Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log: please help diagnose


  • This topic is locked This topic is locked
20 replies to this topic

#1 dk59

dk59

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 08 February 2013 - 08:18 PM

Hi for whatever reason I was attempting to copy the text from my log file in notepad, but when I attepted to paste it here the paste option was not highlighted, hopefully you can still help me. I'm getting very high usage from IE and it's killing performance.

Attached Files



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Malware Response Team
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 11 February 2013 - 04:42 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. welcome.gif

 

Please download DDS by sUBs from one of the following links.  Save it to your Desktop.
 



NOTE:  Before scanning, make sure all other running programs are closed.
There shouldn't be any scheduled antivirus scans running while the scan is being performed.
Do not use your computer for anything else during the scan.
 

  • Double click on the DDS icon and allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.

 

 

 

=====

 

Also, please download AdwCleaner by Xplode onto your Desktop.
 

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

 

=====

 

In your reply please post the contents of the following:

 

  • DDS.txt.
  • AdwCleaner[R1].txt.

Edited by The Dark Knight, 11 February 2013 - 04:43 AM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 03:36 AM

Attached File  AdwCleanerR1.txt   2.22KB   1 downloads

Attached File  DDS.txt   19.59KB   3 downloads

 

 

 

Thanks for the help here is the info requested


Edited by dk59, 12 February 2013 - 03:40 AM.


#4 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Malware Response Team
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 12 February 2013 - 04:55 AM

Hey dk59,

Please post the contents of your logs, as that makes it easier to analyse them. Thanks. smile.png

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 12:14 PM

I don't know why I'm having this problem, but I copy the text from notepad, and when I attempt to paste it into the message here, the paste option is not highlighted....



#6 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 12:17 PM

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 03:38:30
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kelly - KELLY-PC
# Boot Mode : Normal
# Running from : C:\Users\Kelly\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****

Found : Partner Service

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Partner

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1021105262-3251193905-571662524-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2149 octets] - [12/02/2013 03:38:30]

