1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

svchost.exe virus in temp folder (Win 7 x64)

Discussion in 'Virus & Other Malware Removal' started by ams387, Feb 8, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    Computer started being slow and noticed that games were very laggy. GPU-Z showed that my GPU was running at 99% while computer was idle so I figured something must be up. Ran and updated MBAM and found svchost.exe running in my windows temp folder. MBAM is able to identify and temporarily remove it, but it always comes back when computer re-starts. I upgraded to the pro version of MBAM which has real time protection...it immediately identifies the virus and quarantines it on startup, and my computer runs fine from there on out. However, I would much prefer to eradicate the virus completely rather than rely on MBAM to quarantine on startup every time. In order to get accurate logs I turned off MBAB pro at startup so that svchost.exe is present and visible to other scanners. Logs are below. The ark.txt was too long so I'll include it in the next post. Any help is much appreciated! Thanks!

    MBAM scan result:

    Trojan.Agent.Gen in H:\Users\Amol\AppData\Local\Temp\svchost.exe
    Trojan.Agent.cn in H:\Users\Amol\AppData\Local\Temp\svchost.exe


    HIJACK THIS log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:38:49 PM, on 2/8/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    H:\Users\Amol\Local Settings\Apps\F.lux\flux.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    H:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    H:\Users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    H:\Users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    H:\Users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    H:\Windows\SysWOW64\Ctxfihlp.exe
    H:\Program Files (x86)\Print Magic PC\PrintMagicSystemTray.exe
    H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    D:\Downloads\BlockifyService.exe
    H:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    H:\Program Files (x86)\DeskPins\DeskPins.exe
    H:\Users\Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe
    H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    H:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    H:\Program Files (x86)\iTunes\iTunesHelper.exe
    H:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    H:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    H:\Windows\SysWOW64\CTXFISPI.EXE
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\CsiSyncClient.EXE
    H:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    H:\Users\Amol\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    H:\Users\Amol\AppData\Local\Temp\svchost.exe
    D:\Downloads\HijackThis.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Windows\SysWOW64\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - H:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - H:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - H:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - H:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)
    O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "H:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
    O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - H:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
    O4 - HKLM\..\Run: [SwitchBoard] H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [APSDaemon] "H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "H:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [ConnectionCenter] "H:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [amd_dc_opt] H:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [DivXUpdate] "H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe] H:\Users\Amol\AppData\Roaming\Adobe\color.vbe
    O4 - HKCU\..\Run: [F.lux] "H:\Users\Amol\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - HKCU\..\Run: [2C50BD84456837F353041443527D4FC28EEEDB59._service_run] "H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [iCloudServices] H:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] H:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [SkyDrive] "H:\Users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    O4 - HKCU\..\Run: [MusicManager] "H:\Users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    O4 - HKCU\..\Run: [Spotify Web Helper] "H:\Users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C6D8647A41E7E844A10BCF9E67A0A68F] "H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKUS\S-1-5-21-3852737153-183856392-2395361809-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3852737153-183856392-2395361809-1003\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Blockify Service.lnk = D:\Downloads\BlockifyService.exe
    O4 - Startup: DeskPins.lnk = H:\Program Files (x86)\DeskPins\DeskPins.exe
    O4 - Startup: Dropbox.lnk = Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = H:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = H:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Startup: OneNote 2013 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    O4 - Global Startup: PrintMagic.lnk = ?
    O8 - Extra context menu item: Add to Evernote 4 - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: New Note - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    O8 - Extra context menu item: Se&nd to OneNote - res://H:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @H:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @H:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O10 - Unknown file in Winsock LSP: h:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - H:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - H:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - H:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - H:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - H:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KMService - Unknown owner - H:\Windows\system32\srvany.exe
    O23 - Service: Logitech Solar Keyboard Service (L4301_Solar) - Logitech, Inc. - H:\Program Files\Logitech\SolarApp\L4301_Solar.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - H:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - H:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - H:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - H:\Windows\SysWOW64\NLSSRV32.EXE
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - H:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - H:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA.exe
    O23 - Service: PrintMagic Service (PrintMagicService) - Unknown owner - H:\Program Files (x86)\Print Magic PC\PrintMagic_Service.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - H:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - H:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - H:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Splashtop&#65533; Remote Service (SplashtopRemoteService) - Splashtop Inc. - H:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - H:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - H:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - H:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    O23 - Service: Steam Client Service - Valve Corporation - H:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - H:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - H:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - H:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - H:\Windows\System32\vds.exe (file missing)
    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - H:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - H:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - H:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - H:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - H:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - H:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 21801 bytes


