Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system tools fake virus not removable


  • This topic is locked This topic is locked
2 replies to this topic

#1 francealot

francealot

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 08 January 2011 - 10:23 PM

I read the page on how to run combofix, but missed the line that said not to run without a pro. It deleted my WD backup software, but I think I have the disc.
Anyway, I have been fighting to get rid of the viruses associated with fake system tools. I ran Avast which I have used for several yeras, but later deleted it because it dind't clean the viruses after a boot scan. I downloaded the 30-day trial of Kapersky and ran it (6.5 HOURS!!!) and it found the same four viruses, but listed them as 'postponed.'
It was then that i got Combofix after reading about ti getting rid of the fake system tools trojan.
So, here's Hijack this and the combo fix logs.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:39:49, on 01/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Ipswitch\WsftpCOMHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskhost.exe
C:\Users\carol\Documents\intoCDR\All-downloads12a\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O15 - Trusted Zone: *.ancestry.com
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 9711 bytes


ComboFix 11-01-08.03 - carol 01/08/2011 20:19:41.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1017 [GMT -6:00]
Running from: c:\users\carol\Documents\intoCDR\All-downloads12a\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\wd
c:\program files\wd\WD Anywhere Backup\config\Applications.xml
c:\program files\wd\WD Anywhere Backup\config\BackMeUp.xml
c:\program files\wd\WD Anywhere Backup\config\blacklist.txt
c:\program files\wd\WD Anywhere Backup\config\BMUConfigWizard.xml
c:\program files\wd\WD Anywhere Backup\config\Branding.xml
c:\program files\wd\WD Anywhere Backup\config\DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\ErrorDescriptions.xml
c:\program files\wd\WD Anywhere Backup\config\images\1Off.png
c:\program files\wd\WD Anywhere Backup\config\images\1On.png
c:\program files\wd\WD Anywhere Backup\config\images\2Off.png
c:\program files\wd\WD Anywhere Backup\config\images\2On.png
c:\program files\wd\WD Anywhere Backup\config\images\3Off.png
c:\program files\wd\WD Anywhere Backup\config\images\3On.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Actions.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Close.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Pause.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Reactivate.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Resume.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Verify.png
c:\program files\wd\WD Anywhere Backup\config\images\AppLogo.png
c:\program files\wd\WD Anywhere Backup\config\images\arial.ttf
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup16.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup48.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupSysTrayIcons.png
c:\program files\wd\WD Anywhere Backup\config\images\BuyNow.png
c:\program files\wd\WD Anywhere Backup\config\images\Check.png
c:\program files\wd\WD Anywhere Backup\config\images\CopyApps.png
c:\program files\wd\WD Anywhere Backup\config\images\harddisk.png
c:\program files\wd\WD Anywhere Backup\config\images\harddisk_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Feedback.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Help.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Purchase.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Register.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Updates.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\ViewHelp.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\LeftPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\Create.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\CreateHover.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\Restore.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\RestoreHover.png
c:\program files\wd\WD Anywhere Backup\config\images\MioNet.png
c:\program files\wd\WD Anywhere Backup\config\images\network.png
c:\program files\wd\WD Anywhere Backup\config\images\network_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\PanelImage.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeFiles.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeFilesHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeSettings.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeSettingsHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\FileTransfer.gif
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\Password.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\PasswordHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\Remove.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\RemoveHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\View.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ViewHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PoweredByMemeo.png
c:\program files\wd\WD Anywhere Backup\config\images\Products\Products.png
c:\program files\wd\WD Anywhere Backup\config\images\Products\ProtectMultiple.png
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.bmp
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.png