########## EOF - C:\AdwCleaner[R1].txt - [2209 octets] ##########
 



#7 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 12:19 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.5.1
Run by Kelly at 3:25:33 on 2013-02-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4044.2685 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\lxdvcoms.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B34B97BF-FB3C-4695-B061-3B185FBDB9CC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B34B97BF-FB3C-4695-B061-3B185FBDB9CC}\25F6765627373323934373 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F4065A9D-2B6E-4F05-8C31-BCDE0FFC77D0} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.toshiba.ca/welcome
x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0604010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0604010.00E\symefa64.sys [2013-2-5 1129120]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys [2013-2-5 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130209.002\IDSviA64.sys [2013-2-11 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0604010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\0604010.00E\symnets.sys [2013-2-5 405624]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 lxdv_device;lxdv_device;C:\windows\System32\lxdvcoms.exe -service --> C:\windows\System32\lxdvcoms.exe -service [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe [2013-2-5 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-12 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-9 138912]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-2-12 9216]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2013-2-9 117912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-12 38096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\drivers\Smb_driver_Intel.sys [2013-2-10 44344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\lxdvserv.exe [2007-10-18 33448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2012-2-12 42096]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-2-12 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-2-12 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-12 243712]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-12 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-12 08:11:30 530048 ----a-w- C:\windows\System32\UCI64A76.dll
2013-02-12 08:11:28 1581184 ----a-w- C:\windows\System32\drivers\CHDRT64.sys
2013-02-12 08:11:28 1563264 ----a-w- C:\windows\System32\CX64AP48.dll
2013-02-11 19:30:48 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2013-02-11 19:20:18 -------- d-----w- C:\Users\Kelly\AppData\Local\LogMeIn Rescue Applet
2013-02-11 18:19:09 -------- d-----w- C:\ProgramData\Cisco Systems
2013-02-11 00:02:03 44344 ----a-w- C:\windows\System32\drivers\Smb_driver_Intel.sys
2013-02-09 23:36:00 -------- d-----w- C:\windows\pss
2013-02-09 23:07:23 3752448 ----a-w- C:\windows\System32\drivers\athrx.sys
2013-02-09 23:04:52 117912 ----a-w- C:\windows\System32\drivers\L1C62x64.sys
2013-02-09 00:48:43 388096 ----a-r- C:\Users\Kelly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-09 00:48:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-02-06 23:29:38 671744 ----a-w- C:\windows\System32\LXDVhcp.dll
2013-02-06 23:29:38 524800 ----a-w- C:\windows\System32\LXDVinst.dll
2013-02-06 23:29:28 -------- d-----w- C:\Program Files\Lexmark X5400 Series
2013-02-06 23:08:53 5332896 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2013-02-06 23:08:48 80384 ----a-w- C:\windows\System32\igdde64.dll
2013-02-06 23:08:48 64512 ----a-w- C:\windows\SysWow64\igdde32.dll
2013-02-06 23:08:45 963452 ----a-w- C:\windows\SysWow64\igcodeckrng600.bin
2013-02-06 23:08:45 963452 ----a-w- C:\windows\System32\igcodeckrng600.bin
2013-02-06 23:08:41 12887552 ----a-w- C:\windows\System32\ig4icd64.dll
2013-02-06 23:08:40 10674176 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2013-02-06 23:08:39 5903392 ----a-w- C:\windows\System32\GfxUI.exe
2013-02-06 23:08:39 399392 ----a-w- C:\windows\System32\hkcmd.exe
2013-02-06 23:08:38 173568 ----a-w- C:\windows\System32\gfxSrvc.dll
2013-02-06 23:08:37 185376 ----a-w- C:\windows\System32\difx64.exe
2013-02-06 22:59:03 -------- d-----w- C:\Users\Kelly\AppData\Local\Innovative Solutions
2013-02-06 22:59:00 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2013-02-06 22:36:08 -------- d-----w- C:\Users\Kelly\AppData\Roaming\PCCUStubInstaller
2013-02-06 22:17:11 138240 ----a-w- C:\windows\System32\Spool\prtprocs\x64\lxdvdrpp.dll
2013-02-06 22:08:27 45568 ----a-w- C:\windows\System32\LXDVPMON.DLL
2013-02-06 22:08:27 14336 ----a-w- C:\windows\System32\LXDVFXPU.DLL
2013-02-06 22:08:07 69632 ----a-w- C:\windows\System32\lxdvoem.dll
2013-02-06 22:08:07 3584 ----a-w- C:\windows\System32\LXDVPMRC.DLL
2013-02-06 22:08:06 -------- d-----w- C:\ProgramData\X5400 Series
2013-02-06 21:42:20 32676 ----a-w- C:\ProgramData\SPL4522.tmp
2013-02-06 21:42:13 32676 ----a-w- C:\ProgramData\SPL2A24.tmp
2013-02-06 21:35:46 32676 ----a-w- C:\ProgramData\SPL4090.tmp
2013-02-06 03:25:19 405624 ----a-r- C:\windows\System32\drivers\N360x64\0604010.00E\symnets.sys
2013-02-06 03:25:18 737952 ----a-w- C:\windows\System32\drivers\N360x64\0604010.00E\srtsp64.sys
2013-02-06 03:25:18 451192 ----a-r- C:\windows\System32\drivers\N360x64\0604010.00E\symds64.sys
2013-02-06 03:25:18 37536 ----a-w- C:\windows\System32\drivers\N360x64\0604010.00E\srtspx64.sys
2013-02-06 03:25:18 190072 ----a-r- C:\windows\System32\drivers\N360x64\0604010.00E\ironx64.sys
2013-02-06 03:25:18 167072 ----a-w- C:\windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys
2013-02-06 03:25:18 1129120 ----a-w- C:\windows\System32\drivers\N360x64\0604010.00E\symefa64.sys
2013-02-06 03:24:57 -------- d-----w- C:\windows\System32\drivers\N360x64\0604010.00E
.
==================== Find3M  ====================
.
2013-02-08 02:26:26 74096 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 02:26:26 697712 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
.
============= FINISH:  3:26:21.25 ===============
 



#8 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Malware Response Team
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 12 February 2013 - 09:20 PM

Good afternoon dk59,

That paste issue you mentioned sounds like a bug. The new upgrade hasn't been perfect, and bugs like the one you describe are currently being fixed.

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
  • When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.


=====

 

Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply I would like to see the reports from AdwCleaner and ComboFix please.


Edited by The Dark Knight, 12 February 2013 - 09:21 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 10:17 PM

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 22:04:37
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kelly - KELLY-PC
# Boot Mode : Normal
# Running from : C:\Users\Kelly\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Partner Service

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2270 octets] - [12/02/2013 03:38:30]
AdwCleaner[S1].txt - [2107 octets] - [12/02/2013 22:04:37]

########## EOF - C:\AdwCleaner[S1].txt - [2167 octets] ##########
 



#10 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 10:43 PM

Combofix says that Norton 360 antispyware is still running, for all of my searching I can't see how to disable it.



#11 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 February 2013 - 11:27 PM

I turned everything that I could see off, the log shows that Norton 360 SP was enabled.

 

 

ComboFix 13-02-12.01 - Kelly 12/02/2013  22:49:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4044.2726 [GMT -5:00]
Running from: c:\users\Kelly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9I2OSM2\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL2A24.tmp
c:\programdata\SPL4090.tmp
c:\programdata\SPL4522.tmp
c:\programdata\SPLA138.tmp
c:\programdata\SPLAC78.tmp
c:\programdata\SPLE1C0.tmp
c:\programdata\SPLF3D1.tmp
c:\users\Kelly\Documents\~WRD0000.tmp
c:\users\Kelly\Documents\~WRL0001.tmp
c:\users\Kelly\Documents\~WRL0002.tmp
c:\users\Kelly\Documents\~WRL0003.tmp
c:\users\Kelly\Documents\~WRL0004.tmp
c:\users\Kelly\Documents\~WRL0005.tmp
c:\users\Kelly\Documents\~WRL0006.tmp
c:\users\Kelly\Documents\~WRL0007.tmp
c:\users\Kelly\Documents\~WRL0008.tmp
c:\users\Kelly\Documents\~WRL0009.tmp
c:\users\Kelly\Documents\~WRL0010.tmp
c:\users\Kelly\Documents\~WRL0011.tmp
c:\users\Kelly\Documents\~WRL0012.tmp
c:\users\Kelly\Documents\~WRL0013.tmp
c:\users\Kelly\Documents\~WRL0014.tmp
c:\users\Kelly\Documents\~WRL0015.tmp
c:\users\Kelly\Documents\~WRL0016.tmp
c:\users\Kelly\Documents\~WRL0017.tmp
c:\users\Kelly\Documents\~WRL0033.tmp
c:\users\Kelly\Documents\~WRL0635.tmp
c:\users\Kelly\Documents\~WRL0715.tmp
c:\users\Kelly\Documents\~WRL1307.tmp
c:\users\Kelly\Documents\~WRL1621.tmp
c:\users\Kelly\Documents\~WRL1917.tmp
c:\users\Kelly\Documents\~WRL1952.tmp
c:\users\Kelly\Documents\~WRL1958.tmp
c:\users\Kelly\Documents\~WRL2128.tmp
c:\users\Kelly\Documents\~WRL2131.tmp
c:\users\Kelly\Documents\~WRL2459.tmp
c:\users\Kelly\Documents\~WRL2794.tmp
c:\users\Kelly\Documents\~WRL2840.tmp
c:\users\Kelly\Documents\~WRL3102.tmp
c:\users\Kelly\Documents\~WRL3388.tmp
c:\users\Kelly\Documents\~WRL3445.tmp
c:\users\Kelly\Documents\~WRL3530.tmp
c:\users\Kelly\Documents\~WRL3859.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-13 to 2013-02-13  )))))))))))))))))))))))))))))))
.
.
2013-02-13 04:00 . 2013-02-13 04:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-12 08:11 . 2011-04-11 22:01 530048 ----a-w- c:\windows\system32\UCI64A76.dll
2013-02-12 08:11 . 2011-04-15 19:24 1563264 ----a-w- c:\windows\system32\CX64AP48.dll
2013-02-12 08:11 . 2011-03-10 22:01 1581184 ----a-w- c:\windows\system32\drivers\CHDRT64.sys
2013-02-11 19:30 . 2013-02-11 19:30 -------- d-----w- c:\program files (x86)\Cisco Systems
2013-02-11 19:20 . 2013-02-12 07:59 -------- d-----w- c:\users\Kelly\AppData\Local\LogMeIn Rescue Applet
2013-02-11 18:19 . 2013-02-11 18:19 -------- d-----w- c:\programdata\Cisco Systems
2013-02-11 00:02 . 2012-10-18 05:19 44344 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-02-09 23:07 . 2012-09-18 05:33 3752448 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-02-09 23:04 . 2012-09-24 22:25 117912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2013-02-09 00:48 . 2013-02-09 00:48 388096 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-09 00:48 . 2013-02-09 00:48 -------- d-----w- c:\program files (x86)\Trend Micro
2013-02-06 23:29 . 2007-09-20 21:28 671744 ----a-w- c:\windows\system32\LXDVhcp.dll
2013-02-06 23:29 . 2007-09-20 21:28 524800 ----a-w- c:\windows\system32\LXDVinst.dll
2013-02-06 23:29 . 2013-02-06 23:30 -------- d-----w- c:\program files\Lexmark X5400 Series
2013-02-06 23:08 . 2012-10-24 11:52 5332896 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2013-02-06 23:08 . 2012-10-24 11:52 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2013-02-06 23:08 . 2012-10-24 11:52 80384 ----a-w- c:\windows\system32\igdde64.dll
2013-02-06 23:08 . 2012-10-24 11:52 963452 ----a-w- c:\windows\SysWow64\igcodeckrng600.bin
2013-02-06 23:08 . 2012-10-24 11:52 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
2013-02-06 23:08 . 2012-10-24 11:52 12887552 ----a-w- c:\windows\system32\ig4icd64.dll
2013-02-06 23:08 . 2012-10-24 11:52 10674176 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2013-02-06 23:08 . 2012-10-24 11:52 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2013-02-06 23:08 . 2012-10-24 11:52 399392 ----a-w- c:\windows\system32\hkcmd.exe
2013-02-06 23:08 . 2012-10-24 11:52 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2013-02-06 23:08 . 2012-10-24 11:52 185376 ----a-w- c:\windows\system32\difx64.exe
2013-02-06 22:59 . 2013-02-06 22:59 -------- d-----w- c:\users\Kelly\AppData\Local\Innovative Solutions
2013-02-06 22:59 . 2013-02-06 22:59 -------- d-----w- c:\program files (x86)\Innovative Solutions
2013-02-06 22:36 . 2013-02-06 22:36 -------- d-----w- c:\users\Kelly\AppData\Roaming\PCCUStubInstaller
2013-02-06 22:17 . 2007-05-03 04:43 138240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxdvdrpp.dll
2013-02-06 22:08 . 2009-04-17 15:17 45568 ----a-w- c:\windows\system32\LXDVPMON.DLL
2013-02-06 22:08 . 2009-04-17 15:17 14336 ----a-w- c:\windows\system32\LXDVFXPU.DLL
2013-02-06 22:08 . 2009-04-17 14:17 3584 ----a-w- c:\windows\system32\LXDVPMRC.DLL
2013-02-06 22:08 . 2007-08-14 08:17 69632 ----a-w- c:\windows\system32\lxdvoem.dll