    DDS.TXT

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
    Run by Amol at 20:40:08 on 2013-02-08
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9155 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    H:\Windows\system32\lsm.exe
    H:\Windows\system32\svchost.exe -k DcomLaunch
    H:\Windows\system32\nvvsvc.exe
    H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    H:\Windows\system32\svchost.exe -k RPCSS
    H:\Program Files\Microsoft Security Client\MsMpEng.exe
    H:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    H:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    H:\Windows\system32\svchost.exe -k netsvcs
    H:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    H:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    H:\Windows\system32\svchost.exe -k GPSvcGroup
    H:\Windows\system32\svchost.exe -k LocalService
    H:\Program Files\Logitech\SolarApp\L4301_Solar.exe
    H:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    H:\Windows\system32\svchost.exe -k NetworkService
    H:\Windows\System32\spoolsv.exe
    H:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    H:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    H:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
    H:\Windows\SysWOW64\NLSSRV32.EXE
    H:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    H:\Windows\SysWOW64\PnkBstrA.exe
    H:\Program Files (x86)\Print Magic PC\PrintMagic_Service.exe
    H:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    H:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    H:\Program Files\Microsoft Security Client\NisSrv.exe
    H:\Windows\System32\WUDFHost.exe
    H:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    H:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    H:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    H:\Program Files\Windows Media Player\wmpnetwk.exe
    H:\Windows\system32\SearchIndexer.exe
    H:\Program Files\iPod\bin\iPodService.exe
    H:\Windows\System32\svchost.exe -k LocalServicePeerNet
    H:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    H:\Windows\sysWOW64\wbem\wmiprvse.exe
    H:\Windows\system32\wbem\wmiprvse.exe
    H:\Windows\system32\wbem\WmiApSrv.exe
    H:\Windows\system32\taskeng.exe
    H:\Windows\system32\Dwm.exe
    H:\Windows\Explorer.EXE
    H:\Program Files\Logitech\SetPointP\SetPoint.exe
    H:\Program Files\Microsoft Security Client\msseces.exe
    H:\Users\Amol\Local Settings\Apps\F.lux\flux.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    H:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    H:\Users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    H:\Users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    H:\Users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    H:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    H:\Windows\SysWOW64\Ctxfihlp.exe
    H:\Program Files (x86)\Print Magic PC\PrintMagicSystemTray.exe
    H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    D:\Downloads\BlockifyService.exe
    H:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    H:\Program Files (x86)\DeskPins\DeskPins.exe
    H:\Users\Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe
    H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    H:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    H:\Program Files (x86)\iTunes\iTunesHelper.exe
    H:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    H:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    H:\Windows\splwow64.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    H:\Windows\system32\nvvsvc.exe
    H:\Windows\system32\taskhost.exe
    H:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    H:\Windows\SysWOW64\CTXFISPI.EXE
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\CsiSyncClient.EXE
    H:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    H:\Users\Amol\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    "H:\Users\Amol\AppData\Local\Temp\svchost.exe" -o http://p.9d3e622df914d8de7f747b7b8b143c52.com -O r3:r3 -l 1
    H:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    D:\Downloads\HijackThis.exe
    H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe
    H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    H:\Windows\system32\PrintIsolationHost.exe
    H:\Windows\system32\wbem\wmiprvse.exe
    H:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
    BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - H:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - H:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - H:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - H:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
    TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - H:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
    uRun: [F.lux] "H:\Users\Amol\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [2C50BD84456837F353041443527D4FC28EEEDB59._service_run] "H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    uRun: [iCloudServices] H:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] H:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [SkyDrive] "H:\Users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [MusicManager] "H:\Users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [Spotify Web Helper] "H:\Users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [GoogleChromeAutoLaunch_C6D8647A41E7E844A10BCF9E67A0A68F] "H:\Users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    mRun: [SwitchBoard] H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [APSDaemon] "H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AdobeCS5ServiceManager] "H:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [ConnectionCenter] "H:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [amd_dc_opt] H:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [QuickTime Task] "H:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "H:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe] H:\Users\Amol\AppData\Roaming\Adobe\color.vbe
    StartupFolder: H:\Users\Amol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOCKI~1.LNK - D:\Downloads\BlockifyService.exe
    StartupFolder: H:\Users\Amol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskPins.lnk - H:\Program Files (x86)\DeskPins\DeskPins.exe
    StartupFolder: H:\Users\Amol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - H:\Users\Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: H:\Users\Amol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - H:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: H:\Users\Amol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - H:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: H:\Users\Amol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~2.LNK - H:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
    StartupFolder: H:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTM~1.LNK -
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4 - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    IE: Add to Google Photos Screensa&ver - H:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: New Note - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - H:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - H:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
    TCP: NameServer = 192.168.11.1
    TCP: Interfaces\{C40D08D6-60A1-4267-9621-6B93D99ADE2B} : DHCPNameServer = 192.168.11.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - H:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - H:\Program Files\Microsoft Office 15\root\office15\msosb.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - H:\Program Files (x86)\vShare\vshare_toolbar.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - H:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - H:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [AdobeAAMUpdater-1.0] "H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - H:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - h:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;H:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 ctxusbm;Citrix USB Monitor Driver;H:\Windows\System32\drivers\ctxusbm.sys [2011-8-10 91864]
    R2 L4301_Solar;Logitech Solar Keyboard Service;H:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
    R2 MBAMScheduler;MBAMScheduler;H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-8 398184]
    R2 MBAMService;MBAMService;H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-5-5 682344]
    R2 NisDrv;Microsoft Network Inspection System;H:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;H:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-9-24 341312]
    R2 nlsX86cc;NLS Service;H:\Windows\SysWOW64\NLSSRV32.EXE [2011-9-24 68928]
    R2 OfficeSvc;Microsoft Office Service;H:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-8-1 1494144]
    R2 PrintMagicService;PrintMagic Service;H:\Program Files (x86)\Print Magic PC\PrintMagic_Service.exe [2011-5-1 24064]
    R2 SplashtopRemoteService;SplashtopÆ Remote Service;H:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]
    R2 SSUService;Splashtop Software Updater Service;H:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    R2 UMVPFSrv;UMVPFSrv;H:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 vpnagent;Cisco AnyConnect VPN Agent;H:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    R3 BBUpdate;BBUpdate;H:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 CT20XUT.SYS;CT20XUT.SYS;H:\Windows\System32\drivers\CT20XUT.sys [2009-6-4 202776]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;H:\Windows\System32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;H:\Windows\System32\drivers\CTHWIUT.sys [2009-6-4 94744]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;H:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;H:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
    R3 LVRS64;Logitech RightSound Filter Driver;H:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    R3 LVUVC64;Logitech Webcam Pro 9000(UVC);H:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    R3 MBAMProtector;MBAMProtector;H:\Windows\System32\drivers\mbam.sys [2010-5-5 24176]
    R3 NisSrv;Microsoft Network Inspection;H:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 RTL8167;Realtek 8167 NT Driver;H:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    S2 BBSvc;BingBar Service;H:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;H:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;H:\Windows\System32\srvany.exe --> H:\Windows\System32\srvany.exe [?]
    S2 SkypeUpdate;Skype Updater;H:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;H:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-18 79360]
    S3 CT20XUT;CT20XUT;H:\Windows\System32\drivers\CT20XUT.sys [2009-6-4 202776]
    S3 CTEXFIFX;CTEXFIFX;H:\Windows\System32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
    S3 CTHWIUT;CTHWIUT;H:\Windows\System32\drivers\CTHWIUT.sys [2009-6-4 94744]
    S3 ivusb;Initio Driver for USB Default Controller;H:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;H:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;H:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-27 19456]
    S3 StorSvc;Storage Service;H:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SwitchBoard;Adobe SwitchBoard;H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;H:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-27 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;H:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;H:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-28 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;H:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== File Associations ===============
    .
    FileExt: .chm: chm.file="H:\Windows\hh.exe" %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-02-09 04:35:12 76232 ----a-w- H:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F82CEF0D-1469-45B7-BB09-EB547F490897}\offreg.dll
    2013-02-09 03:08:28 -------- d-sh--w- H:\$RECYCLE.BIN
    2013-02-09 03:05:26 9161176 ----a-w- H:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F82CEF0D-1469-45B7-BB09-EB547F490897}\mpengine.dll
    2013-02-09 02:57:50 98816 ----a-w- H:\Windows\sed.exe
    2013-02-09 02:57:50 256000 ----a-w- H:\Windows\PEV.exe
    2013-02-09 02:57:50 208896 ----a-w- H:\Windows\MBR.exe
    2013-02-09 02:38:00 564824 ----a-w- H:\Windows\System32\drivers\sptd.sys
    2013-02-09 01:51:08 -------- d-----w- H:\Program Files (x86)\ESET
    2013-02-09 01:42:32 -------- d-----w- H:\TDSSKiller_Quarantine
    2013-02-09 01:35:53 -------- d-----w- H:\Program Files (x86)\GPU-Z
    2013-02-09 01:12:44 -------- d-----w- H:\Program Files (x86)\EVGA Precision X
    2013-02-08 02:42:12 9161176 ------w- H:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-06 10:44:33 -------- d-----w- H:\Users\Amol\AppData\Local\storage
    2013-02-06 10:35:45 -------- d-----w- H:\Users\Amol\New folder
    2013-02-06 08:08:00 -------- d-----w- H:\Temp
    2013-02-01 23:28:37 -------- d-----w- H:\Users\Amol\AppData\Local\Unity
    2013-02-01 20:05:40 95648 ----a-w- H:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-01 03:10:01 -------- d-----r- H:\ESD
    2013-01-28 06:08:44 2923201 ----a-w- H:\Windows\System32\nvcoproc.bin
    2013-01-22 09:23:21 -------- d-----w- H:\Program Files (x86)\Evernote
    2013-01-18 21:33:03 -------- d-----w- H:\Users\Amol\AppData\Local\DDMSettings
    .
    ==================== Find3M ====================
    .
    2013-02-09 00:10:51 281688 ----a-w- H:\Windows\SysWow64\PnkBstrB.xtr
    2013-02-09 00:10:51 281688 ----a-w- H:\Windows\SysWow64\PnkBstrB.exe
    2013-02-08 10:00:20 74096 ----a-w- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 10:00:20 697712 ----a-w- H:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-01 20:05:35 861088 ----a-w- H:\Windows\SysWow64\npDeployJava1.dll
    2013-02-01 20:05:35 782240 ----a-w- H:\Windows\SysWow64\deployJava1.dll
    2013-01-30 10:53:22 273840 ------w- H:\Windows\System32\MpSigStub.exe
    2013-01-28 06:48:47 281688 ----a-w- H:\Windows\SysWow64\PnkBstrB.ex0
    2013-01-28 05:00:42 18960 ----a-w- H:\Windows\System32\drivers\LNonPnP.sys
    2012-12-29 10:54:24 550328 ----a-w- H:\Windows\SysWow64\nvStreaming.exe
    2012-12-29 08:40:27 6382008 ----a-w- H:\Windows\System32\nvcpl.dll
    2012-12-29 08:40:27 3455416 ----a-w- H:\Windows\System32\nvsvc64.dll
    2012-12-29 08:40:09 884152 ----a-w- H:\Windows\System32\nvvsvc.exe
    2012-12-29 08:40:09 63928 ----a-w- H:\Windows\System32\nvshext.dll
    2012-12-29 08:40:09 118712 ----a-w- H:\Windows\System32\nvmctray.dll
    2012-12-16 17:11:22 46080 ----a-w- H:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- H:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- H:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- H:\Windows\SysWow64\atmlib.dll
    2012-12-15 00:49:28 24176 ----a-w- H:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- H:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- H:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- H:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- H:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- H:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- H:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- H:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- H:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- H:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- H:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- H:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- H:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- H:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- H:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- H:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- H:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- H:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- H:\Windows\System32\esrb.rs
    2012-12-04 08:56:22 76888 ----a-w- H:\Windows\SysWow64\PnkBstrA.exe
    2012-11-30 05:45:35 362496 ----a-w- H:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- H:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- H:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- H:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- H:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- H:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- H:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- H:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- H:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- H:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- H:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- H:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- H:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- H:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- H:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- H:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- H:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- H:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- H:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- H:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- H:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- H:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- H:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- H:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- H:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- H:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- H:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- H:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- H:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- H:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- H:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- H:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- H:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- H:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- H:\Windows\SysWow64\mshtml.tlb
    2012-11-13 20:29:04 354216 ----a-w- H:\Windows\SysWow64\DivXControlPanelApplet.cpl
    .
    ============= FINISH: 20:40:23.21 ===============