c:\program files\wd\WD Anywhere Backup\config\images\ProviderHardDisk.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProvideriPod.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderNetwork.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderRemovable.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderSwapDrive.ico
c:\program files\wd\WD Anywhere Backup\config\images\RegularButtonHoverImage.png
c:\program files\wd\WD Anywhere Backup\config\images\RegularButtonImage.png
c:\program files\wd\WD Anywhere Backup\config\images\removable.png
c:\program files\wd\WD Anywhere Backup\config\images\removable_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore16.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore32.ico
c:\program files\wd\WD Anywhere Backup\config\images\Restore48.png
c:\program files\wd\WD Anywhere Backup\config\images\RestoreApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\SelectedProviderHighlight.jpg
c:\program files\wd\WD Anywhere Backup\config\images\Settings\Alerts.png
c:\program files\wd\WD Anywhere Backup\config\images\Settings\Settings.png
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive.png
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\TopPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\images\wdmybook.png
c:\program files\wd\WD Anywhere Backup\config\images\wdpassport.png
c:\program files\wd\WD Anywhere Backup\config\Locale.xml
c:\program files\wd\WD Anywhere Backup\config\rssuserprefs.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.iPod.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.ShutterFly.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\UserFileTypeOptions.xml
c:\program files\wd\WD Anywhere Backup\ConfigManager.xml
c:\program files\wd\WD Anywhere Backup\DevComponents.DotNetBar2.dll
c:\program files\wd\WD Anywhere Backup\docs\images\AB user guide start.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide page1.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide page2.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide page4.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide restore page3.gif
c:\program files\wd\WD Anywhere Backup\docs\MemeoAutoBackupUserGuide.htm
c:\program files\wd\WD Anywhere Backup\eWebClient.dll
c:\program files\wd\WD Anywhere Backup\ICSharpCode.SharpZipLib.dll
c:\program files\wd\WD Anywhere Backup\Interop.eWebControl.dll
c:\program files\wd\WD Anywhere Backup\Interop.iTunesLib.dll
c:\program files\wd\WD Anywhere Backup\Interop.Microsoft.Office.Core.dll
c:\program files\wd\WD Anywhere Backup\Interop.Outlook.dll
c:\program files\wd\WD Anywhere Backup\Interop.ProfMan.dll
c:\program files\wd\WD Anywhere Backup\Interop.Redemption.dll
c:\program files\wd\WD Anywhere Backup\license.rtf
c:\program files\wd\WD Anywhere Backup\MBSstarter.exe
c:\program files\wd\WD Anywhere Backup\Memeo.Client.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Client.UI.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Shadow.Vista.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Shadow.XP.dll
c:\program files\wd\WD Anywhere Backup\MemeoBackgroundService.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackgroundService.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoRemoteCore.dll
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoUpdater.exe
c:\program files\wd\WD Anywhere Backup\MemeoUpdater.exe.config
c:\program files\wd\WD Anywhere Backup\Microsoft.Web.Services.dll
c:\program files\wd\WD Anywhere Backup\Microsoft.Windows.Forms.Navigation.dll
c:\program files\wd\WD Anywhere Backup\Mono.Nat.dll
c:\program files\wd\WD Anywhere Backup\MSVCR71D.dll
c:\program files\wd\WD Anywhere Backup\NamedPipes.dll
c:\program files\wd\WD Anywhere Backup\Newtonsoft.Json.dll
c:\program files\wd\WD Anywhere Backup\providers\Memeo.Server.Providers.BackupOnline.dll
c:\program files\wd\WD Anywhere Backup\providers\RegisteredProviders.xml
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FTPBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.iPodBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.RemovableStorageBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.ShutterflyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.SwapDriveBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.Ftp.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.ProxySocket.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.SecureSocket.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Security.dll
c:\program files\wd\WD Anywhere Backup\SQLite.NET.dll
c:\program files\wd\WD Anywhere Backup\sqlite3.dll
c:\program files\wd\WD Anywhere Backup\support\MemeoSupport.exe
c:\program files\wd\WD Anywhere Backup\support\MemeoSupport.exe.config
c:\program files\wd\WD Anywhere Backup\Tanagra.BMU.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.DataAccess.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Interop.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Third-party.Security.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Utility.dll
c:\program files\wd\WD Anywhere Backup\uninstall.exe
c:\program files\wd\WD Anywhere Backup\USBLib.dll
c:\program files\wd\WD Anywhere Backup\Vista.Api.dll
c:\program files\wd\WD Anywhere Backup\WDAnywhereBackup.ico
c:\program files\wd\WD Anywhere Backup\WDDriveInfo.exe
c:\program files\wd\WD Anywhere Backup\XMLSettings.dll
c:\programdata\ePbKd08200
c:\programdata\ePbKd08200\ePbKd08200
c:\programdata\ePbKd08200\ePbKd08200.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
E:\autorun.inf
E:\install.exe
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MemeoBackgroundService
-------\Service_MemeoBackgroundService


((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 02:42 . 2011-01-09 02:44 -------- d-----w- c:\users\carol\AppData\Local\temp
2011-01-09 02:42 . 2011-01-09 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 21:36 . 2011-01-08 21:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-01-08 20:51 . 2011-01-08 20:51 -------- d-----w- c:\users\carol\AppData\Local\WindowsUpdate
2011-01-08 18:41 . 2010-10-06 02:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-01-08 18:41 . 2010-10-06 02:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-01-08 18:41 . 2011-01-08 19:00 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-08 18:41 . 2011-01-08 19:00 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-08 18:40 . 2011-01-09 02:43 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-08 18:40 . 2011-01-08 18:40 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-08 18:31 . 2011-01-08 18:31 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-12-15 11:11 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 11:11 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 11:11 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 11:11 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 11:11 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 11:11 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 11:11 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 11:11 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 11:11 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 00:09 . 2009-11-02 00:43 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-21 00:09 . 2009-12-23 13:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-12-23 13:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 20:07 . 2010-03-25 10:43 106496 ----a-w- c:\windows\system32\ATL71.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2009-08-28 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 450560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]

c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KeyText.lnk - c:\program files\KeyText\KeyText.exe [2009-11-5 1381120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SrvMod.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SrvMod.lnk
backup=c:\windows\pss\SrvMod.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^carol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-FR-DMGP-V2SessionManager]
2008-12-01 15:12 131824 ----a-w- c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-08 22:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 11:59 136176 ----atw- c:\users\carol\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2009-08-28 00:20 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-11-12 100224]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-11 1343400]
R4 mrtRate;mrtRate; [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-08-28 144672]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 102400]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-04-16 11520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:50]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:50]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140699426-3326453205-645354271-1000Core.job
- c:\users\carol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 11:59]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140699426-3326453205-645354271-1000UA.job
- c:\users\carol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 11:59]

2011-01-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-09-15 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: ancestry.com
FF - ProfilePath - c:\users\carol\AppData\Roaming\Mozilla\Firefox\Profiles\ap276tii.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reuters.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-WD Anywhere Backup - c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe
MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-CardDetectorHUAWEI - c:\program files\CardDetector\HUAWEI\CardDetector.exe
MSConfigStartUp-CheckPoint Cleanup - c:\users\carol\AppData\Local\Temp\cpes_clean_launcher.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-CardDetectorHUAWEI - c:\program files\CardDetector\HUAWEI\CardDetectorSetup.exe
AddRemove-{68131B0A-D78D-4aed-B74E-33A6C7324E50} - c:\program files\WD\WD Anywhere Backup\uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3800)
c:\users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-01-08 20:48:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-09 02:48

Pre-Run: 171,493,703,680 bytes free
Post-Run: 173,214,461,952 bytes free

- - End Of File - - 9D29ABC5D95CCF6C4B5D9F03BE0F27E6

Help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 francealot

francealot
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 12 January 2011 - 07:31 AM

For the moment, someone is helping me sort this out, so please withsraw this request at this time. If need be, I'll be back.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:51 AM

Posted 12 January 2011 - 06:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users