I have no idea what I'm infected with

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

I have no idea what I'm infected with1st May 2012, 3:51 pm

As the title of the thread states, I have no idea what I'm infected with.

When I attempt to run some (note, not all) *.exe files (in this example I'll use "install_reader10_en_mssd_aih.exe" - the executable to install Acrobat Reader), the "Open File - Security Warning" box pops up, and I select "Run".

I have no idea what I'm infected with 1-1

Then, comes the expected UAC prompt, to which I click yes.

Immediately following that, the "install_reader10_en_mssd_aih.exe" file disappears from my desktop. I've check to see if it goes to the Recycling Bin, and it doesn't.

The install program doesn't run. No application starts in the Task Manager, however a process does run, for about 20 seconds.

I have no idea what I'm infected with 2

I've checked Norton, it isn't flagging the file and quarantining it or anything else crazy.

I'm running Windows 7 Version 6.1 (Build 7601: Service Pack 1) and Norton Antivirus 19.7.0.9.
Hardware system specs (if at all pertinent) can be found in my profile.

I've already installed and scanned with Malwarebytes Anti-Malware before I even found myself here, as well as with Spybot S&D, and came up with no positive threats (false or otherwise).

The following posts will contain the log files requested by the "Read This Before Posting" thread (split into multiple posts thanks to the character limit).

Any help or insight anyone has to offer would be much appreciated.

Re: I have no idea what I'm infected with1st May 2012, 3:54 pm

From OTL.scr:

OTL.txt

Spoiler :

OTL logfile created on: 5/1/2012 09:43:30 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Buchkowski Lumber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.40% Memory free
7.83 Gb Paging File | 6.39 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.31 Gb Total Space | 45.76 Gb Free Space | 61.59% Space Free | Partition Type: NTFS

Computer Name: NEWBACK | User Name: Buchkowski Lumber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 09:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.scr
PRC - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe
PRC - [2012/03/14 11:14:52 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/03/14 10:19:46 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/12 23:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 10:02:42 | 000,257,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\WTS Paradigm\BaseCamp\BaseCampService.exe -- (WTS Paradigm Base Camp)
SRV - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe -- (NAV)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/03/14 10:19:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/27 11:26:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 01:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 01:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 01:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 01:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 17:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/01 07:25:15 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120430.033\ex64.sys -- (NAVEX15)
DRV - [2012/05/01 07:25:15 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120430.033\eng64.sys -- (NAVENG)
DRV - [2012/04/30 07:23:57 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/04/28 00:46:16 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/27 19:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120428.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 01:34:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 12 BE B3 18 22 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {F7E3F14A-C3D0-4DB7-9A8C-A909F4144B35}
IE - HKCU\..\SearchScopes\{F7E3F14A-C3D0-4DB7-9A8C-A909F4144B35}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/04/27 11:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/24 08:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/24 08:05:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buchkowski Lumber\AppData\Roaming\Mozilla\Extensions
[2012/04/27 08:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buchkowski Lumber\AppData\Roaming\Mozilla\Firefox\Profiles\3v9l1h0d.default\extensions
[2012/04/24 08:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/27 11:26:54 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ips\ipsbho.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.104.96.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBA4DD1-89FB-40DD-8FC3-87897BBF33A7}: DhcpNameServer = 75.104.96.61
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 09:40:50 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.exe
[2012/05/01 09:40:48 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.scr
[2012/05/01 08:38:29 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Malwarebytes
[2012/05/01 08:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/01 08:38:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/01 08:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/01 08:34:01 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Buchkowski Lumber\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/30 10:23:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012/04/27 12:38:16 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.sys
[2012/04/27 12:38:16 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.sys
[2012/04/27 12:38:16 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.sys
[2012/04/27 12:38:16 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnets.sys
[2012/04/27 12:38:16 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ironx64.sys
[2012/04/27 12:38:16 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.sys
[2012/04/27 12:38:16 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.sys
[2012/04/27 12:38:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009
[2012/04/27 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/04/27 11:30:43 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Macromedia
[2012/04/27 11:28:15 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\Documents\Symantec
[2012/04/27 11:26:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/04/27 11:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/04/27 11:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/04/27 11:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/04/27 11:25:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/04/27 11:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/04/27 11:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/04/27 10:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/04/27 10:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/04/27 10:29:47 | 000,784,784 | ---- | C] (Solid State Networks) -- C:\Users\Buchkowski Lumber\Desktop\install_reader10_en_mssd_aih.exe
[2012/04/27 10:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/27 10:22:44 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\Documents\Simply Super Software
[2012/04/27 08:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/27 08:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/26 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\PDF Writer
[2012/04/26 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\PDF Writer
[2012/04/26 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2012/04/26 17:01:00 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll
[2012/04/26 17:01:00 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[2012/04/26 17:01:00 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll
[2012/04/26 17:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2012/04/26 17:00:58 | 000,215,040 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll
[2012/04/26 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/04/26 15:09:23 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\shimgvw.dll
[2012/04/26 13:54:11 | 000,000,000 | -H-D | C] -- C:\Users\Buchkowski Lumber\Desktop\new folder
[2012/04/26 13:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/04/26 13:29:33 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Paint.NET
[2012/04/26 12:56:43 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Adobe
[2012/04/26 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/26 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Intuit
[2012/04/26 10:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intuit
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2012/04/26 10:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2012/04/26 10:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2012/04/26 10:38:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/04/26 10:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/26 10:29:46 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2012/04/26 08:17:21 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Diagnostics
[2012/04/26 08:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/26 08:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/25 10:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WTS Paradigm
[2012/04/25 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolbe
[2012/04/25 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kolbe
[2012/04/24 14:49:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/24 14:49:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/24 14:49:06 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/24 14:49:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/24 14:49:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/24 14:49:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/24 14:49:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/24 14:49:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/24 14:49:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/24 14:49:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/24 14:49:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/24 13:28:07 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/24 13:28:07 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/24 13:28:07 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/24 13:28:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/24 13:28:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/24 13:28:07 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/24 13:28:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/24 13:27:01 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/04/24 13:27:01 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/04/24 13:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/04/24 13:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/04/24 13:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/04/24 13:04:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/04/24 12:27:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/24 12:27:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/24 12:27:17 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/24 12:27:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/24 12:27:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/24 12:27:17 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/24 12:27:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/24 12:27:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/24 12:27:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/24 12:27:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/24 12:27:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/24 12:27:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/24 12:27:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/24 12:27:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/24 12:27:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/24 12:27:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/24 12:27:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/24 12:27:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/24 12:27:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/24 12:27:17 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/24 12:27:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/24 12:27:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/24 12:27:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/24 12:27:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/24 12:27:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/24 12:27:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/24 12:27:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/24 12:27:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/24 12:27:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/24 12:27:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/24 12:27:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/24 12:27:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/24 12:27:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/24 12:27:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/24 12:27:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/24 12:27:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/24 12:27:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/24 12:27:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/24 12:27:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/24 12:27:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/24 12:27:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/24 12:27:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/24 12:27:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/24 12:27:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/24 12:27:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/24 12:27:15 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/24 12:27:15 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/24 12:27:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/24 12:27:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/24 12:27:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/24 12:27:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/24 12:27:15 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/24 12:27:15 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/24 12:27:15 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/24 12:27:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/24 12:27:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/24 12:27:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/24 12:27:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/24 12:27:15 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/24 11:52:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/04/24 11:52:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/04/24 11:39:55 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/24 11:39:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/24 11:39:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 11:36:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/24 11:36:30 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/24 11:36:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/24 10:55:49 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/04/24 10:55:49 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/04/24 10:55:49 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/04/24 10:55:49 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/04/24 10:55:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/04/24 10:55:48 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/04/24 10:55:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/04/24 10:55:48 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/04/24 10:55:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/04/24 10:55:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/04/24 10:55:48 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/04/24 10:55:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/04/24 10:55:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/04/24 10:55:11 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/24 10:55:11 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/24 10:55:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/24 10:55:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/24 10:55:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/24 10:55:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/24 10:55:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/24 10:55:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/24 10:55:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/24 10:55:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/24 10:55:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/24 10:55:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 10:55:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 10:55:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 10:55:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 10:55:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