    ATTACH.TXT
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/18/2009 5:35:41 PM
    System Uptime: 2/8/2013 7:21:28 PM (1 hours ago)
    .
    Motherboard: EVGA | | 132-BL-E758
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 423 | 2653/133mhz
    .
    ==== Disk Partitions =========================
    .
    D: is FIXED (NTFS) - 932 GiB total, 41.563 GiB free.
    E: is FIXED (NTFS) - 1863 GiB total, 1043.974 GiB free.
    G: is Removable
    H: is FIXED (NTFS) - 75 GiB total, 7.521 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&136CDFB0&0
    Manufacturer: Logitech
    Name: PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&136CDFB0&0
    Service: i8042prt
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP574: 2/7/2013 6:42:01 PM - Windows Update
    RP576: 2/8/2013 6:37:52 PM - SPTD setup V1.83
    RP577: 2/8/2013 6:40:09 PM - Device Driver Package Install: DT Soft Ltd System devices
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Digital Editions
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Photoshop CS5
    Amazon Kindle
    Amazon MP3 Uploader
    Anki
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Assassin's Creed II
    Assassin's Creed III
    Assassin's Creed III 1.01
    Audacity 1.3.12 (Unicode)
    Batman: Arkham Asylum
    Batman: Arkham Cityô
    Bing Bar
    BioShock 2
    Bonjour
    Borderlands 2
    Brain Workshop 4.8.1
    calibre
    Call of Duty Black Ops II Update 3 3.0.1
    Call of Duty: Black Ops
    CameraHelperMsi
    Canon MP490 series MP Drivers
    Cisco AnyConnect VPN Client
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    Conduit Engine
    Core Temp 1.0 RC3
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    CrysisÆ 2
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeskPins (remove only)
    Deus Ex - Human Revolution version 1.0
    Digsby
    Dishonored
    DivX Setup
    Dropbox
    Dual-Core Optimizer
    EasyBCD 2.0
    EndNote Web
    eReg
    erLT
    ESET Online Scanner v3
    Evernote v. 4.6.2
    EVGA Precision X 3.0.4
    F.lux
    Far Cry 3
    FIFA 12 (c) EA version 1
    Foxit Reader
    G*Power 3.1.4
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Grand Theft Auto: Episodes From Liberty City
    Handbrake 0.9.4
    HD Tune Pro 4.61
    IBM SPSS Statistics 20
    iCloud
    IntelÆ Solid-State Drive Toolbox
    Internet TV for Windows Media Center
    iTunes
    iTunesFolderWatch
    Java 7 Update 13
    Java Auto Updater
    JavaFX 2.1.1
    LAME v3.98.2 for Audacity
    Last.fm 1.5.4.27091
    Logitech SetPoint 6.22
    Logitech Solar App 1.0
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.70.0.1100
    Max Payne 3
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office 365 Home Premium Preview - en-us
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MKSAP for Students 4
    Mnemosyne 1.2.2
    Mp3tag v2.47b
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    NBA 2K13
    Netflix in Windows Media Center
    Nitro PDF Professional
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 310.90
    NVIDIA 3D Vision Driver 310.90
    NVIDIA Control Panel 310.90
    NVIDIA Graphics Driver 310.90
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Octoshape add-in for Adobe Flash Player
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Online Plug-in
    OpenAL
    PDF ePub DRM Removal
    PDF Settings CS5
    PDFZilla V1.2.9
    PhotoScape
    Picasa 3
    Portal 2
    Print Magic PC
    PunkBuster Services
    PVSonyDll
    QuickTime
    R for Windows 2.15.2
    Rapid Review - Pathology
    ResearchSoft Direct Export Helper
    Rockstar Games Social Club
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skypeô 5.10
    Sleeping Dogs version 1.4
    Sleeping Dogsô
    Splashtop Streamer
    Spotify
    SPSS Statistics 17.0
    Tales of Monkey Island - Lair of the Leviathan
    Tales of Monkey Island - Rise of the Pirate God
    Tales of Monkey Island - The Siege of Spinner Cay
    Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood
    TechPowerUp GPU-Z
    The Walking Dead (c) 3 version 1
    The.Walking.Dead
    uberOptions 4.80.5
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Uplay
    VC80CRTRedist - 8.0.50727.6195
    Veetle TV 0.9.18
    VLC media player 2.0.2
    vShare Plugin
    Win7codecs
    WinDjView 1.0.3
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WMP Tag Plus 1.2
    Wunderlist
    x64 Components v2.7.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/8/2013 7:21:43 PM, Error: Service Control Manager [7000] - The Secure II Driver service failed to start due to the following error: This driver has been blocked from loading
    2/8/2013 7:21:43 PM, Error: Application Popup [1060] - \??\H:\Windows\SysWow64\Drivers\LxrSII1d.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:21:33 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    2/8/2013 7:02:57 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/8/2013 7:02:36 PM, Error: Application Popup [1060] - \??\H:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/8/2013 6:49:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:45:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/8/2013 6:45:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/8/2013 6:45:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/8/2013 6:45:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/8/2013 6:45:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/8/2013 6:45:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/8/2013 6:45:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/8/2013 6:44:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2013 6:44:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2013 6:44:38 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2013 6:39:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    2/8/2013 5:23:10 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    2/6/2013 12:51:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    2/6/2013 12:51:29 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    was too long, so I attached it. sorry for the inconvenience.
     

    Attached Files:

    • ark.log
      File size:
      305.9 KB
      Views:
      1
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  4. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    Thanks for your help! I disabled windows firewall, MSE, and MBAM and made sure they would not start on startup, then restarted and ran combofix. Didn't get any errors or restarts during combofix. Here is the log:

    ComboFix 13-02-07.02 - Amol 02/11/2013 13:46:38.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9942 [GMT -8:00]
    Running from: h:\users\Amol\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-11 21:50 . 2013-02-11 21:50 -------- d-----w- h:\users\UpdatusUser\AppData\Local\temp
    2013-02-11 21:50 . 2013-02-11 21:50 -------- d-----w- h:\users\Default\AppData\Local\temp
    2013-02-10 20:33 . 2013-01-08 05:32 9161176 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF87A1BB-196C-413B-B977-29B6FC4B5147}\mpengine.dll
    2013-02-09 06:56 . 2013-02-09 06:56 -------- d-----w- h:\users\Amol\AppData\Local\28050
    2013-02-09 06:52 . 2013-02-09 06:52 283200 ----a-w- h:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-09 06:52 . 2013-02-09 06:52 -------- d-----w- h:\program files (x86)\DAEMON Tools Lite
    2013-02-09 03:05 . 2013-01-08 05:32 9161176 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-09 02:38 . 2013-02-09 02:38 564824 ----a-w- h:\windows\system32\drivers\sptd.sys
    2013-02-09 01:51 . 2013-02-09 01:51 -------- d-----w- h:\program files (x86)\ESET
    2013-02-09 01:42 . 2013-02-09 01:42 -------- d-----w- H:\TDSSKiller_Quarantine
    2013-02-09 01:35 . 2013-02-09 01:35 -------- d-----w- h:\program files (x86)\GPU-Z
    2013-02-09 01:12 . 2013-02-09 01:12 -------- d-----w- h:\program files (x86)\EVGA Precision X
    2013-02-06 10:44 . 2013-02-06 10:44 -------- d-----w- h:\users\Amol\AppData\Local\storage
    2013-02-06 10:44 . 2013-02-06 10:44 -------- d-----w- h:\programdata\Ubisoft
    2013-02-06 10:35 . 2013-02-06 10:35 -------- d-----w- h:\users\Amol\New folder
    2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- H:\Temp
    2013-02-01 23:28 . 2013-02-01 23:28 -------- d-----w- h:\users\Amol\AppData\Local\Unity
    2013-02-01 20:05 . 2013-02-01 20:05 95648 ----a-w- h:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-01 03:10 . 2013-02-01 03:10 -------- d-----r- H:\ESD
    2013-01-28 07:03 . 2013-01-28 07:03 -------- d-----w- h:\users\Amol\AppData\Roaming\DivX
    2013-01-28 06:23 . 2013-01-28 06:23 -------- d-----w- h:\program files (x86)\AGEIA Technologies
    2013-01-28 06:08 . 2012-12-29 08:40 2923201 ----a-w- h:\windows\system32\nvcoproc.bin
    2013-01-22 09:23 . 2013-01-22 09:23 -------- d-----w- h:\program files (x86)\Evernote
    2013-01-18 21:33 . 2013-01-18 21:33 -------- d-----w- h:\users\Amol\AppData\Local\DDMSettings
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-09 00:10 . 2012-12-04 08:56 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.exe
    2013-02-09 00:10 . 2012-12-01 00:02 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.xtr
    2013-02-08 10:00 . 2012-08-22 06:30 697712 ----a-w- h:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-08 10:00 . 2011-05-18 21:06 74096 ----a-w- h:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-01 20:05 . 2012-06-20 18:45 861088 ----a-w- h:\windows\SysWow64\npDeployJava1.dll
    2013-02-01 20:05 . 2010-06-05 19:27 782240 ----a-w- h:\windows\SysWow64\deployJava1.dll
    2013-01-30 10:53 . 2009-12-19 01:51 273840 ------w- h:\windows\system32\MpSigStub.exe
    2013-01-28 06:48 . 2012-11-30 23:59 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.ex0
    2013-01-28 05:00 . 2011-05-23 20:47 18960 ----a-w- h:\windows\system32\drivers\LNonPnP.sys
    2013-01-09 06:17 . 2009-12-19 17:16 67599240 ----a-w- h:\windows\system32\MRT.exe
    2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- h:\windows\SysWow64\nvStreaming.exe
    2012-12-29 10:34 . 2012-10-11 04:23 1504696 ----a-w- h:\windows\system32\nvdispgenco64.dll
    2012-12-29 10:34 . 2012-10-11 04:23 1107592 ----a-w- h:\windows\system32\nvumdshimx.dll
    2012-12-29 10:34 . 2011-10-25 20:42 1813432 ----a-w- h:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2011-10-25 20:42 15129064 ----a-w- h:\windows\SysWow64\nvd3dum.dll
    2012-12-29 10:34 . 2011-06-02 08:50 2504248 ----a-w- h:\windows\SysWow64\nvapi.dll
    2012-12-29 10:34 . 2009-09-28 07:12 2824656 ----a-w- h:\windows\system32\nvapi64.dll
    2012-12-29 10:34 . 2009-07-13 21:59 15052368 ----a-w- h:\windows\system32\nvwgf2umx.dll
    2012-12-29 08:40 . 2011-04-08 06:19 6382008 ----a-w- h:\windows\system32\nvcpl.dll
    2012-12-29 08:40 . 2011-04-08 06:19 3455416 ----a-w- h:\windows\system32\nvsvc64.dll
    2012-12-29 08:40 . 2011-04-08 06:19 118712 ----a-w- h:\windows\system32\nvmctray.dll
    2012-12-29 08:40 . 2011-04-08 06:19 884152 ----a-w- h:\windows\system32\nvvsvc.exe
    2012-12-29 08:40 . 2009-09-28 02:22 63928 ----a-w- h:\windows\system32\nvshext.dll
    2012-12-16 17:11 . 2013-01-07 15:28 46080 ----a-w- h:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2013-01-07 15:28 367616 ----a-w- h:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2013-01-07 15:28 295424 ----a-w- h:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2013-01-07 15:28 34304 ----a-w- h:\windows\SysWow64\atmlib.dll
    2012-12-15 00:49 . 2010-05-06 06:29 24176 ----a-w- h:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-09 06:16 441856 ----a-w- h:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 06:16 2746368 ----a-w- h:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 06:16 308736 ----a-w- h:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 06:16 2576384 ----a-w- h:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 06:16 30720 ----a-w- h:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 06:16 43520 ----a-w- h:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 06:16 23552 ----a-w- h:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 06:16 45568 ----a-w- h:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 06:16 44544 ----a-w- h:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 06:16 46592 ----a-w- h:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 06:16 40960 ----a-w- h:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 06:16 21504 ----a-w- h:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 06:16 15360 ----a-w- h:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 06:16 55296 ----a-w- h:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 06:16 51712 ----a-w- h:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 43520 ----a-w- h:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 06:16 30720 ----a-w- h:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 06:16 45568 ----a-w- h:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 06:16 44544 ----a-w- h:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 06:16 23552 ----a-w- h:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 06:16 46592 ----a-w- h:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 06:16 21504 ----a-w- h:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 40960 ----a-w- h:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 06:16 15360 ----a-w- h:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 06:16 55296 ----a-w- h:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 06:16 51712 ----a-w- h:\windows\SysWow64\esrb.rs
    2012-12-04 08:56 . 2012-12-04 08:56 76888 ----a-w- h:\windows\SysWow64\PnkBstrA.exe
    2012-11-30 05:45 . 2013-01-09 06:16 362496 ----a-w- h:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 06:16 243200 ----a-w- h:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 06:16 13312 ----a-w- h:\windows\system32\wow64cpu.dll
    2012-11-30 05:45 . 2013-01-09 06:16 215040 ----a-w- h:\windows\system32\winsrv.dll
    2012-11-30 05:43 . 2013-01-09 06:16 16384 ----a-w- h:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 06:16 424448 ----a-w- h:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 06:16 1161216 ----a-w- h:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 6144 ---ha-w- h:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 5120 ---ha-w- h:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:54 . 2013-01-09 06:16 5120 ----a-w- h:\windows\SysWow64\wow32.dll
    2012-11-30 04:53 . 2013-01-09 06:16 274944 ----a-w- h:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
    2010-09-06 20:06 432008 ----a-w- h:\program files (x86)\vShare\vshare_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 23:26 3908192 ----a-w- h:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "h:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [BU]
    "{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "h:\program files (x86)\vShare\vshare_toolbar.dll" [2010-09-06 432008]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "h:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
    [HKEY_CLASSES_ROOT\vShare.PugiObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
    [HKEY_CLASSES_ROOT\vShare.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="h:\users\Amol\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "2C50BD84456837F353041443527D4FC28EEEDB59._service_run"="h:\users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "iCloudServices"="h:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-18 59872]
    "ApplePhotoStreams"="h:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-18 59872]
    "SkyDrive"="h:\users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
    "MusicManager"="h:\users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
    "Spotify Web Helper"="h:\users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-28 1193176]
    "GoogleChromeAutoLaunch_C6D8647A41E7E844A10BCF9E67A0A68F"="h:\users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "DAEMON Tools Lite"="h:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "APSDaemon"="h:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "AdobeCS5ServiceManager"="h:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "ConnectionCenter"="h:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
    "amd_dc_opt"="h:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "QuickTime Task"="h:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "DivXUpdate"="h:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    "iTunesHelper"="h:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SunJavaUpdateSched"="h:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe"="h:\users\Amol\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    .
    h:\users\Amol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Blockify Service.lnk - d:\downloads\BlockifyService.exe [2011-7-30 896161]
    DeskPins.lnk - h:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]
    Dropbox.lnk - h:\users\Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    EvernoteClipper.lnk - h:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
    OneNote 2010 Screen Clipper and Launcher.lnk - h:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    OneNote 2013 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office 15\root\office15\onenotem.exe [2012-9-18 186672]
    .
    h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PrintMagic.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;h:\windows\system32\srvany.exe [x]
    R2 LxrSII1d;Secure II Driver;h:\windows\system32\Drivers\LxrSII1d.sys [x]
    R2 SkypeUpdate;Skype Updater;h:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R3 ALSysIO;ALSysIO;h:\users\Amol\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;h:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-19 79360]
    R3 CT20XUT;CT20XUT;h:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 202776]
    R3 CTEXFIFX;CTEXFIFX;h:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
    R3 CTHWIUT;CTHWIUT;h:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 94744]
    R3 ivusb;Initio Driver for USB Default Controller;h:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;h:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    R3 NisDrv;Microsoft Network Inspection System;h:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;h:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;h:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SwitchBoard;Adobe SwitchBoard;h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;h:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
    S0 sptd;sptd;h:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;h:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;h:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-09 283200]
    S2 BBSvc;BingBar Service;h:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 L4301_Solar;Logitech Solar Keyboard Service;h:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
    S2 MBAMScheduler;MBAMScheduler;h:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    S2 MBAMService;MBAMService;h:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;h:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
    S2 nlsX86cc;NLS Service;h:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
    S2 OfficeSvc;Microsoft Office Service;h:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-12 1494144]
    S2 PrintMagicService;PrintMagic Service;h:\program files (x86)\Print Magic PC\PrintMagic_Service.exe [2011-05-01 24064]
    S2 SplashtopRemoteService;Splashtop® Remote Service;h:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]
    S2 SSUService;Splashtop Software Updater Service;h:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    S2 UMVPFSrv;UMVPFSrv;h:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 vpnagent;Cisco AnyConnect VPN Agent;h:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    S3 BBUpdate;BBUpdate;h:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 CT20XUT.SYS;CT20XUT.SYS;h:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 202776]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;h:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;h:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 94744]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;h:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;h:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
    S3 LVRS64;Logitech RightSound Filter Driver;h:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech Webcam Pro 9000(UVC);h:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    S3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-10 h:\windows\Tasks\Adobe Flash Player Updater.job
    - h:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 10:00]
    .
    2013-02-11 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - h:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 07:28]
    .
    2013-02-10 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - h:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 07:28]
    .
    2013-02-10 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852737153-183856392-2395361809-1000Core.job
    - h:\users\Amol\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:08]
    .
    2013-02-10 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852737153-183856392-2395361809-1000UA.job
    - h:\users\Amol\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [BU]
    "EvtMgr6"="h:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "AdobeAAMUpdater-1.0"="h:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="h:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = h:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = h:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Evernote 4 - h:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - h:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: New Note - h:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - h:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    Trusted Zone: ucsd.edu\cwp
    Trusted Zone: ucsd.edu\vpn
    TCP: DhcpNameServer = 192.168.11.1
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - h:\program files (x86)\vShare\vshare_toolbar.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-51113258.sys
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-Application_X_1.0 - h:\windows\iun6002.exe
    AddRemove-Lair of the Leviathan - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland103.exe
    AddRemove-MKSAP for Students 4 - j:\mksap for students 4\uninst.exe
    AddRemove-Rise of the Pirate God - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland105.exe
    AddRemove-Sleeping Dogs_is1 - d:\games\Installs\Sleeping Dogs\unins000.exe
    AddRemove-The Siege of Spinner Cay - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland102.exe
    AddRemove-The Trial and Execution of Guybrush Threepwood - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland104.exe
    AddRemove-uberOptions - h:\program files\Logitech\SetPoint\uberOptions\uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-3852737153-183856392-2395361809-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\SecuROM\License information*]
    "datasecu"=hex:1b,39,84,f5,7f,6c,90,d6,e0,86,4e,54,a0,02,35,1b,ca,dc,62,ed,38,
    9d,23,66,1d,f2,d4,4c,86,1e,53,4f,c4,f0,36,9b,a8,3c,9a,74,4f,69,70,5e,c3,f1,\
    "rkeysecu"=hex:89,91,6d,af,56,4c,1a,4f,c8,43,8d,2e,bd,f0,27,c1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="h:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-11 13:52:04
    ComboFix-quarantined-files.txt 2013-02-11 21:52
    ComboFix2.txt 2013-02-09 03:04
    .
    Pre-Run: 8,481,239,040 bytes free
    Post-Run: 7,562,850,304 bytes free
    .
    - - End Of File - - DC803757F00C08A67922903AE0C0C300
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  6. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    Thanks so much for your help. I followed the instructions and combofix says that the upload was successful. If for some reason you are not able to see it I am happy to upload it to the other site you mentioned. Here is the new combofix log:

    ComboFix 13-02-12.01 - Amol 02/12/2013 1:07.3.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9816 [GMT -8:00]
    Running from: h:\users\Amol\Desktop\ComboFix.exe
    Command switches used :: h:\users\Amol\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-12 09:11 . 2013-02-12 09:11 -------- d-----w- h:\users\UpdatusUser\AppData\Local\temp
    2013-02-12 09:11 . 2013-02-12 09:11 -------- d-----w- h:\users\Default\AppData\Local\temp
    2013-02-12 08:10 . 2013-01-08 05:32 9161176 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FC9B2F0-B08A-42AC-8DF8-B7C8670CEFBB}\mpengine.dll
    2013-02-11 21:55 . 2013-01-08 05:32 9161176 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-09 06:56 . 2013-02-09 06:56 -------- d-----w- h:\users\Amol\AppData\Local\28050
    2013-02-09 06:52 . 2013-02-09 06:52 283200 ----a-w- h:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-09 06:52 . 2013-02-09 06:52 -------- d-----w- h:\program files (x86)\DAEMON Tools Lite
    2013-02-09 02:38 . 2013-02-09 02:38 564824 ----a-w- h:\windows\system32\drivers\sptd.sys
    2013-02-09 01:51 . 2013-02-09 01:51 -------- d-----w- h:\program files (x86)\ESET
    2013-02-09 01:42 . 2013-02-09 01:42 -------- d-----w- H:\TDSSKiller_Quarantine
    2013-02-09 01:35 . 2013-02-09 01:35 -------- d-----w- h:\program files (x86)\GPU-Z
    2013-02-09 01:12 . 2013-02-09 01:12 -------- d-----w- h:\program files (x86)\EVGA Precision X
    2013-02-06 10:44 . 2013-02-06 10:44 -------- d-----w- h:\users\Amol\AppData\Local\storage
    2013-02-06 10:44 . 2013-02-06 10:44 -------- d-----w- h:\programdata\Ubisoft
    2013-02-06 10:35 . 2013-02-06 10:35 -------- d-----w- h:\users\Amol\New folder
    2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- H:\Temp
    2013-02-01 23:28 . 2013-02-01 23:28 -------- d-----w- h:\users\Amol\AppData\Local\Unity
    2013-02-01 20:05 . 2013-02-01 20:05 95648 ----a-w- h:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-01 03:10 . 2013-02-01 03:10 -------- d-----r- H:\ESD
    2013-01-28 07:03 . 2013-01-28 07:03 -------- d-----w- h:\users\Amol\AppData\Roaming\DivX
    2013-01-28 06:23 . 2013-01-28 06:23 -------- d-----w- h:\program files (x86)\AGEIA Technologies
    2013-01-28 06:08 . 2012-12-29 08:40 2923201 ----a-w- h:\windows\system32\nvcoproc.bin
    2013-01-22 09:23 . 2013-01-22 09:23 -------- d-----w- h:\program files (x86)\Evernote
    2013-01-18 21:33 . 2013-01-18 21:33 -------- d-----w- h:\users\Amol\AppData\Local\DDMSettings
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-09 00:10 . 2012-12-04 08:56 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.exe
    2013-02-09 00:10 . 2012-12-01 00:02 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.xtr
    2013-02-08 10:00 . 2012-08-22 06:30 697712 ----a-w- h:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-08 10:00 . 2011-05-18 21:06 74096 ----a-w- h:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-01 20:05 . 2012-06-20 18:45 861088 ----a-w- h:\windows\SysWow64\npDeployJava1.dll
    2013-02-01 20:05 . 2010-06-05 19:27 782240 ----a-w- h:\windows\SysWow64\deployJava1.dll
    2013-01-30 10:53 . 2009-12-19 01:51 273840 ------w- h:\windows\system32\MpSigStub.exe
    2013-01-28 06:48 . 2012-11-30 23:59 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.ex0
    2013-01-28 05:00 . 2011-05-23 20:47 18960 ----a-w- h:\windows\system32\drivers\LNonPnP.sys
    2013-01-09 06:17 . 2009-12-19 17:16 67599240 ----a-w- h:\windows\system32\MRT.exe
    2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- h:\windows\SysWow64\nvStreaming.exe
    2012-12-29 10:34 . 2012-10-11 04:23 1504696 ----a-w- h:\windows\system32\nvdispgenco64.dll
    2012-12-29 10:34 . 2012-10-11 04:23 1107592 ----a-w- h:\windows\system32\nvumdshimx.dll
    2012-12-29 10:34 . 2011-10-25 20:42 1813432 ----a-w- h:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2011-10-25 20:42 15129064 ----a-w- h:\windows\SysWow64\nvd3dum.dll
    2012-12-29 10:34 . 2011-06-02 08:50 2504248 ----a-w- h:\windows\SysWow64\nvapi.dll
    2012-12-29 10:34 . 2009-09-28 07:12 2824656 ----a-w- h:\windows\system32\nvapi64.dll
    2012-12-29 10:34 . 2009-07-13 21:59 15052368 ----a-w- h:\windows\system32\nvwgf2umx.dll
    2012-12-29 08:40 . 2011-04-08 06:19 6382008 ----a-w- h:\windows\system32\nvcpl.dll
    2012-12-29 08:40 . 2011-04-08 06:19 3455416 ----a-w- h:\windows\system32\nvsvc64.dll
    2012-12-29 08:40 . 2011-04-08 06:19 118712 ----a-w- h:\windows\system32\nvmctray.dll
    2012-12-29 08:40 . 2011-04-08 06:19 884152 ----a-w- h:\windows\system32\nvvsvc.exe
    2012-12-29 08:40 . 2009-09-28 02:22 63928 ----a-w- h:\windows\system32\nvshext.dll
    2012-12-16 17:11 . 2013-01-07 15:28 46080 ----a-w- h:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2013-01-07 15:28 367616 ----a-w- h:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2013-01-07 15:28 295424 ----a-w- h:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2013-01-07 15:28 34304 ----a-w- h:\windows\SysWow64\atmlib.dll
    2012-12-15 00:49 . 2010-05-06 06:29 24176 ----a-w- h:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-09 06:16 441856 ----a-w- h:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 06:16 2746368 ----a-w- h:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 06:16 308736 ----a-w- h:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 06:16 2576384 ----a-w- h:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 06:16 30720 ----a-w- h:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 06:16 43520 ----a-w- h:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 06:16 23552 ----a-w- h:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 06:16 45568 ----a-w- h:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 06:16 44544 ----a-w- h:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 06:16 46592 ----a-w- h:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 06:16 40960 ----a-w- h:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 06:16 21504 ----a-w- h:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 06:16 15360 ----a-w- h:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 06:16 55296 ----a-w- h:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 06:16 51712 ----a-w- h:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 43520 ----a-w- h:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 06:16 30720 ----a-w- h:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 06:16 45568 ----a-w- h:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 06:16 44544 ----a-w- h:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 06:16 23552 ----a-w- h:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 06:16 46592 ----a-w- h:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 06:16 21504 ----a-w- h:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 40960 ----a-w- h:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 06:16 15360 ----a-w- h:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 06:16 55296 ----a-w- h:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 06:16 51712 ----a-w- h:\windows\SysWow64\esrb.rs
    2012-12-04 08:56 . 2012-12-04 08:56 76888 ----a-w- h:\windows\SysWow64\PnkBstrA.exe
    2012-11-30 05:45 . 2013-01-09 06:16 362496 ----a-w- h:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 06:16 243200 ----a-w- h:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 06:16 13312 ----a-w- h:\windows\system32\wow64cpu.dll
    2012-11-30 05:45 . 2013-01-09 06:16 215040 ----a-w- h:\windows\system32\winsrv.dll
    2012-11-30 05:43 . 2013-01-09 06:16 16384 ----a-w- h:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 06:16 424448 ----a-w- h:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 06:16 1161216 ----a-w- h:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 6144 ---ha-w- h:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 5120 ---ha-w- h:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:54 . 2013-01-09 06:16 5120 ----a-w- h:\windows\SysWow64\wow32.dll
    2012-11-30 04:53 . 2013-01-09 06:16 274944 ----a-w- h:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of h:\users\Amol\AppData\Local\28050 ----
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
    2010-09-06 20:06 432008 ----a-w- h:\program files (x86)\vShare\vshare_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 23:26 3908192 ----a-w- h:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "h:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [BU]
    "{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "h:\program files (x86)\vShare\vshare_toolbar.dll" [2010-09-06 432008]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "h:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
    [HKEY_CLASSES_ROOT\vShare.PugiObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
    [HKEY_CLASSES_ROOT\vShare.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="h:\users\Amol\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "2C50BD84456837F353041443527D4FC28EEEDB59._service_run"="h:\users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "iCloudServices"="h:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-18 59872]
    "ApplePhotoStreams"="h:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-18 59872]
    "SkyDrive"="h:\users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
    "MusicManager"="h:\users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
    "Spotify Web Helper"="h:\users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-28 1193176]
    "GoogleChromeAutoLaunch_C6D8647A41E7E844A10BCF9E67A0A68F"="h:\users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "DAEMON Tools Lite"="h:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "APSDaemon"="h:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "AdobeCS5ServiceManager"="h:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "ConnectionCenter"="h:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
    "amd_dc_opt"="h:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "QuickTime Task"="h:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "DivXUpdate"="h:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    "iTunesHelper"="h:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SunJavaUpdateSched"="h:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe"="h:\users\Amol\AppData\Roaming\Adobe\color.vbe" [2013-01-19 15361]
    .
    h:\users\Amol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Blockify Service.lnk - d:\downloads\BlockifyService.exe [2011-7-30 896161]
    DeskPins.lnk - h:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]
    Dropbox.lnk - h:\users\Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    EvernoteClipper.lnk - h:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
    OneNote 2010 Screen Clipper and Launcher.lnk - h:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    OneNote 2013 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office 15\root\office15\onenotem.exe [2012-9-18 186672]
    .
    h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PrintMagic.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BBSvc;BingBar Service;h:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;h:\windows\system32\srvany.exe [x]
    R2 LxrSII1d;Secure II Driver;h:\windows\system32\Drivers\LxrSII1d.sys [x]
    R2 SkypeUpdate;Skype Updater;h:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R3 ALSysIO;ALSysIO;h:\users\Amol\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;h:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-19 79360]
    R3 CT20XUT;CT20XUT;h:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 202776]
    R3 CTEXFIFX;CTEXFIFX;h:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
    R3 CTHWIUT;CTHWIUT;h:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 94744]
    R3 ivusb;Initio Driver for USB Default Controller;h:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;h:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    R3 NisDrv;Microsoft Network Inspection System;h:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;h:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;h:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SwitchBoard;Adobe SwitchBoard;h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;h:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
    S0 sptd;sptd;h:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;h:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;h:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-09 283200]
    S2 L4301_Solar;Logitech Solar Keyboard Service;h:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
    S2 MBAMScheduler;MBAMScheduler;h:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    S2 MBAMService;MBAMService;h:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;h:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
    S2 nlsX86cc;NLS Service;h:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
    S2 OfficeSvc;Microsoft Office Service;h:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-12 1494144]
    S2 PrintMagicService;PrintMagic Service;h:\program files (x86)\Print Magic PC\PrintMagic_Service.exe [2011-05-01 24064]
    S2 SplashtopRemoteService;Splashtop® Remote Service;h:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]
    S2 SSUService;Splashtop Software Updater Service;h:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    S2 UMVPFSrv;UMVPFSrv;h:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 vpnagent;Cisco AnyConnect VPN Agent;h:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    S3 BBUpdate;BBUpdate;h:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 CT20XUT.SYS;CT20XUT.SYS;h:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 202776]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;h:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;h:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 94744]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;h:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;h:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
    S3 LVRS64;Logitech RightSound Filter Driver;h:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech Webcam Pro 9000(UVC);h:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    S3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-12 h:\windows\Tasks\Adobe Flash Player Updater.job
    - h:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 10:00]
    .
    2013-02-12 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - h:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 07:28]
    .
    2013-02-12 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - h:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 07:28]
    .
    2013-02-10 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852737153-183856392-2395361809-1000Core.job
    - h:\users\Amol\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:08]
    .
    2013-02-12 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852737153-183856392-2395361809-1000UA.job
    - h:\users\Amol\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [BU]
    "EvtMgr6"="h:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "AdobeAAMUpdater-1.0"="h:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="h:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = h:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = h:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Evernote 4 - h:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - h:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: New Note - h:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - h:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    Trusted Zone: ucsd.edu\cwp
    Trusted Zone: ucsd.edu\vpn
    TCP: DhcpNameServer = 192.168.11.1
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - h:\program files (x86)\vShare\vshare_toolbar.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-Application_X_1.0 - h:\windows\iun6002.exe
    AddRemove-Lair of the Leviathan - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland103.exe
    AddRemove-MKSAP for Students 4 - j:\mksap for students 4\uninst.exe
    AddRemove-Rise of the Pirate God - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland105.exe
    AddRemove-Sleeping Dogs_is1 - d:\games\Installs\Sleeping Dogs\unins000.exe
    AddRemove-The Siege of Spinner Cay - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland102.exe
    AddRemove-The Trial and Execution of Guybrush Threepwood - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland104.exe
    AddRemove-uberOptions - h:\program files\Logitech\SetPoint\uberOptions\uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-3852737153-183856392-2395361809-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\SecuROM\License information*]
    "datasecu"=hex:1b,39,84,f5,7f,6c,90,d6,e0,86,4e,54,a0,02,35,1b,ca,dc,62,ed,38,
    9d,23,66,1d,f2,d4,4c,86,1e,53,4f,c4,f0,36,9b,a8,3c,9a,74,4f,69,70,5e,c3,f1,\
    "rkeysecu"=hex:89,91,6d,af,56,4c,1a,4f,c8,43,8d,2e,bd,f0,27,c1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="h:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-12 01:13:04
    ComboFix-quarantined-files.txt 2013-02-12 09:13
    ComboFix2.txt 2013-02-11 21:52
    ComboFix3.txt 2013-02-09 03:04
    .
    Pre-Run: 7,256,313,856 bytes free
    Post-Run: 7,339,126,784 bytes free
    .
    - - End Of File - - 0F741ECBED74D8B25B234EFCEAAB143C
    Upload was successful
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I am getting the encoded adobe vbe file decoded as I strongly suspect that it is responsible and isn't a genuine adobe file at all

    as soon as I get a response from the analysts, I will reply with further instructions
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    we are going to assume that the file & inspected is malicious and responsible for some if not all of your problems and remove it & its start up entry


    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  9. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    Hello, I ran the new CFscript with combofix and was prompted to restart which I allowed. However now my computer has booted to a black screen for over an hour. Is this normal?? What should I do? Thanks.
     
  10. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    My computer finally booted into windows. However, now none of my programs run! Whenever I select an application I get an error saying "Illegal operation attempted on a registry key that has been marked for deletion." I hope this is fixable??

    Here is the new log:
    ComboFix 13-02-12.01 - Amol 02/12/2013 12:34:23.4.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9622 [GMT -8:00]
    Running from: h:\users\Amol\Desktop\ComboFix.exe
    Command switches used :: h:\users\Amol\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "h:\users\Amol\AppData\Roaming\Adobe\color.vbe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    h:\users\Amol\AppData\Local\28050
    h:\users\Amol\AppData\Roaming\Adobe\color.vbe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_KMService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-12 20:38 . 2013-02-12 20:38 -------- d-----w- h:\users\UpdatusUser\AppData\Local\temp
    2013-02-12 20:38 . 2013-02-12 20:38 -------- d-----w- h:\users\Default\AppData\Local\temp
    2013-02-12 09:18 . 2013-01-08 05:32 9161176 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F88A2F09-B147-457B-AC89-0723C893E5F6}\mpengine.dll
    2013-02-11 21:55 . 2013-01-08 05:32 9161176 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-09 06:52 . 2013-02-09 06:52 283200 ----a-w- h:\windows\system32\drivers\dtsoftbus01.sys
    2013-02-09 06:52 . 2013-02-09 06:52 -------- d-----w- h:\program files (x86)\DAEMON Tools Lite
    2013-02-09 02:38 . 2013-02-09 02:38 564824 ----a-w- h:\windows\system32\drivers\sptd.sys
    2013-02-09 01:51 . 2013-02-09 01:51 -------- d-----w- h:\program files (x86)\ESET
    2013-02-09 01:42 . 2013-02-09 01:42 -------- d-----w- H:\TDSSKiller_Quarantine
    2013-02-09 01:35 . 2013-02-09 01:35 -------- d-----w- h:\program files (x86)\GPU-Z
    2013-02-09 01:12 . 2013-02-09 01:12 -------- d-----w- h:\program files (x86)\EVGA Precision X
    2013-02-06 10:44 . 2013-02-06 10:44 -------- d-----w- h:\users\Amol\AppData\Local\storage
    2013-02-06 10:44 . 2013-02-06 10:44 -------- d-----w- h:\programdata\Ubisoft
    2013-02-06 10:35 . 2013-02-06 10:35 -------- d-----w- h:\users\Amol\New folder
    2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- H:\Temp
    2013-02-01 23:28 . 2013-02-01 23:28 -------- d-----w- h:\users\Amol\AppData\Local\Unity
    2013-02-01 20:05 . 2013-02-01 20:05 95648 ----a-w- h:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-01 03:10 . 2013-02-01 03:10 -------- d-----r- H:\ESD
    2013-01-28 07:03 . 2013-01-28 07:03 -------- d-----w- h:\users\Amol\AppData\Roaming\DivX
    2013-01-28 06:23 . 2013-01-28 06:23 -------- d-----w- h:\program files (x86)\AGEIA Technologies
    2013-01-28 06:08 . 2012-12-29 08:40 2923201 ----a-w- h:\windows\system32\nvcoproc.bin
    2013-01-22 09:23 . 2013-01-22 09:23 -------- d-----w- h:\program files (x86)\Evernote
    2013-01-18 21:33 . 2013-01-18 21:33 -------- d-----w- h:\users\Amol\AppData\Local\DDMSettings
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-09 00:10 . 2012-12-04 08:56 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.exe
    2013-02-09 00:10 . 2012-12-01 00:02 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.xtr
    2013-02-08 10:00 . 2012-08-22 06:30 697712 ----a-w- h:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-08 10:00 . 2011-05-18 21:06 74096 ----a-w- h:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-01 20:05 . 2012-06-20 18:45 861088 ----a-w- h:\windows\SysWow64\npDeployJava1.dll
    2013-02-01 20:05 . 2010-06-05 19:27 782240 ----a-w- h:\windows\SysWow64\deployJava1.dll
    2013-01-30 10:53 . 2009-12-19 01:51 273840 ------w- h:\windows\system32\MpSigStub.exe
    2013-01-28 06:48 . 2012-11-30 23:59 281688 ----a-w- h:\windows\SysWow64\PnkBstrB.ex0
    2013-01-28 05:00 . 2011-05-23 20:47 18960 ----a-w- h:\windows\system32\drivers\LNonPnP.sys
    2013-01-09 06:17 . 2009-12-19 17:16 67599240 ----a-w- h:\windows\system32\MRT.exe
    2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- h:\windows\SysWow64\nvStreaming.exe
    2012-12-29 10:34 . 2012-10-11 04:23 1504696 ----a-w- h:\windows\system32\nvdispgenco64.dll
    2012-12-29 10:34 . 2012-10-11 04:23 1107592 ----a-w- h:\windows\system32\nvumdshimx.dll
    2012-12-29 10:34 . 2011-10-25 20:42 1813432 ----a-w- h:\windows\system32\nvdispco64.dll
    2012-12-29 10:34 . 2011-10-25 20:42 15129064 ----a-w- h:\windows\SysWow64\nvd3dum.dll
    2012-12-29 10:34 . 2011-06-02 08:50 2504248 ----a-w- h:\windows\SysWow64\nvapi.dll
    2012-12-29 10:34 . 2009-09-28 07:12 2824656 ----a-w- h:\windows\system32\nvapi64.dll
    2012-12-29 10:34 . 2009-07-13 21:59 15052368 ----a-w- h:\windows\system32\nvwgf2umx.dll
    2012-12-29 08:40 . 2011-04-08 06:19 6382008 ----a-w- h:\windows\system32\nvcpl.dll
    2012-12-29 08:40 . 2011-04-08 06:19 3455416 ----a-w- h:\windows\system32\nvsvc64.dll
    2012-12-29 08:40 . 2011-04-08 06:19 118712 ----a-w- h:\windows\system32\nvmctray.dll
    2012-12-29 08:40 . 2011-04-08 06:19 884152 ----a-w- h:\windows\system32\nvvsvc.exe
    2012-12-29 08:40 . 2009-09-28 02:22 63928 ----a-w- h:\windows\system32\nvshext.dll
    2012-12-16 17:11 . 2013-01-07 15:28 46080 ----a-w- h:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2013-01-07 15:28 367616 ----a-w- h:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2013-01-07 15:28 295424 ----a-w- h:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2013-01-07 15:28 34304 ----a-w- h:\windows\SysWow64\atmlib.dll
    2012-12-15 00:49 . 2010-05-06 06:29 24176 ----a-w- h:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-09 06:16 441856 ----a-w- h:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 06:16 2746368 ----a-w- h:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 06:16 308736 ----a-w- h:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 06:16 2576384 ----a-w- h:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 06:16 30720 ----a-w- h:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 06:16 43520 ----a-w- h:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 06:16 23552 ----a-w- h:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 06:16 45568 ----a-w- h:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 06:16 44544 ----a-w- h:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 06:16 20480 ----a-w- h:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 06:16 46592 ----a-w- h:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 06:16 40960 ----a-w- h:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 06:16 21504 ----a-w- h:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 06:16 15360 ----a-w- h:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 06:16 55296 ----a-w- h:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 06:16 51712 ----a-w- h:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 43520 ----a-w- h:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 06:16 30720 ----a-w- h:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 06:16 45568 ----a-w- h:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 06:16 44544 ----a-w- h:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 06:16 23552 ----a-w- h:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 06:16 46592 ----a-w- h:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 20480 ----a-w- h:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 06:16 21504 ----a-w- h:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 06:16 40960 ----a-w- h:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 06:16 15360 ----a-w- h:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 06:16 55296 ----a-w- h:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 06:16 51712 ----a-w- h:\windows\SysWow64\esrb.rs
    2012-12-04 08:56 . 2012-12-04 08:56 76888 ----a-w- h:\windows\SysWow64\PnkBstrA.exe
    2012-11-30 05:45 . 2013-01-09 06:16 362496 ----a-w- h:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 06:16 243200 ----a-w- h:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 06:16 13312 ----a-w- h:\windows\system32\wow64cpu.dll
    2012-11-30 05:45 . 2013-01-09 06:16 215040 ----a-w- h:\windows\system32\winsrv.dll
    2012-11-30 05:43 . 2013-01-09 06:16 16384 ----a-w- h:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 06:16 424448 ----a-w- h:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 06:16 1161216 ----a-w- h:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 6144 ---ha-w- h:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 5120 ---ha-w- h:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3584 ---ha-w- h:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 06:16 3072 ---ha-w- h:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:54 . 2013-01-09 06:16 5120 ----a-w- h:\windows\SysWow64\wow32.dll
    2012-11-30 04:53 . 2013-01-09 06:16 274944 ----a-w- h:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 06:16 4608 ---ha-w- h:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 06:16 4096 ---ha-w- h:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
    2010-09-06 20:06 432008 ----a-w- h:\program files (x86)\vShare\vshare_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 23:26 3908192 ----a-w- h:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "h:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [BU]
    "{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "h:\program files (x86)\vShare\vshare_toolbar.dll" [2010-09-06 432008]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "h:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
    [HKEY_CLASSES_ROOT\vShare.PugiObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
    [HKEY_CLASSES_ROOT\vShare.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-16 02:16 222712 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-09-19 03:42 2042528 ----a-w- h:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="h:\users\Amol\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "2C50BD84456837F353041443527D4FC28EEEDB59._service_run"="h:\users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "iCloudServices"="h:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-18 59872]
    "ApplePhotoStreams"="h:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-18 59872]
    "SkyDrive"="h:\users\Amol\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
    "MusicManager"="h:\users\Amol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
    "Spotify Web Helper"="h:\users\Amol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-28 1193176]
    "GoogleChromeAutoLaunch_C6D8647A41E7E844A10BCF9E67A0A68F"="h:\users\Amol\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "DAEMON Tools Lite"="h:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "APSDaemon"="h:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "AdobeCS5ServiceManager"="h:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "ConnectionCenter"="h:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
    "amd_dc_opt"="h:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "QuickTime Task"="h:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "DivXUpdate"="h:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    "iTunesHelper"="h:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SunJavaUpdateSched"="h:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    h:\users\Amol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Blockify Service.lnk - d:\downloads\BlockifyService.exe [2011-7-30 896161]
    DeskPins.lnk - h:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]
    Dropbox.lnk - h:\users\Amol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    EvernoteClipper.lnk - h:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
    OneNote 2010 Screen Clipper and Launcher.lnk - h:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    OneNote 2013 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office 15\root\office15\onenotem.exe [2012-9-18 186672]
    .
    h:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PrintMagic.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;h:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LxrSII1d;Secure II Driver;h:\windows\system32\Drivers\LxrSII1d.sys [x]
    R2 MBAMService;MBAMService;h:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    R3 ALSysIO;ALSysIO;h:\users\Amol\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BBUpdate;BBUpdate;h:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;h:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-19 79360]
    R3 CT20XUT;CT20XUT;h:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 202776]
    R3 CTEXFIFX;CTEXFIFX;h:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
    R3 CTHWIUT;CTHWIUT;h:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 94744]
    R3 ivusb;Initio Driver for USB Default Controller;h:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;h:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    R3 NisDrv;Microsoft Network Inspection System;h:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;h:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;h:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 SwitchBoard;Adobe SwitchBoard;h:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;h:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;h:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
    S0 sptd;sptd;h:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;h:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;h:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-09 283200]
    S2 BBSvc;BingBar Service;h:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 L4301_Solar;Logitech Solar Keyboard Service;h:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
    S2 MBAMScheduler;MBAMScheduler;h:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;h:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
    S2 nlsX86cc;NLS Service;h:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
    S2 OfficeSvc;Microsoft Office Service;h:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-12 1494144]
    S2 PrintMagicService;PrintMagic Service;h:\program files (x86)\Print Magic PC\PrintMagic_Service.exe [2011-05-01 24064]
    S2 SkypeUpdate;Skype Updater;h:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    S2 SplashtopRemoteService;SplashtopÆ Remote Service;h:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]
    S2 SSUService;Splashtop Software Updater Service;h:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;h:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    S2 UMVPFSrv;UMVPFSrv;h:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 vpnagent;Cisco AnyConnect VPN Agent;h:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    S3 CT20XUT.SYS;CT20XUT.SYS;h:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 202776]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;h:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;h:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 94744]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;h:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;h:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
    S3 LVRS64;Logitech RightSound Filter Driver;h:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech Webcam Pro 9000(UVC);h:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    S3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-12 h:\windows\Tasks\Adobe Flash Player Updater.job
    - h:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 10:00]
    .
    2013-02-12 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - h:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 07:28]
    .
    2013-02-12 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - h:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 07:28]
    .
    2013-02-10 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852737153-183856392-2395361809-1000Core.job
    - h:\users\Amol\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:08]
    .
    2013-02-12 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3852737153-183856392-2395361809-1000UA.job
    - h:\users\Amol\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-11-16 02:16 261624 ----a-w- h:\users\Amol\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-09-19 03:43 2860192 ----a-w- h:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- h:\users\Amol\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [BU]
    "EvtMgr6"="h:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "AdobeAAMUpdater-1.0"="h:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "MSC"="h:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = h:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = h:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Evernote 4 - h:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
    IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - h:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: New Note - h:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - h:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    Trusted Zone: ucsd.edu\cwp
    Trusted Zone: ucsd.edu\vpn
    TCP: DhcpNameServer = 192.168.11.1
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - h:\program files (x86)\vShare\vshare_toolbar.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-Application_X_1.0 - h:\windows\iun6002.exe
    AddRemove-Lair of the Leviathan - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland103.exe
    AddRemove-MKSAP for Students 4 - j:\mksap for students 4\uninst.exe
    AddRemove-Rise of the Pirate God - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland105.exe
    AddRemove-Sleeping Dogs_is1 - d:\games\Installs\Sleeping Dogs\unins000.exe
    AddRemove-The Siege of Spinner Cay - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland102.exe
    AddRemove-The Trial and Execution of Guybrush Threepwood - c:\program files (x86)\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland104.exe
    AddRemove-uberOptions - h:\program files\Logitech\SetPoint\uberOptions\uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-3852737153-183856392-2395361809-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3852737153-183856392-2395361809-1000\Software\SecuROM\License information*]
    "datasecu"=hex:1b,39,84,f5,7f,6c,90,d6,e0,86,4e,54,a0,02,35,1b,ca,dc,62,ed,38,
    9d,23,66,1d,f2,d4,4c,86,1e,53,4f,c4,f0,36,9b,a8,3c,9a,74,4f,69,70,5e,c3,f1,\
    "rkeysecu"=hex:89,91,6d,af,56,4c,1a,4f,c8,43,8d,2e,bd,f0,27,c1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="h:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="h:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="h:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    h:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    h:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    h:\windows\SysWOW64\PnkBstrA.exe
    h:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-12 13:16:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-12 21:16
    ComboFix2.txt 2013-02-12 09:13
    ComboFix3.txt 2013-02-11 21:52
    ComboFix4.txt 2013-02-09 03:04
    .
    Pre-Run: 6,939,541,504 bytes free
    Post-Run: 6,401,204,224 bytes free
    .
    - - End Of File - - F70C4909EC8B88161F79DC71DEF76567
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    reboot again & that error message will go away
     
  12. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    Ahh ok. Everything is ok now :) thanks for the quick reply!

    If I'm not mistaken it also looks like the fix worked because when I restarted and scanned my computer with MBAM it did not detect any viruses/malware. Also my GPU usage went back down to 0% at idle!
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that is good

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  14. ams387

    ams387 Thread Starter

    Joined:
    Feb 8, 2013
    Messages:
    8
    Thanks for all your help!!! I was able to update all my apps and windows, and followed the directions on thespykiller website to keep my computer safe from future attacks. Everything seems to be running well now. Again, thanks so much, I really appreciate it.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088772

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice