.minecraft
2013-04-02 18:28:38 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-01 23:48:30 -------- d-----w- C:\Users\MasterJain\AppData\Local\LogMeIn Hamachi
2013-04-01 23:44:13 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-01 23:44:13 1092512 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-04-01 23:40:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-01 23:40:52 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-01 23:21:33 -------- d-----w- C:\Users\MasterJain\AppData\Local\PACE Anti-Piracy
2013-04-01 23:17:20 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-04-01 23:16:10 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-04-01 23:16:10 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-04-01 23:16:10 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-04-01 23:16:07 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-04-01 23:16:07 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-04-01 23:16:02 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-04-01 23:09:05 -------- d-----w- C:\Users\MasterJain\AppData\Local\Adobe
2013-04-01 23:02:24 -------- d-----w- C:\Users\MasterJain\AppData\Roaming\Malwarebytes
2013-04-01 23:02:18 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-01 23:02:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-01 23:02:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-01 22:58:34 -------- d-----w- C:\ProgramData\BlueSprig
2013-04-01 22:58:33 -------- d-----w- C:\Program Files (x86)\BlueSprig
2013-04-01 22:58:27 -------- d-----w- C:\Users\MasterJain\AppData\Local\Programs
2013-04-01 22:44:15 -------- d-----w- C:\Users\MasterJain\AppData\Local\Google
2013-04-01 22:43:54 -------- d-----w- C:\Users\MasterJain\AppData\Local\Deployment
2013-04-01 22:43:54 -------- d-----w- C:\Users\MasterJain\AppData\Local\Apps
2013-04-01 22:37:26 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-04-01 22:25:56 -------- d-----w- C:\Windows\SysWow64\Wat
2013-04-01 22:25:56 -------- d-----w- C:\Windows\System32\Wat
2013-04-01 22:25:13 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-04-01 21:51:10 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-04-01 21:51:10 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-04-01 21:51:10 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-04-01 21:51:10 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-04-01 21:34:13 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-04-01 21:34:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-04-01 21:34:13 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-04-01 21:34:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-04-01 21:34:13 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-04-01 21:34:13 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-04-01 21:32:40 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-04-01 21:32:40 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-04-01 21:32:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-04-01 21:32:40 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-04-01 21:32:40 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-04-01 21:32:40 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-04-01 21:32:40 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-04-01 21:27:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-04-01 21:27:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-04-01 21:27:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-04-01 21:27:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-04-01 21:27:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-04-01 21:17:42 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-01 21:16:56 1572864 ----a-w- C:\Windows\System32\quartz.dll
2013-04-01 21:15:56 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2013-04-01 21:15:56 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2013-04-01 21:15:56 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2013-04-01 21:15:53 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-04-01 21:15:53 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-04-01 21:15:51 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-04-01 21:15:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-04-01 21:15:46 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-04-01 21:12:51 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-04-01 21:12:51 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-04-01 21:12:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-04-01 21:12:51 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-04-01 21:12:51 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-04-01 21:12:51 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-04-01 21:00:01 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2013-04-01 21:00:01 2315776 ----a-w- C:\Windows\System32\tquery.dll
2013-04-01 21:00:01 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2013-04-01 21:00:01 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2013-04-01 21:00:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2013-04-01 20:57:10 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-04-01 20:57:10 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-04-01 20:57:05 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-04-01 20:57:05 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-04-01 20:57:02 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-04-01 20:55:14 642944 ----a-w- C:\Windows\System32\winload.efi
2013-04-01 20:53:47 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-04-01 20:53:47 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-04-01 20:52:11 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-04-01 20:52:11 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-04-01 20:52:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-04-01 20:52:09 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-04-01 20:52:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-04-01 20:52:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-04-01 20:52:09 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-04-01 20:52:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-04-01 20:51:55 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-04-01 20:51:55 974336 ----a-w- C:\Windows\System32\WFS.exe
2013-04-01 20:51:55 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-04-01 20:51:55 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2013-04-01 20:51:43 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-04-01 20:51:43 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-04-01 20:51:43 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-04-01 20:51:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-04-01 20:51:41 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-04-01 20:51:41 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-04-01 20:51:41 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-04-01 20:51:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-04-01 20:42:45 -------- d-----w- C:\Program Files (x86)\MonitorDriver
2013-04-01 20:41:40 77312 ----a-w- C:\Windows\System32\packager.dll
2013-04-01 20:41:40 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-04-01 20:39:10 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-01 20:38:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-04-01 20:38:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-04-01 20:38:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-04-01 20:36:13 -------- d-----w- C:\Samsung
2013-04-01 20:34:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-04-01 20:33:58 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-04-01 20:33:50 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-04-01 20:33:50 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-04-01 20:27:29 25312 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2013-04-01 20:27:26 96784 ----a-w- C:\Windows\SysWow64\Packet.dll
2013-04-01 20:27:26 53299 ----a-w- C:\Windows\SysWow64\pthreadVC.dll
2013-04-01 20:27:26 47632 ----a-w- C:\Windows\System32\drivers\npf.sys
2013-04-01 20:27:26 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
2013-04-01 20:27:26 -------- d-----w- C:\Program Files (x86)\NETGEAR
2013-04-01 20:12:00 -------- d-----w- C:\Users\MasterJain\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2013-04-05 23:45:18 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-04-05 23:45:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-03-22 17:14:30 279024 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2013-03-22 17:14:28 515568 ----a-w- C:\Windows\System32\igfxsrvc.exe
2013-03-22 17:14:28 442352 ----a-w- C:\Windows\System32\igfxpers.exe
2013-03-22 17:14:28 254960 ----a-w- C:\Windows\System32\igfxext.exe
2013-03-22 17:14:28 172016 ----a-w- C:\Windows\System32\igfxtray.exe
2013-03-22 17:14:26 5905904 ----a-w- C:\Windows\System32\GfxUI.exe
2013-03-22 17:14:26 399856 ----a-w- C:\Windows\System32\hkcmd.exe
2013-03-22 17:14:26 185840 ----a-w- C:\Windows\System32\difx64.exe
2013-03-12 22:10:52 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2013-03-12 22:10:52 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll
2013-03-12 22:10:24 116224 ----a-w- C:\Windows\System32\igfxCoIn_v3062.dll
2013-03-09 02:13:20 12858368 ----a-w- C:\Windows\System32\igd10umd64.dll
2013-03-09 02:12:10 11175424 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2013-03-09 02:10:18 80384 ----a-w- C:\Windows\System32\igdde64.dll
2013-03-09 02:10:18 5358016 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2013-03-09 02:10:18 12615680 ----a-w- C:\Windows\System32\igdumd64.dll
2013-03-09 02:10:12 11049472 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2013-03-09 02:10:10 64512 ----a-w- C:\Windows\SysWow64\igdde32.dll
2013-03-09 02:08:50 13030912 ----a-w- C:\Windows\System32\ig4icd64.dll
2013-03-09 02:06:48 931840 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2013-03-09 02:06:48 575488 ----a-w- C:\Windows\System32\igfx11cmrt64.dll
2013-03-09 02:06:48 542720 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll
2013-03-09 02:06:48 3511296 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2013-03-09 02:06:48 3121152 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2013-03-09 02:06:48 1040384 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-26 22:35:22 815832 ----a-w- C:\Windows\System32\ncs2dmix.dll
2013-02-26 22:35:20 792792 ----a-w- C:\Windows\System32\accesor.dll
2013-02-26 22:28:52 220888 ----a-w- C:\Windows\System32\ncs2instutility.dll
2013-02-26 22:27:06 3653848 ----a-w- C:\Windows\System32\ncscolib.dll
2013-02-21 10:40:52 33616 ----a-w- C:\Windows\System32\drivers\iqvw64e.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-21 05:14:03 495888 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 17:01:42.50 ===============