Re: I have no idea what I'm infected with1st May 2012, 3:55 pm

From OTL.scr:

OTL.txt (cont)

Spoiler :

[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 10:55:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/24 10:54:50 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/04/24 10:54:26 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/04/24 10:54:25 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/04/24 10:54:24 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/04/24 10:54:24 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/04/24 10:54:24 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/04/24 10:54:24 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/04/24 10:54:17 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/04/24 10:54:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/04/24 10:54:12 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/04/24 10:54:12 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/04/24 10:54:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/04/24 10:54:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/04/24 10:54:10 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/04/24 10:54:10 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/04/24 10:54:06 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/04/24 10:54:06 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/04/24 10:54:06 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/04/24 10:54:06 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/04/24 10:54:06 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/04/24 10:54:06 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/04/24 10:54:06 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/04/24 10:54:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/24 10:54:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/24 10:54:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/04/24 10:54:02 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/04/24 10:54:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/04/24 10:54:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/04/24 10:54:02 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/04/24 10:54:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/04/24 10:54:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/04/24 10:54:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/04/24 10:54:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/04/24 10:53:58 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/04/24 10:53:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/04/24 10:53:51 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/24 10:53:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/24 10:53:29 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/04/24 10:53:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/04/24 10:53:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/04/24 10:53:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/04/24 10:53:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/24 10:53:25 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/04/24 10:53:25 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/04/24 10:53:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/04/24 10:53:25 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/04/24 10:53:22 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/24 10:53:19 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/04/24 10:53:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/04/24 10:53:19 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/04/24 10:53:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/04/24 10:53:17 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/04/24 10:53:17 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/04/24 10:53:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/04/24 10:53:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/04/24 10:53:17 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/04/24 10:53:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/04/24 10:53:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/04/24 10:53:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/04/24 10:53:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/04/24 10:53:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/04/24 10:52:24 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/04/24 10:52:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/04/24 10:52:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/04/24 10:52:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/04/24 10:52:22 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/04/24 10:52:22 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/04/24 10:51:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 10:51:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 10:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 10:51:12 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/04/24 10:51:12 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/04/24 10:51:11 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/04/24 10:51:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/24 10:51:06 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/04/24 10:51:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/04/24 10:51:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/04/24 10:50:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/04/24 10:50:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/04/24 10:48:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/24 10:46:26 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/04/24 10:46:26 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/04/24 10:46:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/04/24 10:46:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/04/24 10:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/04/24 10:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/04/24 10:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012/04/24 10:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/04/24 10:13:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/04/24 08:04:53 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\Documents\Cliff
[2012/04/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Mozilla
[2012/04/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Mozilla
[2012/04/24 08:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/24 07:47:56 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\DAEMON Tools Pro
[2012/04/24 07:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/04/24 07:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/24 07:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/04/24 07:34:51 | 000,317,440 | ---- | C] (Intel(R) Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/04/24 07:34:51 | 000,014,848 | ---- | C] (Intel(R) Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/04/24 07:33:50 | 000,063,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/04/24 07:33:43 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/04/24 07:33:43 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/04/24 07:33:41 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2361.dll
[2012/04/24 07:18:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/04/24 07:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/24 07:17:25 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/04/24 07:17:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/04/24 07:17:24 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/04/24 07:17:24 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012/04/24 07:17:24 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/04/24 07:17:24 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/04/24 07:17:24 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012/04/24 07:17:24 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012/04/24 07:17:24 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012/04/24 07:17:24 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/04/24 07:17:23 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/04/24 07:17:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/04/24 07:17:21 | 002,813,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/04/24 07:17:21 | 000,626,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/04/24 07:17:20 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/04/24 07:17:20 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/04/24 07:17:19 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/04/24 07:17:18 | 000,544,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012/04/24 07:17:18 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/04/24 07:17:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/04/24 07:17:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/04/24 07:17:18 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/04/24 07:17:18 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/04/24 07:17:18 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/04/24 07:17:18 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/04/24 07:17:14 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/04/24 07:17:14 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/04/24 07:17:14 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/04/24 07:17:14 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/04/24 07:17:14 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/04/24 07:17:13 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/04/24 07:17:13 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/04/24 07:17:12 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/04/24 07:17:12 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/04/24 07:17:12 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/04/24 07:17:06 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/04/24 07:17:05 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/04/24 07:17:05 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/04/24 07:17:05 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/04/24 07:17:05 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/04/24 07:17:05 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/04/24 07:17:05 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/04/24 07:17:04 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/04/24 07:17:04 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/04/24 07:17:04 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/04/24 07:17:04 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/04/24 07:17:04 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/04/24 07:17:04 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/04/24 07:17:03 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/04/24 07:17:03 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/04/24 07:17:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/04/24 07:17:00 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/04/24 07:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/04/24 07:05:31 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/04/24 07:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/04/24 07:05:16 | 000,000,000 | ---D | C] -- C:\Intel
[2012/04/24 07:03:06 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/04/24 07:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/04/24 07:03:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/23 19:43:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/04/23 18:47:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/23 18:44:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/04/23 18:43:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/23 16:55:34 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/23 16:55:34 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Searches
[2012/04/23 16:55:34 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/23 16:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/04/23 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Identities
[2012/04/23 16:55:09 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Contacts
[2012/04/23 16:55:06 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\VirtualStore
[2012/04/23 16:54:50 | 000,000,000 | --SD | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Videos
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Saved Games
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Pictures
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Music
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Links
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Favorites
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Downloads
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Documents
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Desktop
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Temporary Internet Files
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Templates
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Start Menu
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\SendTo
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Recent
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\PrintHood
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\NetHood
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Documents\My Videos
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Documents\My Pictures
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Documents\My Music
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\My Documents
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Local Settings
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\AppData\Local\History
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Cookies
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Application Data
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Application Data
[2012/04/23 16:54:50 | 000,000,000 | -H-D | C] -- C:\Users\Buchkowski Lumber\AppData
[2012/04/23 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Temp
[2012/04/23 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Microsoft
[2012/04/23 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Media Center Programs
[2012/04/23 16:54:37 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/05/01 09:41:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.exe
[2012/05/01 09:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.scr
[2012/05/01 09:24:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 09:24:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 09:02:39 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/01 09:02:39 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/01 09:02:39 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/01 08:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/01 08:48:30 | 3152,265,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/01 08:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 08:37:26 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Buchkowski Lumber\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/28 07:04:56 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/04/28 07:04:27 | 001,497,729 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\Cat.DB
[2012/04/27 12:38:22 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\VT20120410.034
[2012/04/27 11:26:36 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/04/27 11:26:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/04/27 11:26:36 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/04/27 10:29:42 | 000,784,784 | ---- | M] (Solid State Networks) -- C:\Users\Buchkowski Lumber\Desktop\install_reader10_en_mssd_aih.exe
[2012/04/27 08:41:51 | 000,001,262 | ---- | M] () -- C:\Users\Buchkowski Lumber\Desktop\Spybot - Search & Destroy.lnk
[2012/04/27 07:23:48 | 236,371,968 | ---- | M] () -- C:\Edwin Buchkowski (Backup Apr 27,2012 07 18 AM).QBB
[2012/04/27 07:08:20 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/27 06:58:47 | 000,419,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/26 11:14:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/04/26 11:12:06 | 047,579,136 | ---- | M] () -- C:\BUCHKOWSKI LUMBER COMPANY 2011 (Backup Apr 26,2012 11 10 AM).QBB
[2012/04/26 10:56:32 | 000,002,434 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/04/26 10:56:32 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
[2012/04/26 10:50:54 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 14:55:09 | 000,000,239 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/04/25 09:56:06 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Kolbe ProQuote® 2010.lnk
[2012/04/25 09:29:54 | 000,000,170 | ---- | M] () -- C:\Users\Buchkowski Lumber\Desktop\Waudena Configurator.url
[2012/04/24 13:05:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/04/24 12:49:11 | 000,001,441 | ---- | M] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/24 12:27:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/24 12:27:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/24 12:27:17 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/24 12:27:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/24 12:27:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/24 12:27:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/24 12:27:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/24 12:27:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/24 12:27:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/24 12:27:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/24 12:27:17 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/24 12:27:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/24 12:27:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/24 12:27:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/24 12:27:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/24 12:27:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/24 12:27:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/24 12:27:17 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/24 12:27:17 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/24 12:27:17 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/24 12:27:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/24 12:27:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/24 12:27:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/24 12:27:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/24 12:27:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/24 12:27:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/24 12:27:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/24 12:27:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/24 12:27:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/24 12:27:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/24 12:27:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/24 12:27:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/24 12:27:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/24 12:27:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/24 12:27:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/24 12:27:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/24 12:27:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/24 12:27:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/24 12:27:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/24 12:27:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/24 12:27:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/24 12:27:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/24 12:27:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/24 12:27:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/24 12:27:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/24 12:27:15 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/24 12:27:15 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/24 12:27:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/24 12:27:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/24 12:27:15 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/24 12:27:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/24 12:27:15 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/24 12:27:15 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/24 12:27:15 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/24 12:27:15 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/24 12:27:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/24 12:27:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/24 12:27:15 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/24 12:27:15 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/24 10:35:10 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/24 10:35:03 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 08:23:51 | 000,000,816 | ---- | M] () -- C:\Users\Buchkowski Lumber\Desktop\My Documents.lnk
[2012/04/24 07:38:59 | 000,028,373 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/04/24 07:38:43 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/04/23 18:48:59 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/04/23 18:48:59 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/04/18 22:50:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\isolate.ini
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 20:43:49 | 000,007,462 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.cat
[2012/04/03 20:43:49 | 000,007,458 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.cat
[2012/04/03 20:43:49 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.inf
[2012/04/03 20:43:49 | 000,001,419 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.inf

========== Files Created - No Company Name ==========

[2012/05/01 08:38:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 07:04:08 | 001,497,729 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\Cat.DB
[2012/04/27 12:39:09 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\VT20120410.034
[2012/04/27 12:38:16 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.cat
[2012/04/27 12:38:16 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.cat
[2012/04/27 12:38:16 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.cat
[2012/04/27 12:38:16 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.cat
[2012/04/27 12:38:16 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnet64.cat
[2012/04/27 12:38:16 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.cat
[2012/04/27 12:38:16 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\iron.cat
[2012/04/27 12:38:16 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa.inf
[2012/04/27 12:38:16 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds.inf
[2012/04/27 12:38:16 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnet.inf
[2012/04/27 12:38:16 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.inf
[2012/04/27 12:38:16 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.inf
[2012/04/27 12:38:16 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.inf
[2012/04/27 12:38:16 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\iron.inf
[2012/04/27 12:38:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\isolate.ini
[2012/04/27 11:26:37 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/04/27 11:26:37 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/04/27 11:26:27 | 000,002,388 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/04/27 08:41:51 | 000,001,262 | ---- | C] () -- C:\Users\Buchkowski Lumber\Desktop\Spybot - Search & Destroy.lnk
[2012/04/27 07:31:03 | 236,371,968 | ---- | C] () -- C:\Edwin Buchkowski (Backup Apr 27,2012 07 18 AM).QBB
[2012/04/26 13:31:42 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/04/26 11:14:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/04/26 11:13:55 | 047,579,136 | ---- | C] () -- C:\BUCHKOWSKI LUMBER COMPANY 2011 (Backup Apr 26,2012 11 10 AM).QBB
[2012/04/26 10:56:32 | 000,002,434 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/04/26 10:56:32 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
[2012/04/26 10:51:45 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/26 10:50:52 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 10:08:02 | 000,000,239 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/04/25 09:56:06 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Kolbe ProQuote® 2010.lnk
[2012/04/25 09:29:43 | 000,000,170 | ---- | C] () -- C:\Users\Buchkowski Lumber\Desktop\Waudena Configurator.url
[2012/04/24 13:05:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/04/24 12:27:17 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/24 12:27:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/24 10:35:03 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/24 10:18:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/24 10:17:55 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/04/24 10:17:55 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/04/24 10:17:55 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 10:17:54 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/04/24 08:13:27 | 000,000,816 | ---- | C] () -- C:\Users\Buchkowski Lumber\Desktop\My Documents.lnk
[2012/04/24 07:49:16 | 000,001,441 | ---- | C] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/24 07:33:41 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/04/24 07:33:41 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/04/24 07:33:41 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/04/24 07:33:41 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/04/24 07:00:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/24 07:00:47 | 000,028,373 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/04/23 18:48:42 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/23 18:48:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/23 18:43:52 | 3152,265,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/23 16:56:48 | 000,001,413 | ---- | C] () -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/23 16:56:42 | 000,001,447 | ---- | C] () -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/23 16:54:50 | 000,000,290 | ---- | C] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/23 16:54:50 | 000,000,272 | ---- | C] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/27 10:29:42 | 000,784,784 | ---- | M] (Solid State Networks) -- C:\Users\Buchkowski Lumber\Desktop\install_reader10_en_mssd_aih.exe
[2012/05/01 08:37:26 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Buchkowski Lumber\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/01 09:41:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/03/12 23:39:04 | 000,125,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/03/12 23:39:09 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/03/12 23:39:09 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/04/27 11:58:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/04/24 07:17:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/24 07:34:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/04/24 15:07:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/04/26 10:51:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
[2012/04/25 09:55:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kolbe
[2012/05/01 08:38:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/24 10:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/04/24 10:34:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/04/26 08:15:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/24 13:12:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/04/24 08:04:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/04/26 10:38:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/27 11:25:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton AntiVirus
[2012/04/28 07:04:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2012/04/24 07:17:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/04/27 08:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/24 07:20:49 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/04/25 10:00:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WTS Paradigm

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

Re: I have no idea what I'm infected with1st May 2012, 3:56 pm

From OTL.scr:

Extras.txt

Spoiler :

OTL Extras logfile created on: 5/1/2012 09:43:30 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Buchkowski Lumber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.40% Memory free
7.83 Gb Paging File | 6.39 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.31 Gb Total Space | 45.76 Gb Free Space | 61.59% Space Free | Partition Type: NTFS

Computer Name: NEWBACK | User Name: Buchkowski Lumber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A5F9D7-F1E0-4A5F-92B7-233D82A36B70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07481286-156D-4B5F-8EA8-AC07BC9775B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{07F39A0D-8CE7-468B-9B49-62F8AD1132A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0C48454E-1491-413D-BC4F-061178E760CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{16F8EE82-D521-4C12-A672-0A54822A87AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FE943EB-4BBF-4CAE-A023-01539F08978C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{253275ED-2604-4D65-A949-2E232C85B52A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DE01D90-1449-42AF-8241-8B01A592C60E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F931F88-D81A-4954-8A34-0B3706DB1B15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F9801FA-C867-4DA9-A437-F942FB2853BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B822D41-E900-4452-BF56-A6DF0F438DED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66E02AC4-EBBC-4EC8-88F5-31B21F491A91}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C73D106-E7BD-4496-83A7-FFB5AD561EDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F65764F-120F-4ABB-B27C-A38DED2BBC8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96C0C3B2-F52B-4972-94E6-22580D02336A}" = rport=139 | protocol=6 | dir=out | app=system |
"{98775208-1064-491F-A52E-8F88570B5D53}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D962452-58A1-40D1-9484-4C06787562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E8CD0C2-1190-4500-99FE-84662CCA27AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{A07029ED-486E-45DE-959B-64CA34A198C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B11D52BA-942F-4C40-81F6-FC13C1693BBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6C461C7-33B3-4E84-A736-A65EFD11E099}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D32F361C-EE51-4053-BDAE-4349D95429BB}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAB187D8-2B92-4C2B-9689-3CD1BCD63100}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD43B0D9-FAF7-48C5-A0E7-948E26EF5D41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E124E6DC-EFF0-4408-BBD0-CE3ECE8F797F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4E29A4E-47EE-4424-9BF4-95278F7DE236}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5C2F887-A24C-447D-8A86-88628C043DD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBF41995-977F-4D1F-AD9B-EF33489A54D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEC166BD-73E0-48F3-B5C1-4F197771D3D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0810A50A-7888-4CBD-88C7-0E8F498309CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A3D4B9C-AC7D-4EBD-AF56-C18BEBD8B46E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ABAB653-2A5F-49DE-89A9-70C66B9AA4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BC54B7C-DD99-467C-8118-33A9A0C86A53}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C8A28E2-9605-4DA0-AC93-5889F06A9A53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{394DEFBC-A4FC-4C5D-8228-326F2D75974A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B1B00F5-72B1-4521-90D0-97514070318A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{783CEE05-7B96-47BB-9F1C-573D4AD946B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B1BFDA4-B526-4AB3-8978-6D5F0AA1F4A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{846B5381-E1E6-41F2-A772-05A9154319A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F527FE-9A00-4944-B404-B744CCBA6F9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A63A554C-D008-4FEC-8AB6-F09D0E3A3F53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B88221AF-721E-4DC0-818E-4C34DD3B9957}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD1D89AE-B336-4841-82EC-DBD859B79F1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4F7EAC2-938D-40CC-98C5-1F3340E9E3BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E357AC11-96C1-4815-ACDA-E18789B6BDCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F31DD93A-A687-4CC5-9EF9-AAD0D67648F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5D2E99A-F495-4471-B9D3-8FC06F9B46AD}" = protocol=6 | dir=out | app=system |
"{F8116F8B-372A-4EB3-993A-825F354354FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA118369-F108-4202-89EC-FE10334ED882}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1394
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D323988-000D-4CB9-B08C-41891C41E4A2}" = Kolbe ProQuote® 2010
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{85F38E17-C6C2-4846-9CCB-37BF05A7EBB7}" = WTS Paradigm Base Camp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NAV" = Norton AntiVirus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2012 09:50:08 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/1/2012 09:50:08 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/1/2012 09:50:18 | Computer Name = NewBack | Source = WinMgmt | ID = 10
Description =

Error - 5/1/2012 09:51:20 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
Error:Invalid user ID or passwo

Error - 5/1/2012 09:51:20 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
String:CON=QBConnectionPool-Probe-QB_NEWBACK_22;;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\BUCHKOWSKI LUMBER COMPANY 2011.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.111;TO=5;DOBROADCAST=NONE;port=55348)";ServerName=QB_NEWBACK_22;DBN=57a3374c51cb4e94922a5d9e69aad1

Error - 5/1/2012 09:51:20 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::~[Filtered JS Events]~
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
Error:Invalid user ID or passwo

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
String:CON=QBConnectionPool-Probe-QB_NEWBACK_22;;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\BUCHKOWSKI LUMBER COMPANY 2011.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.111;TO=5;DOBROADCAST=NONE;port=55348)";ServerName=QB_NEWBACK_22;DBN=bb9c0a6c3dcb4081ad01eaece8a1dd

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::~[Filtered JS Events]~
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DMError Information:-6069Additional
Info:An Invalid Id or password was specifie

[ System Events ]
Error - 4/30/2012 10:59:08 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 4/30/2012 11:30:35 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/30/2012 11:30:36 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/30/2012 11:30:37 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/30/2012 12:04:08 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 5/1/2012 09:17:32 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 5/1/2012 09:52:02 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 5/1/2012 10:01:32 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/1/2012 10:01:33 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/1/2012 10:01:34 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

< End of report >

Re: I have no idea what I'm infected with1st May 2012, 3:56 pm

From aswMBR.exe:

aswMBR

Spoiler :

Re: I have no idea what I'm infected with1st May 2012, 3:57 pm

From SecurityCheck.exe:

checkup.txt

Spoiler :

Re: I have no idea what I'm infected with1st May 2012, 4:31 pm

Here is something fairly alarming as well, here is a complete showing of all the processes currently running on this system:

I have no idea what I'm infected with 3

And here is the performance tab:

I have no idea what I'm infected with 4

1.7 GB of RAM being chewed up? Whoa!

By the time I finished drafting this post, it was up to 2.14 GB being used. I'll perform a system restart and report back the results.

Re: I have no idea what I'm infected with1st May 2012, 4:53 pm

A system restart has seemed to help at least a little bit. With Quickbooks and Firefox both running the system is using 1.3 GB of RAM - still high for my liking but much more tolerable.

Re: I have no idea what I'm infected with1st May 2012, 4:54 pm

Let's start with ComboFix:

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: I have no idea what I'm infected with1st May 2012, 7:06 pm

Done.

From ComboFix.exe:

log.txt

Spoiler :

ComboFix 12-05-01.02 - Buchkowski Lumber 05/01/2012 13:45:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2742 [GMT -5]
Running from: c:\users\Buchkowski Lumber\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 18:48 . 2012-05-01 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 13:38 . 2012-05-01 13:38 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 16:58 . 2012-04-27 16:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-27 16:26 . 2012-04-27 16:26 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-27 16:26 . 2012-04-27 16:26 -------- d-----w- c:\program files\Symantec
2012-04-27 16:26 . 2012-04-27 16:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-27 16:25 . 2012-04-28 12:05 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-04-27 16:25 . 2012-04-27 16:25 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-04-27 16:14 . 2012-04-27 16:25 -------- d-----w- c:\programdata\Norton
2012-04-27 15:39 . 2012-04-28 12:04 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-27 13:41 . 2012-04-27 13:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-27 13:41 . 2012-04-27 13:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-27 12:11 . 2012-04-27 12:11 -------- d-----w- c:\users\QBDataServiceUser22
2012-04-26 22:09 . 2012-04-26 22:09 -------- d-----w- c:\programdata\PDF Writer
2012-04-26 22:07 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-04-26 22:01 . 2012-04-26 22:01 -------- d-----w- c:\program files\Common Files\Bullzip
2012-04-26 22:01 . 2010-09-27 00:00 135168 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-04-26 22:01 . 2008-10-30 00:00 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-04-26 22:01 . 2008-07-09 00:00 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-04-26 22:00 . 2012-03-03 00:00 215040 ----a-w- c:\windows\system32\bzpdf.dll
2012-04-26 22:00 . 2012-04-26 22:00 -------- d-----w- c:\program files\Bullzip
2012-04-26 20:09 . 2004-08-04 05:56 438272 ----a-w- C:\shimgvw.dll
2012-04-26 18:29 . 2012-04-26 18:30 -------- d-----w- c:\program files\Paint.NET
2012-04-26 16:25 . 2012-04-26 16:25 -------- d-----w- c:\program files\Common Files\Intuit
2012-04-26 15:51 . 2012-04-27 11:59 -------- d-----w- c:\programdata\Intuit
2012-04-26 15:51 . 2012-04-26 15:53 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-26 15:51 . 2012-04-26 15:51 -------- d-----w- c:\programdata\Nuance
2012-04-26 15:51 . 2012-04-26 15:51 -------- d-----w- c:\program files (x86)\Intuit
2012-04-26 15:51 . 2012-05-01 13:50 -------- d-----w- c:\programdata\SQL Anywhere 11
2012-04-26 15:51 . 2012-04-26 15:51 -------- d-----w- c:\programdata\COMMON FILES
2012-04-26 15:38 . 2012-04-26 15:38 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-26 15:38 . 2012-04-26 15:38 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-26 15:29 . 2012-04-26 15:29 -------- d-----w- c:\windows\Intuit
2012-04-26 13:15 . 2012-04-26 13:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-25 15:00 . 2012-04-25 15:00 -------- d-----w- c:\program files (x86)\WTS Paradigm
2012-04-25 14:55 . 2012-04-25 14:55 -------- d-----w- c:\program files (x86)\Kolbe
2012-04-24 18:28 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-04-24 18:28 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-04-24 18:28 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-04-24 18:28 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-04-24 18:28 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-04-24 18:28 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-04-24 18:28 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-04-24 18:28 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-04-24 18:28 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-04-24 18:28 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-04-24 18:28 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-04-24 18:27 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-04-24 18:27 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-24 18:27 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-04-24 18:27 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-24 18:27 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-04-24 18:27 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-04-24 18:27 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-04-24 18:12 . 2012-04-24 18:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-24 18:05 . 2012-04-24 18:05 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-04-24 18:04 . 2012-04-24 18:04 -------- d-----w- c:\windows\PCHEALTH
2012-04-24 16:52 . 2012-04-24 16:52 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-24 16:52 . 2012-04-24 16:52 -------- d-----w- c:\windows\system32\Wat
2012-04-24 16:39 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-24 16:39 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-24 16:39 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-24 16:37 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5205E0E-F6E5-4470-8158-4CA84831095B}\mpengine.dll
2012-04-24 16:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-24 16:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-24 16:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-24 16:36 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-24 16:36 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-24 16:36 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-24 16:36 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-24 15:53 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-24 15:52 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-24 15:52 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-24 15:52 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-24 15:52 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-24 15:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-24 15:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-24 15:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-24 15:51 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-24 15:51 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-24 15:51 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 15:51 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-24 15:51 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-24 15:51 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-04-24 15:51 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-24 15:51 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-04-24 15:51 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-24 15:51 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-24 15:51 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-04-24 15:51 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-04-24 15:50 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-24 15:50 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-24 15:48 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-24 15:48 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-24 15:48 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-24 15:48 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-24 15:46 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-24 15:46 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-24 15:46 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-24 15:46 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-24 15:46 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-24 15:46 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-24 15:46 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-24 15:17 . 2012-04-24 15:17 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2012-04-24 15:13 . 2012-04-27 12:08 -------- d-sh--w- c:\windows\Installer
2012-04-24 12:47 . 2012-04-24 12:47 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-04-24 12:35 . 2012-04-24 12:35 -------- d-----w- c:\program files\Common Files\Intel
2012-04-24 12:35 . 2012-04-24 12:35 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-04-24 12:34 . 2010-10-14 17:28 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-04-24 12:34 . 2010-10-14 17:27 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-04-24 12:33 . 2012-03-20 03:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-04-24 12:33 . 2012-03-20 03:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-04-24 12:33 . 2011-04-10 03:41 577024 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-04-24 12:33 . 2011-04-10 03:56 90112 ----a-w- c:\windows\system32\igfxCoIn_v2361.dll
2012-04-24 12:33 . 2011-04-10 03:49 145804 ----a-w- c:\windows\SysWow64\igcompkrng600.bin
2012-04-24 12:33 . 2011-04-10 03:49 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2012-04-24 12:33 . 2011-04-10 02:40 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-04-24 12:18 . 2012-04-24 12:18 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-04-24 12:18 . 2012-04-24 12:18 -------- d-----w- c:\program files\Realtek
2012-04-24 12:16 . 2012-04-24 12:16 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-04-24 12:05 . 2011-04-15 08:00 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-04-24 12:05 . 2012-04-24 12:34 -------- d-----w- c:\program files (x86)\Intel
2012-04-24 12:05 . 2012-04-24 12:33 -------- d-----w- C:\Intel
2012-04-24 12:03 . 2011-06-10 11:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-04-24 12:03 . 2012-04-24 12:17 -------- d-----w- c:\program files (x86)\Realtek
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 04:44 . 2012-03-20 04:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-20 04:44 . 2012-03-20 04:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-20 04:44 . 2012-03-20 04:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-20 04:44 . 2012-03-20 04:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-20 04:44 . 2012-03-20 04:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 04:44 . 2012-03-20 04:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-20 04:44 . 2012-03-20 04:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-20 04:44 . 2012-03-20 04:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-20 04:42 . 2012-03-20 04:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-20 04:32 . 2012-03-20 04:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-20 04:31 . 2012-03-20 04:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-20 04:31 . 2012-03-20 04:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-20 04:31 . 2012-03-20 04:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-20 04:31 . 2012-03-20 04:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-20 04:26 . 2012-03-20 04:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-20 04:25 . 2012-03-20 04:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-20 04:22 . 2012-03-20 04:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-20 04:11 . 2012-03-20 04:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-20 03:31 . 2012-03-20 03:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-20 03:21 . 2012-03-20 03:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-20 03:18 . 2012-03-20 03:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-20 03:18 . 2012-03-20 03:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-20 03:18 . 2012-03-20 03:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-20 03:18 . 2012-03-20 03:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-20 03:18 . 2012-03-20 03:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-20 03:18 . 2012-03-20 03:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-20 03:18 . 2012-03-20 03:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-20 03:18 . 2012-03-20 03:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-20 03:18 . 2012-03-20 03:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-20 03:18 . 2012-03-20 03:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-20 03:18 . 2012-03-20 03:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-20 03:18 . 2012-03-20 03:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-20 03:18 . 2012-03-20 03:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-20 03:18 . 2012-03-20 03:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-20 03:17 . 2012-03-20 03:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-20 03:17 . 2012-03-20 03:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-20 03:17 . 2012-03-20 03:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-20 03:17 . 2012-03-20 03:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-20 03:16 . 2012-03-20 03:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-20 03:16 . 2012-03-20 03:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-20 03:16 . 2012-03-20 03:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-20 03:12 . 2012-03-20 03:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-20 03:11 . 2012-03-20 03:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-20 03:09 . 2012-03-20 03:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-20 03:09 . 2012-03-20 03:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-20 03:09 . 2012-03-20 03:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-03-20 03:09 . 2012-03-20 03:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-20 03:09 . 2012-03-20 03:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-03-20 03:09 . 2012-03-20 03:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-20 03:09 . 2012-03-20 03:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-20 03:09 . 2012-03-20 03:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 WTS Paradigm Base Camp;WTS Paradigm Base Camp;c:\program files (x86)\WTS Paradigm\BaseCamp\BaseCampService.exe [2012-04-25 257024]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120428.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-28 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2011-08-20 679936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.104.96.61
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Buchkowski Lumber\AppData\Roaming\Mozilla\Firefox\Profiles\3v9l1h0d.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-05-01 13:55:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 18:55
.
Pre-Run: 48,235,671,552 bytes free
Post-Run: 48,312,918,016 bytes free
.
- - End Of File - - F61E933A465FF110AAE4A3ECC3BE8FE8

I've had to switch to a different system to write this post. When I try to open anything on the system we are working on I get the following error:

"Illegal operation attempted on a registry key that has been marked for deletion."

I can't even get into regedit, command prompt, explorer... nothing.

I hope you can walk me through the process of rolling back to that restore point that ComboFix created... Please (puppy eyes)

I'm afraid to restart the system or do anything until I get confirmation from someone on what I should do.

Re: I have no idea what I'm infected with1st May 2012, 7:14 pm

I've managed to get into explorer on the other system, but nothing else has changed. I'm not able to open anything... Let me think

Re: I have no idea what I'm infected with1st May 2012, 8:12 pm

Toad` wrote:

I'm afraid to restart the system or do anything until I get confirmation from someone on what I should do.

Never mind that, there isn't much on that system that isn't backed up so I got impatient and went for a restart.

I am able to open/access files and such per normal.

Still having that mysterious disappearing files problem though.

Re: I have no idea what I'm infected with2nd May 2012, 8:43 am

What do you mean by restart?

Re: I have no idea what I'm infected with2nd May 2012, 11:55 am

I restarted the computer.

Start>Shutdown>Restart.

Re: I have no idea what I'm infected with3rd May 2012, 8:31 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: I have no idea what I'm infected with3rd May 2012, 12:23 pm

Ummm... I already did that. See Post 10 of this thread. Annoyed or Unimpress

Re: I have no idea what I'm infected with3rd May 2012, 2:21 pm

I know! I want you to download a new copy of ComboFix and run it again, please...

Re: I have no idea what I'm infected with3rd May 2012, 9:26 pm

Would you prefer that I not restart the system after running ComboFix this time?

Re: I have no idea what I'm infected with4th May 2012, 8:13 am

ComboFix will decide if the system needs restarted. Therefore, depends on its choosing.

Re: I have no idea what I'm infected with4th May 2012, 6:08 pm

I won't be able to get to this until Monday morning at the earliest.

Thanks for your help thus far, I'll check back in after I get this taken care of.

Re: I have no idea what I'm infected with5th May 2012, 8:02 pm

Okay...I'll see you here then.

Re: I have no idea what I'm infected with18th May 2012, 6:29 pm

You can mark this issue as resolved.

I got fed up and reinstalled Windows and still had the same issue. Another hour or two of research turned up that it was some sort of incompatibility with Windows 7 and the current version of Adobe.

I'd link to the places where I found the solution, but I'm not sure of the policies regarding that on this forum.

Thanks for your help anyway DMJ. Right On!

Re: I have no idea what I'm infected with19th May 2012, 6:24 pm

Glad it worked.

We do our work for free. If you feel helped, please see my signature below for the donation link.

Thanks! Topic closed.

I have no idea what I'm infected with

descriptionI have no idea what I'm infected with1st May 2012, 3:51 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 3:54 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 3:55 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 3:56 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 3:56 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 3:57 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 4:31 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 4:53 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 4:54 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 7:06 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 7:14 pm

descriptionRe: I have no idea what I'm infected with1st May 2012, 8:12 pm

descriptionRe: I have no idea what I'm infected with2nd May 2012, 8:43 am

descriptionRe: I have no idea what I'm infected with2nd May 2012, 11:55 am

descriptionRe: I have no idea what I'm infected with3rd May 2012, 8:31 am

descriptionRe: I have no idea what I'm infected with3rd May 2012, 12:23 pm

descriptionRe: I have no idea what I'm infected with3rd May 2012, 2:21 pm

descriptionRe: I have no idea what I'm infected with3rd May 2012, 9:26 pm

descriptionRe: I have no idea what I'm infected with4th May 2012, 8:13 am

descriptionRe: I have no idea what I'm infected with4th May 2012, 6:08 pm

descriptionRe: I have no idea what I'm infected with5th May 2012, 8:02 pm

descriptionRe: I have no idea what I'm infected with18th May 2012, 6:29 pm

descriptionRe: I have no idea what I'm infected with19th May 2012, 6:24 pm

descriptionRe: I have no idea what I'm infected with