2013-02-06 22:08 . 2013-02-06 22:08 -------- d-----w- c:\programdata\X5400 Series
2013-02-06 03:24 . 2013-02-06 13:08 -------- d-----w- c:\windows\system32\drivers\N360x64\0604010.00E
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 02:26 . 2012-08-22 19:13 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 02:26 . 2012-08-22 19:13 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 10:14 . 2012-03-12 00:33 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 01:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 01:05 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 10:10 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 10:10 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 10:10 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 10:10 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 10:10 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 10:10 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 10:10 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 10:10 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 10:10 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 10:10 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 10:10 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 10:10 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 10:10 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 10:10 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 10:10 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 10:10 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 10:10 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 10:10 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 10:10 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 10:10 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 10:10 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 10:10 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 10:10 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 10:10 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 10:10 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 10:10 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 10:10 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 10:10 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 10:10 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 10:10 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 10:10 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 10:10 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 10:10 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 10:10 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 10:10 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 10:10 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 10:10 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 10:10 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 10:10 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 10:10 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 10:10 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 10:10 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 10:10 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2013-01-16 11325304]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2013-01-16 11325304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe [2007-10-18 33448]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20130212.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [2011-11-17 405624]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe [2007-10-18 1044136]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-19 138912]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-09-24 117912]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-18 44344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 02:26]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-11 21:43]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-11 21:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Kelly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-02-12  23:14:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-13 04:14
.
Pre-Run: 584,295,309,312 bytes free
Post-Run: 583,912,603,648 bytes free
.
- - End Of File - - AFC021726BFD8871D348480180929C02
 



#12 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Malware Response Team
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 13 February 2013 - 04:18 AM

Good evening dk59,

 

How is your computer currently running?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#13 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 February 2013 - 09:14 AM

I haven't had the performance s dips that I have on occasion. So far so good. What did we do?



#14 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Malware Response Team
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 13 February 2013 - 03:34 PM

Hello dk59,

 

Mainly just cleaned out some junk and adware really.

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#15 dk59

dk59
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 February 2013 - 06:39 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users