Attach.txt contents:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2013 1:11:16 PM
System Uptime: 4/22/2013 4:48:37 PM (1 hours ago)
.
Motherboard: Intel Corporation | | DH67BL
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1621.626 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 1863 GiB total, 714.809 GiB free.
J: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP47: 4/21/2013 1:09:34 PM - Device Driver Package Install: Microsoft Network adapters
RP48: 4/21/2013 7:10:54 PM - Windows Backup
RP49: 4/21/2013 9:03:24 PM - Windows Update
RP50: 4/22/2013 4:03:22 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Help Manager
Adobe Premiere Pro CS6
Adobe Reader XI (11.0.02)
Bing Bar
Bing Desktop
bl
CCleaner
CPUID HWMonitor 1.21
D3DX10
EPSON Printer Software
EPSON Scan
Google Chrome
Google Update Helper
GoToMeeting 5.5.0.1133
HandBrake 0.9.8
HD Tune Pro 5.00
Intel(R) Network Connections 18.1.59.0
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 17 (64-bit)
Java(TM) 6 Update 43
Java(TM) 6 Update 43 (64-bit)
JetBoost
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
Junk Mail filter update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NETGEAR WNA3100 wireless USB 2.0 adapter
Notepad++
ph
Photo Common
Photo Gallery
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.3
Source SDK Base 2007
Steam
System Requirements Lab for Intel
Team Fortress 2
thinkorswim from TD AMERITRADE
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC_CRT_x64
Void 1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
4/22/2013 4:35:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
4/22/2013 4:15:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
4/21/2013 9:07:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2013 9:07:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/21/2013 9:07:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/21/2013 9:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/21/2013 9:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/21/2013 9:07:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/21/2013 9:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/21/2013 9:07:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/21/2013 9:07:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2013 12:55:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/20/2013 12:55:16 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/20/2013 10:50:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/15/2013 4:10:40 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
.
==== End Of File ===========================

Alrighty then, hope to hear a reply soon thanks :) . O and by the way, I am working on those errors with the hard drive.

Regards,

TheXeon

Corrine · Apr 22, 2013

Hi, TheXeon. TDSSKiller isn't an all-purpose scanner and it is not likely that it would have shown anything related to SweetPack.

I hope that you can at disable Java unless needed:

For IE, in the Java Control Panel, click on the Security tab.

Uncheck Enable Java content in the browser.
Click Apply. (Approve any User Account Control/UAC prompt to provide permission to the change.)
Click OK in the Java Plug-in confirmation window.
Move the slider for the Security Level to Very High.
Restart the browser for changes to take effect.

With Chrome, you can disable it in the browser if you wish: Click the Chrome menu > Settings > Show advanced settings. In Privacy click Content Settings > Plug-ins > click Disable individual plug-ins > Scroll to the Java section > click Disable. Close and restart the browser to enable the changes.

Let's see if there are any SweetPack remnants.

1. Please download AdwCleaner by Xplode to your Desktop.

Double-click AdwCleaner.exe to run the tool.

Click Search.

A logfile will automatically open after the scan has finished.

Please post the contents of that logfile with your next response.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1

2. Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)

Turn off the real time scanner of any existing antivirus program while performing the online scan

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic.

APGTheXeon · Apr 25, 2013

Hello there sorry for the delay,

Here are the logs:
ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e8d55231c6ea67499a1e63f59da6fdb3
# engine=13689
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-25 03:12:44
# local_time=2013-04-24 08:12:44 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 671643 118403014 0 0
# scanned=174176
# found=1
# cleaned=0
# scan_time=4483
sh=57F90032DD4BE30758AA5DBC5E25816C798ED60B ft=1 fh=a76a8ed0f19fb746 vn="Win32/TopMedia.B application" ac=I fn="C:\Users\MasterJain\Downloads\Portal_2_Crack_Fix-SKIDROW_secure.exe"
I have confirmed that it was something my son downloaded and have deleted it immediately. He is saying he hasn't run it so thats good.

ADWCleaner:

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 12:46:10
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MasterJain - MASTERJAIN-PC
# Boot Mode : Normal
# Running from : C:\Users\MasterJain\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\MasterJain\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1561 octets] - [23/04/2013 12:46:10]

########## EOF - C:\AdwCleaner[R1].txt - [1621 octets] ##########
Ok I think thats it. Thank you.

Regards,

TheXeon

Corrine · Apr 25, 2013

Hi, TheXeon.

I hope you also lectured your son not only about the dangers of running cracked software on the computer but also that it is illegal.

The AdwCleaner log shows remnants of SweetPack, so please do the following:

Please rescan with AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save any open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

APGTheXeon · Apr 26, 2013

O trust me that boy is not getting close to this computer anytime soon lol,

Nice to see you again. I ran the scan and everything seems in order. Had a slight problem with .NET Frameworks, but it is all solved with a simple update/reinstall. I am currently having some problems with the computer freezing up that was happening before I got this virus. Do you see anything fishy in the logs? I had forgot to mention also that the TDSS killer mentioned above was just to verify that nothing had been infected, because this browserware is known for infecting computers with other viruses, so just making sure it wasn't a rootkit.

Corrine · Apr 26, 2013

Hi, TheXeon.

.NET Framework is no problem on some computers and problematic on others, with no particular pattern. When someone has had a problem with .NET Framework updates, I recommend installing those security updates separately from the other "Patch Tuesday" updates, with a shutdown/restart in between. It is something you may wish to consider.

AdwCleaner should have taken care of the leftover bits (i.e., your original log showed SweetPacks as a browser "start page"). However, to be sure, let's see if ComboFix sees anything else.

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

APGTheXeon · Apr 26, 2013

Hello there,

ComboFix Log:

ComboFix 13-04-26.01 - MasterJain 04/26/2013 15:58:16.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16291.14247 [GMT -7:00]
Running from: c:\users\MasterJain\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\MasterJain\AppData\Roaming\technic-launcher.jar
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-03-26 to 2013-04-26 )))))))))))))))))))))))))))))))
.
.
2013-04-26 22:00 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1817E06F-59C5-44DA-AA35-14FED00D45E2}\mpengine.dll
2013-04-26 01:29 . 2013-04-26 01:29 -------- d-----w- C:\Fraps
2013-04-25 20:18 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-23 20:49 . 2013-04-23 20:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 20:49 . 2013-04-23 20:49 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-23 20:49 . 2013-04-23 20:49 -------- d-----w- c:\windows\system32\Macromed
2013-04-23 19:54 . 2013-04-23 19:54 -------- d-----w- c:\program files (x86)\ESET
2013-04-23 19:45 . 2013-04-23 19:45 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37432DDB-3142-4F91-BA03-5B53757F87C2}\gapaengine.dll
2013-04-23 19:45 . 2013-04-07 03:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 19:40 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 23:47 . 2013-04-22 23:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-20 20:41 . 2006-10-31 07:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2013-04-20 20:41 . 2006-10-31 07:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2013-04-20 20:41 . 2006-10-20 07:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2013-04-20 20:41 . 2006-10-20 07:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2013-04-20 20:41 . 2006-10-20 07:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2013-04-20 20:40 . 2013-04-20 20:40 -------- d-----w- c:\programdata\EPSON
2013-04-20 20:38 . 2013-04-20 20:38 -------- d-----w- c:\program files\EPSON
2013-04-20 20:38 . 2013-04-20 20:38 -------- d-----w- c:\program files (x86)\epson
2013-04-20 20:38 . 2007-04-18 07:00 101888 ----a-w- c:\windows\system32\esxcwiad.dll
2013-04-20 18:27 . 2013-04-20 18:27 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-20 18:25 . 2013-04-20 18:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-20 18:25 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 18:29 . 2013-04-19 18:29 -------- d-----w- c:\program files\Intel
2013-04-19 18:29 . 2013-02-07 00:17 544568 ----a-w- c:\windows\system32\PROUnstl.exe
2013-04-19 18:00 . 2013-04-19 18:00 -------- d-----w- c:\windows\SysWow64\configg
2013-04-15 01:23 . 2013-04-15 01:23 -------- d-----w- c:\program files (x86)\Notepad++
2013-04-14 04:41 . 2013-04-14 04:41 -------- d-----w- c:\program files (x86)\HD Tune Pro
2013-04-13 03:19 . 2013-04-13 03:19 -------- d-----w- c:\program files\CPUID
2013-04-09 23:17 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 23:17 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 23:17 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 23:17 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 23:17 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 23:17 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 23:17 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 23:17 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-07 21:25 . 2013-04-07 21:25 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-04-07 21:19 . 2013-04-07 21:19 -------- d-----w- c:\windows\en
2013-04-07 21:18 . 2013-04-07 21:18 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-07 21:17 . 2013-04-07 21:17 -------- dc----w- c:\windows\system32\DRVSTORE
2013-04-07 21:17 . 2012-09-12 22:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-04-07 21:17 . 2013-04-07 21:17 -------- d-----w- c:\program files\Windows Live
2013-04-07 21:17 . 2013-04-07 21:17 -------- d-----w- c:\windows\PCHEALTH
2013-04-07 21:15 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-04-07 21:15 . 2010-06-02 11:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-04-07 21:15 . 2010-06-02 11:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-04-07 21:15 . 2010-06-02 11:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-04-07 21:15 . 2010-05-26 18:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-04-07 21:15 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-04-07 21:15 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-04-07 21:15 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-04-07 21:14 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-04-07 21:14 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-04-07 21:10 . 2013-04-07 21:10 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-04-07 21:10 . 2013-04-07 21:10 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\539259691ce33d407\skydrivesetup.exe
2013-04-07 21:10 . 2013-04-07 21:10 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-07 21:10 . 2013-04-07 21:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4dddb1c51ce33d404\DSETUP.dll
2013-04-07 21:10 . 2013-04-07 21:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4dddb1c51ce33d404\DXSETUP.exe
2013-04-07 21:10 . 2013-04-07 21:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4dddb1c51ce33d404\dsetup32.dll
2013-04-07 21:10 . 2013-04-07 21:10 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49eb331a1ce33d403\DSETUP.dll
2013-04-07 21:10 . 2013-04-07 21:10 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49eb331a1ce33d403\DXSETUP.exe
2013-04-07 21:10 . 2013-04-07 21:10 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49eb331a1ce33d403\dsetup32.dll
2013-04-07 21:10 . 2013-04-07 21:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4680f93d1ce33d401\DSETUP.dll
2013-04-07 21:10 . 2013-04-07 21:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4680f93d1ce33d401\DXSETUP.exe
2013-04-07 21:10 . 2013-04-07 21:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4680f93d1ce33d401\dsetup32.dll
2013-04-07 05:08 . 2013-04-07 05:08 -------- d-----w- c:\program files\Handbrake
2013-04-07 04:19 . 2013-04-07 04:19 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-07 04:19 . 2013-04-07 04:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-07 04:18 . 2013-04-07 04:18 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-07 04:12 . 2013-04-07 04:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-04-07 03:36 . 2013-04-07 03:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-04-07 03:36 . 2013-04-07 03:36 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-06 22:07 . 2013-04-06 22:07 -------- d--h--w- c:\programdata\Common Files
2013-04-06 19:35 . 2013-04-06 19:35 -------- d-----w- c:\program files\CCleaner
2013-04-06 06:00 . 2013-04-06 06:00 -------- d-----w- C:\perflogs
2013-04-06 04:12 . 2013-04-26 02:48 -------- d-----w- c:\program files (x86)\thinkTDA
2013-04-06 01:11 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-06 01:08 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-04-06 01:04 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-04-06 01:03 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-06 01:03 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-04-06 01:03 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-04-06 00:59 . 2013-04-26 22:53 -------- d-----w- c:\program files (x86)\Steam
2013-04-06 00:28 . 2013-04-06 00:28 -------- d-----w- c:\programdata\Intel
2013-04-06 00:28 . 2012-05-15 14:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2013-04-06 00:28 . 2012-05-15 14:13 20992 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-06 00:28 . 2012-05-15 13:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2013-04-06 00:28 . 2012-05-15 13:20 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-04-06 00:15 . 2011-02-28 15:09 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-04-05 23:41 . 2013-04-05 23:41 -------- d-----w- c:\windows\system32\SPReview
2013-04-05 23:41 . 2013-04-05 23:41 -------- d-----w- c:\windows\system32\EventProviders
2013-04-05 23:39 . 2010-11-20 13:27 754176 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2013-04-05 23:38 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-04-05 23:38 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-04-05 23:38 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-04-05 23:38 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-04-05 23:38 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-04-05 23:38 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-04-05 23:38 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-04-05 23:05 . 2013-04-05 23:05 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-04-05 14:58 . 2013-03-19 12:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8827F02D-28E5-4217-B642-9E17B935765D}\mpengine.dll
2013-04-05 01:24 . 2013-04-05 01:24 -------- d-----w- c:\program files (x86)\Citrix
2013-04-04 17:20 . 2013-04-04 17:20 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2013-04-04 17:19 . 2013-04-04 17:19 -------- d-----w- c:\program files (x86)\TurboTax
2013-04-04 17:18 . 2013-04-04 17:20 -------- d-----w- c:\programdata\Intuit
2013-04-03 02:43 . 2013-04-07 04:22 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-04-03 02:42 . 2013-04-03 02:42 -------- d-----w- c:\program files\Microsoft Office
2013-04-03 02:42 . 2013-04-03 02:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-04-03 02:41 . 2013-04-09 23:19 -------- d-----w- c:\programdata\Microsoft Help
2013-04-02 15:27 . 2013-04-03 02:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-04-01 23:44 . 2013-04-20 18:27 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-01 23:44 . 2013-04-20 18:27 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-01 23:44 . 2013-04-24 23:21 -------- d-----w- c:\program files\Java
2013-04-01 23:40 . 2013-04-04 12:35 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-01 23:40 . 2013-04-04 12:36 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-01 23:40 . 2013-04-24 23:22 -------- d-----w- c:\program files (x86)\Java
2013-04-01 23:17 . 2013-04-01 23:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-04-01 23:16 . 2011-11-03 10:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-04-01 23:16 . 2011-10-17 10:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-04-01 23:16 . 2011-10-17 10:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-04-01 23:16 . 2013-04-01 23:16 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-04-01 23:16 . 2013-04-01 23:16 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-04-01 23:16 . 2013-04-01 23:16 -------- d-----w- c:\program files (x86)\My Company Name
2013-04-01 23:15 . 2013-04-01 23:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 23:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-04-05 23:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-22 17:14 . 2013-03-22 17:14 279024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-22 17:14 . 2013-03-22 17:14 515568 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-03-22 17:14 . 2013-03-22 17:14 442352 ----a-w- c:\windows\system32\igfxpers.exe
2013-03-22 17:14 . 2013-03-22 17:14 254960 ----a-w- c:\windows\system32\igfxext.exe
2013-03-22 17:14 . 2013-03-22 17:14 172016 ----a-w- c:\windows\system32\igfxtray.exe
2013-03-22 17:14 . 2013-03-22 17:14 5905904 ----a-w- c:\windows\system32\GfxUI.exe
2013-03-22 17:14 . 2013-03-22 17:14 399856 ----a-w- c:\windows\system32\hkcmd.exe
2013-03-22 17:14 . 2013-03-22 17:14 185840 ----a-w- c:\windows\system32\difx64.exe
2013-03-12 22:10 . 2013-03-12 22:10 342528 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2013-03-12 22:10 . 2013-03-12 22:10 16896 ----a-w- c:\windows\system32\IntcDAuC.dll
2013-03-12 22:10 . 2013-03-12 22:10 116224 ----a-w- c:\windows\system32\igfxCoIn_v3062.dll
2013-03-09 02:13 . 2012-12-14 09:42 12858368 ----a-w- c:\windows\system32\igd10umd64.dll
2013-03-09 02:12 . 2013-03-09 02:12 11175424 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2013-03-09 02:10 . 2013-03-09 02:10 80384 ----a-w- c:\windows\system32\igdde64.dll
2013-03-09 02:10 . 2013-03-09 02:10 5358016 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2013-03-09 02:10 . 2013-03-09 02:10 12615680 ----a-w- c:\windows\system32\igdumd64.dll
2013-03-09 02:10 . 2013-03-09 02:10 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
2013-03-09 02:10 . 2013-03-09 02:10 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2013-03-09 02:09 . 2013-03-09 02:09 9007616 ----a-w- c:\windows\system32\igfxress.dll
2013-03-09 02:09 . 2013-03-09 02:09 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-03-09 02:09 . 2013-03-09 02:09 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-03-09 02:09 . 2013-03-09 02:09 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-03-09 02:09 . 2013-03-09 02:09 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-03-09 02:09 . 2013-03-09 02:09 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-03-09 02:09 . 2013-03-09 02:09 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-03-09 02:09 . 2012-12-14 09:42 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-03-09 02:09 . 2013-03-09 02:09 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2013-03-09 02:09 . 2013-03-09 02:09 442880 ----a-w- c:\windows\system32\igfxdev.dll
2013-03-09 02:09 . 2013-03-09 02:09 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2013-03-09 02:09 . 2013-03-09 02:09 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-03-09 02:09 . 2013-03-09 02:09 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2013-03-09 02:09 . 2013-03-09 02:09 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-03-09 02:09 . 2013-03-09 02:09 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-03-09 02:09 . 2013-03-09 02:09 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2013-03-09 02:09 . 2013-03-09 02:09 384512 ----a-w- c:\windows\system32\igfxpph.dll
2013-03-09 02:09 . 2013-03-09 02:09 28672 ----a-w- c:\windows\system32\igfxexps.dll
2013-03-09 02:09 . 2013-03-09 02:09 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-03-09 02:09 . 2013-03-09 02:09 175104 ----a-w- c:\windows\system32\gfxSrvc.dll
2013-03-09 02:09 . 2013-03-09 02:09 142336 ----a-w- c:\windows\system32\igfxdo.dll
2013-03-09 02:09 . 2013-03-09 02:09 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-03-09 02:09 . 2012-12-14 09:42 110592 ----a-w- c:\windows\system32\hccutils.dll
2013-03-09 02:09 . 2013-03-09 02:09 330752 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2013-03-09 02:09 . 2013-03-09 02:09 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2013-03-09 02:09 . 2013-03-09 02:09 10811904 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2013-03-09 02:08 . 2013-03-09 02:08 13030912 ----a-w- c:\windows\system32\ig4icd64.dll
2013-03-09 02:06 . 2013-03-09 02:06 931840 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2013-03-09 02:06 . 2013-03-09 02:06 575488 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2013-03-09 02:06 . 2013-03-09 02:06 542720 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2013-03-09 02:06 . 2013-03-09 02:06 3511296 ----a-w- c:\windows\system32\igfxcmjit64.dll
2013-03-09 02:06 . 2013-03-09 02:06 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2013-03-09 02:06 . 2013-03-09 02:06 1040384 ----a-w- c:\windows\system32\igfxcmrt64.dll
2013-02-26 22:35 . 2013-02-26 22:35 815832 ----a-w- c:\windows\system32\ncs2dmix.dll
2013-02-26 22:35 . 2013-02-26 22:35 792792 ----a-w- c:\windows\system32\accesor.dll
2013-02-26 22:28 . 2013-02-26 22:28 220888 ----a-w- c:\windows\system32\ncs2instutility.dll
2013-02-26 22:27 . 2013-02-26 22:27 3653848 ----a-w- c:\windows\system32\ncscolib.dll
2013-02-26 06:31 . 2013-02-26 06:31 71680 ----a-w- c:\windows\system32\frapsv64.dll
2013-02-26 06:31 . 2013-02-26 06:31 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2013-02-21 10:40 . 2013-02-21 10:40 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2013-02-21 05:14 . 2013-03-11 16:22 495888 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2013-02-12 05:45 . 2013-04-06 01:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-06 01:04 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-06 01:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-06 01:04 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-06 01:04 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-06 01:04 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:10 220632 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:10 220632 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:10 220632 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-24 1634216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-03-27 2387040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2013-4-1 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-27 285152]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-01 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-03-27 168544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2013-01-03 183200]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:51 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-23 20:49]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01 22:44]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01 22:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:10 244696 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:10 244696 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:10 244696 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-13 13263072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C6366A38-AB00-11E2-A874-386077257B29}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-04-26 16:07:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-26 23:07
.
Pre-Run: 1,743,505,096,704 bytes free
Post-Run: 1,742,949,642,240 bytes free
.
- - End Of File - - 66338BF46B3C4865DCBDD8C3075592DC

Corrine · Apr 26, 2013

Hi, TheXeon.

That helped but there is one stubborn SweetPack item I'm still seeing. So, let's take it out with ComboFix and then I'll have you run one other tool just to be sure you're finished with it.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code:

DDS::
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C6366A38-AB00-11E2-A874-386077257B29}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C6366A38-AB00-11E2-A874-386077257B29}

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next, please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

APGTheXeon · Apr 27, 2013

Hello there

ComboFix+CFScript.txt:

ComboFix 13-04-26.01 - MasterJain 04/26/2013 21:20:18.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16291.14461 [GMT -7:00]
Running from: c:\users\MasterJain\Desktop\ComboFix.exe
Command switches used :: c:\users\MasterJain\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))
.
.
2013-04-27 04:23 . 2013-04-27 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-26 23:13 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5676047-497A-4D2E-BA7C-972CA05F85CD}\mpengine.dll
2013-04-26 23:12 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-26 01:29 . 2013-04-26 01:29 -------- d-----w- C:\Fraps
2013-04-23 20:49 . 2013-04-23 20:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 20:49 . 2013-04-23 20:49 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-23 20:49 . 2013-04-23 20:49 -------- d-----w- c:\windows\system32\Macromed
2013-04-23 19:54 . 2013-04-23 19:54 -------- d-----w- c:\program files (x86)\ESET
2013-04-23 19:45 . 2013-04-23 19:45 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37432DDB-3142-4F91-BA03-5B53757F87C2}\gapaengine.dll
2013-04-23 19:45 . 2013-04-07 03:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 19:40 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 23:47 . 2013-04-22 23:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-20 20:41 . 2006-10-31 07:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2013-04-20 20:41 . 2006-10-31 07:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2013-04-20 20:41 . 2006-10-20 07:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2013-04-20 20:41 . 2006-10-20 07:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2013-04-20 20:41 . 2006-10-20 07:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2013-04-20 20:40 . 2013-04-20 20:40 -------- d-----w- c:\programdata\EPSON
2013-04-20 20:38 . 2013-04-20 20:38 -------- d-----w- c:\program files\EPSON
2013-04-20 20:38 . 2013-04-20 20:38 -------- d-----w- c:\program files (x86)\epson
2013-04-20 20:38 . 2007-04-18 07:00 101888 ----a-w- c:\windows\system32\esxcwiad.dll
2013-04-20 18:27 . 2013-04-20 18:27 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-20 18:25 . 2013-04-20 18:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-20 18:25 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 18:29 . 2013-04-19 18:29 -------- d-----w- c:\program files\Intel
2013-04-19 18:29 . 2013-02-07 00:17 544568 ----a-w- c:\windows\system32\PROUnstl.exe
2013-04-19 18:00 . 2013-04-19 18:00 -------- d-----w- c:\windows\SysWow64\configg
2013-04-15 01:23 . 2013-04-15 01:23 -------- d-----w- c:\program files (x86)\Notepad++
2013-04-14 04:41 . 2013-04-14 04:41 -------- d-----w- c:\program files (x86)\HD Tune Pro
2013-04-13 03:19 . 2013-04-13 03:19 -------- d-----w- c:\program files\CPUID
2013-04-09 23:17 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 23:17 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 23:17 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 23:17 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 23:17 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 23:17 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 23:17 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 23:17 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-07 21:25 . 2013-04-07 21:25 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-04-07 21:19 . 2013-04-07 21:19 -------- d-----w- c:\windows\en
2013-04-07 21:18 . 2013-04-07 21:18 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-07 21:17 . 2013-04-07 21:17 -------- dc----w- c:\windows\system32\DRVSTORE
2013-04-07 21:17 . 2012-09-12 22:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-04-07 21:17 . 2013-04-07 21:17 -------- d-----w- c:\program files\Windows Live
2013-04-07 21:17 . 2013-04-07 21:17 -------- d-----w- c:\windows\PCHEALTH
2013-04-07 21:15 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-04-07 21:15 . 2010-06-02 11:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-04-07 21:15 . 2010-06-02 11:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-04-07 21:15 . 2010-06-02 11:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-04-07 21:15 . 2010-05-26 18:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-04-07 21:15 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-04-07 21:15 . 2010-05-26 18:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-04-07 21:15 . 2010-05-26 18:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-04-07 21:14 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-04-07 21:14 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-04-07 21:10 . 2013-04-07 21:10 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-04-07 21:10 . 2013-04-07 21:10 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\539259691ce33d407\skydrivesetup.exe
2013-04-07 21:10 . 2013-04-07 21:10 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-07 21:10 . 2013-04-07 21:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4dddb1c51ce33d404\DSETUP.dll
2013-04-07 21:10 . 2013-04-07 21:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4dddb1c51ce33d404\DXSETUP.exe
2013-04-07 21:10 . 2013-04-07 21:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4dddb1c51ce33d404\dsetup32.dll
2013-04-07 21:10 . 2013-04-07 21:10 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49eb331a1ce33d403\DSETUP.dll
2013-04-07 21:10 . 2013-04-07 21:10 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49eb331a1ce33d403\DXSETUP.exe
2013-04-07 21:10 . 2013-04-07 21:10 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49eb331a1ce33d403\dsetup32.dll
2013-04-07 21:10 . 2013-04-07 21:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4680f93d1ce33d401\DSETUP.dll
2013-04-07 21:10 . 2013-04-07 21:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4680f93d1ce33d401\DXSETUP.exe
2013-04-07 21:10 . 2013-04-07 21:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4680f93d1ce33d401\dsetup32.dll
2013-04-07 05:08 . 2013-04-07 05:08 -------- d-----w- c:\program files\Handbrake
2013-04-07 04:19 . 2013-04-07 04:19 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-07 04:19 . 2013-04-07 04:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-07 04:18 . 2013-04-07 04:18 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-07 04:12 . 2013-04-07 04:12 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-04-07 03:36 . 2013-04-07 03:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-04-07 03:36 . 2013-04-07 03:36 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-06 22:07 . 2013-04-06 22:07 -------- d--h--w- c:\programdata\Common Files
2013-04-06 19:35 . 2013-04-06 19:35 -------- d-----w- c:\program files\CCleaner
2013-04-06 06:00 . 2013-04-06 06:00 -------- d-----w- C:\perflogs
2013-04-06 04:12 . 2013-04-26 02:48 -------- d-----w- c:\program files (x86)\thinkTDA
2013-04-06 01:11 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-06 01:08 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-04-06 01:04 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-04-06 01:03 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-06 01:03 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-04-06 01:03 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-04-06 00:59 . 2013-04-27 04:06 -------- d-----w- c:\program files (x86)\Steam
2013-04-06 00:28 . 2013-04-06 00:28 -------- d-----w- c:\programdata\Intel
2013-04-06 00:28 . 2012-05-15 14:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2013-04-06 00:28 . 2012-05-15 14:13 20992 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-06 00:28 . 2012-05-15 13:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2013-04-06 00:28 . 2012-05-15 13:20 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-04-06 00:15 . 2011-02-28 15:09 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-04-05 23:41 . 2013-04-05 23:41 -------- d-----w- c:\windows\system32\SPReview
2013-04-05 23:41 . 2013-04-05 23:41 -------- d-----w- c:\windows\system32\EventProviders
2013-04-05 23:39 . 2010-11-20 13:27 754176 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2013-04-05 23:38 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-04-05 23:38 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-04-05 23:38 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-04-05 23:38 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-04-05 23:38 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-04-05 23:38 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-04-05 23:38 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-04-05 23:05 . 2013-04-05 23:05 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-04-05 14:58 . 2013-03-19 12:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8827F02D-28E5-4217-B642-9E17B935765D}\mpengine.dll
2013-04-05 01:24 . 2013-04-05 01:24 -------- d-----w- c:\program files (x86)\Citrix
2013-04-04 17:20 . 2013-04-04 17:20 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2013-04-04 17:19 . 2013-04-04 17:19 -------- d-----w- c:\program files (x86)\TurboTax
2013-04-04 17:18 . 2013-04-04 17:20 -------- d-----w- c:\programdata\Intuit
2013-04-03 02:43 . 2013-04-07 04:22 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-04-03 02:42 . 2013-04-03 02:42 -------- d-----w- c:\program files\Microsoft Office
2013-04-03 02:42 . 2013-04-03 02:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-04-03 02:41 . 2013-04-09 23:19 -------- d-----w- c:\programdata\Microsoft Help
2013-04-02 15:27 . 2013-04-03 02:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-04-01 23:44 . 2013-04-20 18:27 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-01 23:44 . 2013-04-20 18:27 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-01 23:44 . 2013-04-24 23:21 -------- d-----w- c:\program files\Java
2013-04-01 23:40 . 2013-04-04 12:35 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-01 23:40 . 2013-04-04 12:36 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-01 23:40 . 2013-04-24 23:22 -------- d-----w- c:\program files (x86)\Java
2013-04-01 23:17 . 2013-04-01 23:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-04-01 23:16 . 2011-11-03 10:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-04-01 23:16 . 2011-10-17 10:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-04-01 23:16 . 2011-10-17 10:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-04-01 23:16 . 2013-04-01 23:16 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-04-01 23:16 . 2013-04-01 23:16 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-04-01 23:16 . 2013-04-01 23:16 -------- d-----w- c:\program files (x86)\My Company Name
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 23:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-04-05 23:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-22 17:14 . 2013-03-22 17:14 279024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-22 17:14 . 2013-03-22 17:14 515568 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-03-22 17:14 . 2013-03-22 17:14 442352 ----a-w- c:\windows\system32\igfxpers.exe
2013-03-22 17:14 . 2013-03-22 17:14 254960 ----a-w- c:\windows\system32\igfxext.exe
2013-03-22 17:14 . 2013-03-22 17:14 172016 ----a-w- c:\windows\system32\igfxtray.exe
2013-03-22 17:14 . 2013-03-22 17:14 5905904 ----a-w- c:\windows\system32\GfxUI.exe
2013-03-22 17:14 . 2013-03-22 17:14 399856 ----a-w- c:\windows\system32\hkcmd.exe
2013-03-22 17:14 . 2013-03-22 17:14 185840 ----a-w- c:\windows\system32\difx64.exe
2013-03-12 22:10 . 2013-03-12 22:10 342528 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2013-03-12 22:10 . 2013-03-12 22:10 16896 ----a-w- c:\windows\system32\IntcDAuC.dll
2013-03-12 22:10 . 2013-03-12 22:10 116224 ----a-w- c:\windows\system32\igfxCoIn_v3062.dll
2013-03-09 02:13 . 2012-12-14 09:42 12858368 ----a-w- c:\windows\system32\igd10umd64.dll
2013-03-09 02:12 . 2013-03-09 02:12 11175424 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2013-03-09 02:10 . 2013-03-09 02:10 80384 ----a-w- c:\windows\system32\igdde64.dll
2013-03-09 02:10 . 2013-03-09 02:10 5358016 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2013-03-09 02:10 . 2013-03-09 02:10 12615680 ----a-w- c:\windows\system32\igdumd64.dll
2013-03-09 02:10 . 2013-03-09 02:10 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll
2013-03-09 02:10 . 2013-03-09 02:10 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2013-03-09 02:09 . 2013-03-09 02:09 9007616 ----a-w- c:\windows\system32\igfxress.dll
2013-03-09 02:09 . 2013-03-09 02:09 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-03-09 02:09 . 2013-03-09 02:09 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-03-09 02:09 . 2013-03-09 02:09 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-03-09 02:09 . 2013-03-09 02:09 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-03-09 02:09 . 2013-03-09 02:09 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-03-09 02:09 . 2013-03-09 02:09 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-03-09 02:09 . 2012-12-14 09:42 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-03-09 02:09 . 2013-03-09 02:09 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2013-03-09 02:09 . 2013-03-09 02:09 442880 ----a-w- c:\windows\system32\igfxdev.dll
2013-03-09 02:09 . 2013-03-09 02:09 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2013-03-09 02:09 . 2013-03-09 02:09 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-03-09 02:09 . 2013-03-09 02:09 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-03-09 02:09 . 2013-03-09 02:09 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-03-09 02:09 . 2013-03-09 02:09 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2013-03-09 02:09 . 2013-03-09 02:09 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-03-09 02:09 . 2013-03-09 02:09 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-03-09 02:09 . 2013-03-09 02:09 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2013-03-09 02:09 . 2013-03-09 02:09 384512 ----a-w- c:\windows\system32\igfxpph.dll
2013-03-09 02:09 . 2013-03-09 02:09 28672 ----a-w- c:\windows\system32\igfxexps.dll
2013-03-09 02:09 . 2013-03-09 02:09 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-03-09 02:09 . 2013-03-09 02:09 175104 ----a-w- c:\windows\system32\gfxSrvc.dll
2013-03-09 02:09 . 2013-03-09 02:09 142336 ----a-w- c:\windows\system32\igfxdo.dll
2013-03-09 02:09 . 2013-03-09 02:09 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-03-09 02:09 . 2012-12-14 09:42 110592 ----a-w- c:\windows\system32\hccutils.dll
2013-03-09 02:09 . 2013-03-09 02:09 330752 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2013-03-09 02:09 . 2013-03-09 02:09 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2013-03-09 02:09 . 2013-03-09 02:09 10811904 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2013-03-09 02:08 . 2013-03-09 02:08 13030912 ----a-w- c:\windows\system32\ig4icd64.dll
2013-03-09 02:06 . 2013-03-09 02:06 931840 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2013-03-09 02:06 . 2013-03-09 02:06 575488 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2013-03-09 02:06 . 2013-03-09 02:06 542720 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2013-03-09 02:06 . 2013-03-09 02:06 3511296 ----a-w- c:\windows\system32\igfxcmjit64.dll
2013-03-09 02:06 . 2013-03-09 02:06 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2013-03-09 02:06 . 2013-03-09 02:06 1040384 ----a-w- c:\windows\system32\igfxcmrt64.dll
2013-02-26 22:35 . 2013-02-26 22:35 815832 ----a-w- c:\windows\system32\ncs2dmix.dll
2013-02-26 22:35 . 2013-02-26 22:35 792792 ----a-w- c:\windows\system32\accesor.dll
2013-02-26 22:28 . 2013-02-26 22:28 220888 ----a-w- c:\windows\system32\ncs2instutility.dll
2013-02-26 22:27 . 2013-02-26 22:27 3653848 ----a-w- c:\windows\system32\ncscolib.dll
2013-02-26 06:31 . 2013-02-26 06:31 71680 ----a-w- c:\windows\system32\frapsv64.dll
2013-02-26 06:31 . 2013-02-26 06:31 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2013-02-21 10:40 . 2013-02-21 10:40 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2013-02-21 05:14 . 2013-03-11 16:22 495888 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2013-02-12 05:45 . 2013-04-06 01:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-06 01:04 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-06 01:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-06 01:04 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-06 01:04 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-06 01:04 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:10 220632 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:10 220632 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:10 220632 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-24 1634216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-03-27 2387040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2013-4-1 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-27 285152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-01 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-03-27 168544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2013-01-03 183200]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 22:51 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-23 20:49]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01 22:44]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-01 22:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:10 244696 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:10 244696 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:10 244696 ----a-w- c:\users\MasterJain\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-13 13263072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C6366A38-AB00-11E2-A874-386077257B29}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-26 21:24:55
ComboFix-quarantined-files.txt 2013-04-27 04:24
ComboFix2.txt 2013-04-26 23:07
.
Pre-Run: 1,742,573,199,360 bytes free
Post-Run: 1,742,274,109,440 bytes free
.
- - End Of File - - 0C843E62C229038429F716D619EDD287

JunkWare:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.0 (04.26.2013:1)
OS: Windows 7 Home Premium x64
Ran by MasterJain on Fri 04/26/2013 at 21:27:58.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/26/2013 at 21:29:34.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There you are, hope everything is gone.

Corrine · Apr 27, 2013

Indeed, TheXeon, that finally did the trick!

Let's clean up the tools that we used.

You should not need TDSSKiller on a regular basis and would be better off removing it from your computer, getting a fresh copy should it be needed.
Delete Security Check from your desktop.
Delete the Junkware Removal Tool from your desktop.
Do the following to uninstall AdwCleaner.
- Double-click AdwCleaner.exe to run the tool.
- Click Uninstall
- Confirm with yes
Please do the following to implement cleanup procedures an also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK: ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

You have done a good job of keeping third-party software updated. Caution is advised with Oracle Java. I hope the program you use for work that requires JRE 6 is updated so you can remove it from your computer.

As I know you are well aware of the importance of Microsoft Security Updates, I won't belabor that point. :) If you have any questions, please let me know.

APGTheXeon · Apr 27, 2013

Hello there,

Thanks for all the help. This was a nice and easy fix. I have uninstalled all of java 6 and have my programs ported to Java 7. Is there anything fishy in there I need to know about? I am currently having a little problem with occasional freezes and such.

Thanks,

TheXeon

Corrine · Apr 27, 2013

You're welcome.

Other than yet additional vulnerabilities having been found in the recently released Java 7 update, no I did not notice anything fishy to be concerned about from a security point of view. Gathering that this is the same computer that you're getting help with in your Crashing Problem topic, it is best to deal with those issues in there.

APGTheXeon · Apr 27, 2013

Thank you for the help, I think thats it.

Regards

TheXeon

Corrine · Apr 27, 2013

You're welcome.

I'll mark this topic solved. Hopefully the source of the freezing issue will be resolved in your other topic.

Search

Search

[SOLVED] SweetPack Virus Remnants

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

APGTheXeon

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

[SOLVED] SweetPack Virus Remnants

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst