Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent Trojans removed, but Google Redirecting Still


  • This topic is locked This topic is locked
27 replies to this topic

#1 Cheesestick

Cheesestick

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 21 June 2011 - 11:35 AM

About 3 days ago, I did a factory reformat/restore on my computer to fix another problem (which turned out to be dust bunnies in the CPU Fan & not software related, but here we are anyway w/ a fresh install). I don't know what I have on this computer but pretty sure I picked it up somewhere while trying to find all my programs again to reinstall. Yesterday, AVG found and successfully quarantined 2 instances of the trojan named SHeur.3.CFMY and 1 instance of the JS/XULCache.A. But not long after I noticed the problem w/ google redirecting whenever I click any results. I ran a full scan with Ad-Aware Free and another full scan with SUPERantiSpyware Free Ed. Each time they find tracking cookies & a few "threats" and remove them, but then the problems starts back up again (w/ the redirecting) when I try to use google. (I have not re-run AVG since it removed the previous threats.) Lastly, I did download HijackThis and ran it, but don't know exactly what to do w/ it. But if I need to provide a log file from that one too, just let me know. Thanks so much in advance! Here's my info:


.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Lori at 10:42:12 on 2011-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.3323 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WFX32.exe
C:\windows\system32\nvvsvc.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\wfx64.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Chameleon Clock\settime.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lori\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Chameleon Clock\ChamClock.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
C:\windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\HardCopy Pro\HardCopy Pro.exe
C:\Program Files (x86)\Weather Watcher\ww.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Lori\Downloads\HijackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Users\Lori\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\explorer.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SansaDispatch] C:\Users\Lori\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [HomeAlarm] C:\Program Files (x86)\Chameleon Clock\ChamClock.exe
uRun: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
StartupFolder: C:\Users\Lori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Lori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Lori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3F022DDE-E9A3-4ACE-83E9-F1DAD3EBCE59} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: WBSrv - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.westathome.net/Login.aspx?ReturnUrl=%2fNewsGroups%2fBroadCastMessages.aspx
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: toolbar-amazon@alexa.com - %profile%\extensions\toolbar-amazon@alexa.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: XUL Cache: {1899a8fc-d162-4190-96f5-822615580f89} - %profile%\extensions\{1899a8fc-d162-4190-96f5-822615580f89}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;C:\Program Files (x86)\Chameleon Clock\settime.exe [2011-6-18 58880]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-6-20 2151128]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-18 2337144]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 WindowFX;Stardock WindowFX;C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-6-17 185648]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-20 17152]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 SaiK8018;SaiK8018;C:\windows\system32\DRIVERS\SaiK8018.sys --> C:\windows\system32\DRIVERS\SaiK8018.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-18 136176]
S2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\windows\system32\comres32.exe --> c:\windows\system32\comres32.exe [?]
S2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\windows\system32\sqlunirl32.exe --> c:\windows\system32\sqlunirl32.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-21 16:22:17 388096 ----a-r- C:\Users\Lori\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-21 16:22:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-21 15:37:00 -------- d-----w- C:\Users\Lori\AppData\Local\{2381B499-7AC2-4C4B-A344-3F906E8C02AB}
2011-06-21 04:37:02 -------- d-----w- C:\Users\Lori\AppData\Roaming\SUPERAntiSpyware.com
2011-06-21 04:37:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-21 04:36:56 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-21 04:36:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-21 01:05:03 -------- d-----w- C:\Users\Lori\AppData\Local\{C19C51B5-CB03-4075-945A-E976BA84A24A}
2011-06-20 23:30:15 49752 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-06-20 23:28:17 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2011-06-20 23:28:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-06-20 18:55:08 -------- d-----w- C:\Users\Lori\AppData\Roaming\Malwarebytes
2011-06-20 18:54:48 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-20 18:54:48 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-20 18:54:45 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-06-20 18:54:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-20 13:49:39 -------- d--h--w- C:\$AVG
2011-06-20 13:04:23 -------- d-----w- C:\Users\Lori\AppData\Local\{052E3594-918A-427E-B6D9-7A8EC1DAD474}
2011-06-19 22:01:46 -------- d-----w- C:\Users\Lori\AppData\Local\{B31C13F8-A312-4CF6-827A-12F66992C3ED}
2011-06-19 17:57:39 -------- d-----w- C:\Users\Lori\dwhelper
2011-06-19 15:39:06 463520 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
2011-06-19 15:39:06 401056 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-06-19 15:39:06 330400 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-06-19 15:39:06 31392 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-06-19 15:39:06 128672 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-06-19 14:53:29 -------- d-----w- C:\ProgramData\Corel
2011-06-19 14:51:33 -------- d-----w- C:\Users\Lori\AppData\Local\Corel
2011-06-19 14:50:37 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-06-19 08:16:42 -------- d-----w- C:\Users\Lori\AppData\Local\{B79CEF20-E19C-461A-BDEE-DA954CC0E2C8}
2011-06-19 03:01:54 -------- d-----w- C:\TubeSucker Videos
2011-06-18 20:16:06 -------- d-----w- C:\Users\Lori\AppData\Local\{51BEE53D-A66C-4126-AEB3-AE0F76E7ADDF}
2011-06-18 18:45:42 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft
2011-06-18 18:45:41 -------- d-----w- C:\ProgramData\Realtime Soft
2011-06-18 18:45:41 -------- d-----w- C:\Program Files\UltraMon
2011-06-18 18:34:30 28058624 ----a-w- C:\windows\System32\imageres.dll
2011-06-18 18:08:00 -------- d-----w- C:\Users\Lori\AppData\Roaming\WeatherWatcher
2011-06-18 18:07:45 102400 ----a-w- C:\windows\SysWow64\unzip32.dll
2011-06-18 18:07:45 -------- d-----w- C:\Program Files (x86)\Weather Watcher
2011-06-18 17:36:30 -------- d-----w- C:\Program Files (x86)\Chameleon Clock
2011-06-18 16:10:10 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-06-18 15:46:17 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-06-18 15:46:03 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-06-18 15:45:57 150712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-06-18 15:45:55 105472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-06-18 15:44:41 -------- d-----r- C:\Program Files (x86)\Skype
2011-06-18 15:37:02 -------- d-----w- C:\Users\Lori\AppData\Roaming\Audio Recorder for Free
2011-06-18 15:36:40 602112 ----a-w- C:\windows\SysWow64\NCTAudioTransform2.dll
2011-06-18 15:36:40 479232 ----a-w- C:\windows\SysWow64\NCTAudioVisualization2.dll
2011-06-18 15:36:40 417792 ----a-w- C:\windows\SysWow64\NCTTextToAudio2.dll
2011-06-18 15:36:40 348160 ----a-w- C:\windows\SysWow64\NCTWMAFile2.dll
2011-06-18 15:36:39 880640 ----a-w- C:\windows\SysWow64\NCTAudioEditor2.dll
2011-06-18 15:36:39 835584 ----a-w- C:\windows\SysWow64\NCTAudioCDGrabber2.dll
2011-06-18 15:36:39 458752 ----a-w- C:\windows\SysWow64\NCTAudioRecord2.dll
2011-06-18 15:36:39 458752 ----a-w- C:\windows\SysWow64\NCTAudioPlayer2.dll
2011-06-18 15:36:39 344064 ----a-w- C:\windows\SysWow64\msvcr70.dll
2011-06-18 15:36:39 1986560 ----a-w- C:\windows\SysWow64\NCTAudioFile2.dll
2011-06-18 15:36:39 1212416 ----a-w- C:\windows\SysWow64\NCTAudioInformation2.dll
2011-06-18 15:36:38 -------- d-----w- C:\Program Files (x86)\Audio Recorder for Free
2011-06-18 15:27:44 -------- d-----w- C:\Users\Lori\AppData\Local\Adobe
2011-06-18 01:26:03 106192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
2011-06-18 01:25:47 53488 ------w- C:\windows\System32\drivers\PxHlpa64.sys
2011-06-18 01:25:46 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-06-18 01:25:46 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-06-18 01:25:46 -------- d-----w- C:\Program Files (x86)\Common Files\Napster Shared
2011-06-18 01:23:26 -------- d-----w- C:\ProgramData\Napster
2011-06-18 01:23:02 -------- d-----w- C:\Program Files (x86)\Napster
2011-06-17 22:45:40 190992 ----a-w- C:\windows\System32\BtCoreIf.dll
2011-06-17 22:45:37 96272 ----a-w- C:\windows\System32\KemXML.dll
2011-06-17 22:45:37 235536 ----a-w- C:\windows\System32\KemUtil.dll
2011-06-17 22:45:37 235536 ----a-w- C:\windows\System32\kemutb.dll
2011-06-17 22:45:37 159248 ----a-w- C:\windows\System32\KemWnd.dll
2011-06-17 22:42:30 -------- d-----w- C:\Users\Lori\AppData\Roaming\SanDisk
2011-06-17 22:42:11 -------- d-----w- C:\Program Files\Saitek
2011-06-17 22:40:41 1919968 ----a-w- C:\windows\System32\WdfCoInstaller01005.dll
2011-06-17 22:28:38 -------- d-----w- C:\Users\Lori\AppData\Local\Apple Computer
2011-06-17 22:28:26 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-06-17 22:28:26 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-06-17 22:28:26 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-06-17 22:26:41 -------- d-----w- C:\Program Files\Bonjour
2011-06-17 22:26:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-06-17 21:27:52 360580 ----a-w- C:\windows\eSellerateEngine.dll
2011-06-17 21:27:51 -------- d-----w- C:\Program Files (x86)\Hot CPU Tester Pro 4 LE
2011-06-17 19:49:55 -------- d-----w- C:\Users\Lori\AppData\Local\Yahoo
2011-06-17 19:23:24 -------- d-----w- C:\Users\Lori\AppData\Local\ODUI
2011-06-17 19:22:22 -------- d-----w- C:\Users\Lori\AppData\Local\Stardock
2011-06-17 19:22:13 -------- dc-h--w- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-06-17 19:19:38 53904 ----a-w- C:\windows\System32\wbload.dll
2011-06-17 19:19:09 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2011-06-17 19:18:33 57904 ----a-w- C:\windows\SysWow64\wbload.dll
2011-06-17 19:13:52 -------- d-----w- C:\ProgramData\Gibraltar
2011-06-17 19:11:42 -------- d-----w- C:\Users\Lori\AppData\Roaming\AVG10
2011-06-17 19:10:07 -------- d--h--w- C:\ProgramData\Common Files
2011-06-17 19:09:48 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2011-06-17 19:08:27 -------- d-----w- C:\windows\System32\drivers\AVG
2011-06-17 19:08:27 -------- d-----w- C:\ProgramData\AVG10
2011-06-17 19:06:06 -------- d-----w- C:\Program Files (x86)\AVG
2011-06-17 19:04:51 -------- d-----w- C:\Users\Lori\AppData\Roaming\Stardock
2011-06-17 19:04:24 -------- d-----w- C:\ProgramData\Stardock
2011-06-17 19:04:22 -------- d-----w- C:\Program Files (x86)\Stardock
2011-06-17 19:03:59 -------- dc-h--w- C:\ProgramData\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}
2011-06-17 19:01:08 -------- d-----w- C:\Users\Lori\AppData\Local\PackageAware
2011-06-17 19:00:33 -------- d-----w- C:\ProgramData\MFAData
2011-06-17 18:58:33 -------- d-----r- C:\Users\Lori\Dropbox
2011-06-17 18:27:33 -------- d-----w- C:\Users\Lori\AppData\Local\Apps
2011-06-17 18:27:31 -------- d-----w- C:\Users\Lori\AppData\Local\Deployment
2011-06-17 18:19:37 -------- d-----w- C:\Users\Lori\AppData\Local\AOL
2011-06-17 18:19:37 -------- d-----w- C:\Users\Lori\AppData\Local\AIM
2011-06-17 18:17:35 -------- d-----w- C:\ProgramData\AIM
2011-06-17 18:17:26 -------- d-----w- C:\Program Files (x86)\AIM
2011-06-17 18:17:25 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-06-17 18:17:22 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2011-06-17 18:10:17 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-06-17 18:05:11 -------- d-----w- C:\Users\Lori\VirtualBox VMs
2011-06-17 18:04:37 -------- d-----w- C:\Users\Lori\.VirtualBox
2011-06-17 17:52:59 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-17 17:29:15 -------- d-----w- C:\Users\Lori\AppData\Roaming\Realtime Soft
2011-06-17 17:26:58 -------- d-----w- C:\Virtual Box Programs
2011-06-17 17:24:47 231600 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2011-06-17 17:24:22 56752 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2011-06-17 17:24:14 -------- d-----w- C:\Program Files\Oracle
2011-06-17 16:42:04 -------- d-----w- C:\Users\Lori\AppData\Local\Mozilla
2011-06-17 16:31:42 -------- d-----w- C:\windows\System32\SPReview
2011-06-17 16:31:16 -------- d-----w- C:\windows\System32\EventProviders
2011-06-17 16:29:03 48976 ----a-w- C:\windows\System32\netfxperf.dll
2011-06-17 16:29:03 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-06-17 16:27:59 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-06-17 16:26:59 399872 ----a-w- C:\windows\System32\dpx.dll
2011-06-17 16:26:59 189952 ----a-w- C:\windows\SysWow64\wdscore.dll
2011-06-17 16:26:40 606208 ----a-w- C:\windows\SysWow64\wbem\fastprox.dll
2011-06-17 16:26:40 363008 ----a-w- C:\windows\SysWow64\wbemcomn.dll
2011-06-17 16:25:45 529408 ----a-w- C:\windows\System32\wbemcomn.dll
2011-06-17 16:08:12 -------- d-----w- C:\windows\en
2011-06-17 16:07:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-17 16:06:02 -------- d-----w- C:\windows\SysWow64\Wat
2011-06-17 16:06:02 -------- d-----w- C:\windows\System32\Wat
2011-06-17 16:05:40 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-06-17 16:05:40 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-06-17 15:23:44 -------- d-----w- C:\Users\Lori\AppData\Roaming\DeskSoft
2011-06-17 15:23:44 -------- d-----w- C:\Program Files (x86)\HardCopy Pro
2011-06-17 15:19:15 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-06-17 15:19:10 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-06-17 15:19:08 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-06-17 15:19:08 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-06-17 15:19:08 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-06-17 15:19:08 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-06-17 15:17:23 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a67da5a51cc2d0110\InstallManager_WLE_WLE.exe
2011-06-17 15:17:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a57ef2671cc2d010f\DSETUP.dll
2011-06-17 15:17:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a57ef2671cc2d010f\DXSETUP.exe
2011-06-17 15:17:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a57ef2671cc2d010f\dsetup32.dll
2011-06-17 15:17:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a29f69331cc2d010e\DSETUP.dll
2011-06-17 15:17:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a29f69331cc2d010e\DXSETUP.exe
2011-06-17 15:17:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a29f69331cc2d010e\dsetup32.dll
2011-06-17 15:16:36 -------- d-----w- C:\Users\Lori\AppData\Local\Windows Live
2011-06-17 15:12:13 -------- d-----w- C:\Users\Lori\AppData\Roaming\Dropbox
2011-06-17 15:12:02 2871808 ----a-w- C:\windows\explorer.exe
2011-06-17 15:12:01 2616320 ----a-w- C:\windows\SysWow64\explorer.exe
2011-06-17 15:08:34 31232 ----a-w- C:\windows\SysWow64\prevhost.exe
2011-06-17 15:08:34 31232 ----a-w- C:\windows\System32\prevhost.exe
2011-06-17 14:56:04 -------- d-----w- C:\Users\Lori\AppData\Local\TOSHIBA_Corporation
2011-06-17 14:43:42 14744 ----a-w- C:\Users\Lori\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2011-06-17 14:43:02 -------- d-----w- C:\Users\Lori\Tracing
2011-06-17 14:39:42 -------- d-----w- C:\Users\Lori\AppData\Local\Microsoft Help
2011-06-17 14:17:58 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-06-17 14:17:55 974336 ----a-w- C:\windows\System32\WFS.exe
2011-06-17 14:17:55 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-06-17 14:16:30 -------- d-----w- C:\Users\Lori\AppData\Local\Google
2011-06-17 14:14:06 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-17 14:13:17 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-17 13:48:22 -------- d-----w- C:\Users\Lori\AppData\Local\Toshiba
2011-06-17 13:47:04 -------- d-----w- C:\Users\Lori\AppData\Local\VirtualStore
2011-06-17 13:46:10 17 --sh--r- C:\windows\SysWow64\drivers\fbd.sys
2011-06-17 07:38:37 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C86110C0-50D9-47FB-8248-10741DDF155F}\mpengine.dll
2011-06-17 07:38:35 270720 ----a-w- C:\windows\System32\MpSigStub.exe
2011-06-17 07:32:55 -------- d-----w- C:\ProgramData\Norton
2011-06-17 07:32:48 -------- d-----w- C:\ProgramData\NortonInstaller
2011-06-17 07:32:16 -------- d-----w- C:\Program Files\Dolby
2011-06-17 07:31:35 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared
2011-06-17 07:31:33 482384 ----a-w- C:\windows\System32\drivers\tos_sps64.sys
2011-06-17 07:31:32 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2011-06-17 07:29:45 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2011-06-17 07:27:05 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2011-06-17 07:27:05 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2011-06-17 07:24:59 90112 ----a-w- C:\windows\System32\snymsico.dll
2011-06-17 07:24:59 81408 ----a-w- C:\windows\System32\drivers\risdpe64.sys
2011-06-17 07:24:59 60416 ----a-w- C:\windows\System32\drivers\rimspe64.sys
2011-06-17 07:24:59 55808 ----a-w- C:\windows\System32\drivers\rixdpe64.sys
2011-06-17 07:24:59 196608 ----a-w- C:\windows\System32\RiSDIcon.dll
2011-06-17 07:24:59 188416 ----a-w- C:\windows\System32\RiMMCIcon.dll
2011-06-17 07:24:59 172032 ----a-w- C:\windows\System32\rixdicon.dll
2011-06-17 07:24:59 -------- d-----w- C:\windows\SysWow64\sda
2011-06-17 07:24:26 107552 ----a-w- C:\windows\System32\RTNUninst64.dll
2011-06-17 07:23:58 -------- d-----w- C:\Program Files\Synaptics
2011-06-17 07:19:33 -------- d-----w- C:\windows\SysWow64\AGEIA
2011-06-17 07:19:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-06-17 07:19:12 541216 ----a-w- C:\windows\System32\NVUNINST.EXE
2011-06-17 07:16:34 408600 ----a-w- C:\windows\System32\drivers\iaStor.sys
2011-06-17 07:16:18 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-06-07 19:35:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 19:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-18 15:45:51 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-06-18 15:45:51 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-06-17 16:45:00 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-06-17 16:45:00 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-17 01:35:14 176560 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2011-05-17 01:35:14 156912 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2011-05-17 01:35:10 320816 ----a-w- C:\windows\System32\VBoxNetFltNotify.dll
2011-05-03 05:29:29 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-04-15 04:28:24 118864 ----a-w- C:\windows\System32\drivers\AVGIDSDriver.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-04-06 23:26:58 96544 ----a-w- C:\windows\System32\dnssd.dll
2011-04-06 23:26:58 69408 ----a-w- C:\windows\System32\jdns_sd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-04-05 07:59:54 377936 ----a-w- C:\windows\System32\drivers\avgtdia.sys
.
============= FINISH: 10:43:24.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 01:12 PM

Hello Cheesestick and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. :thumbup2:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.


***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.
You can reinstall it after the computer is clean.

-------------

Please temporarily disable Ad-Aware's Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click on the Adaware icon in the system tray and select Exit.

(you may need to do this after every reboot.)

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 04:51 PM

Thanks for the reply! I know you all are busy, I've poked around quite a bit in the forum since I got this issue on my own computer so I knew you would get to me eventually.

I was able to run the TDSS Killer and will post the log. I followed the instructions for the Combo Fix, but right when I attempted to run it, it told me the software was out of date and did I want to update it. I did click no since that was not in the instructions to do that but then it told me the current date on my system and warned me about continuing to run it, so I opted to exit. I guess I should go ahead and let it update & then run?

Here is the first log file requested:

2011/06/30 16:30:08.0594 2080 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/30 16:30:09.0007 2080 ================================================================================
2011/06/30 16:30:09.0007 2080 SystemInfo:
2011/06/30 16:30:09.0007 2080
2011/06/30 16:30:09.0008 2080 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/30 16:30:09.0008 2080 Product type: Workstation
2011/06/30 16:30:09.0008 2080 ComputerName: LORI-PC
2011/06/30 16:30:09.0008 2080 UserName: Lori
2011/06/30 16:30:09.0008 2080 Windows directory: C:\windows
2011/06/30 16:30:09.0008 2080 System windows directory: C:\windows
2011/06/30 16:30:09.0008 2080 Running under WOW64
2011/06/30 16:30:09.0008 2080 Processor architecture: Intel x64
2011/06/30 16:30:09.0008 2080 Number of processors: 2
2011/06/30 16:30:09.0008 2080 Page size: 0x1000
2011/06/30 16:30:09.0008 2080 Boot type: Normal boot
2011/06/30 16:30:09.0008 2080 ================================================================================
2011/06/30 16:30:10.0894 2080 Initialize success
2011/06/30 16:30:14.0020 6112 ================================================================================
2011/06/30 16:30:14.0020 6112 Scan started
2011/06/30 16:30:14.0021 6112 Mode: Manual;
2011/06/30 16:30:14.0021 6112 ================================================================================
2011/06/30 16:30:14.0796 6112 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
2011/06/30 16:30:15.0040 6112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
2011/06/30 16:30:15.0186 6112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
2011/06/30 16:30:15.0324 6112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/06/30 16:30:15.0486 6112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/06/30 16:30:15.0613 6112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/06/30 16:30:15.0772 6112 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
2011/06/30 16:30:15.0950 6112 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
2011/06/30 16:30:16.0142 6112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
2011/06/30 16:30:16.0349 6112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
2011/06/30 16:30:16.0504 6112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
2011/06/30 16:30:16.0659 6112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/06/30 16:30:16.0771 6112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/06/30 16:30:16.0917 6112 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\windows\system32\drivers\amdsata.sys
2011/06/30 16:30:17.0103 6112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/06/30 16:30:17.0216 6112 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\windows\system32\drivers\amdxata.sys
2011/06/30 16:30:17.0368 6112 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
2011/06/30 16:30:17.0539 6112 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/06/30 16:30:17.0688 6112 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/06/30 16:30:17.0821 6112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/06/30 16:30:17.0935 6112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
2011/06/30 16:30:18.0156 6112 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
2011/06/30 16:30:18.0496 6112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/06/30 16:30:18.0659 6112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/06/30 16:30:18.0832 6112 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/06/30 16:30:18.0999 6112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/06/30 16:30:19.0121 6112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
2011/06/30 16:30:19.0226 6112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/06/30 16:30:19.0338 6112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/06/30 16:30:19.0504 6112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/06/30 16:30:19.0638 6112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/06/30 16:30:19.0771 6112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/06/30 16:30:19.0894 6112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/06/30 16:30:20.0022 6112 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
2011/06/30 16:30:20.0143 6112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/06/30 16:30:20.0268 6112 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2011/06/30 16:30:20.0422 6112 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\windows\System32\Drivers\BTHport.sys
2011/06/30 16:30:20.0541 6112 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\windows\System32\Drivers\BTHUSB.sys
2011/06/30 16:30:20.0653 6112 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/06/30 16:30:20.0800 6112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
2011/06/30 16:30:20.0935 6112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/06/30 16:30:21.0039 6112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/06/30 16:30:21.0156 6112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/06/30 16:30:21.0239 6112 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
2011/06/30 16:30:21.0322 6112 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
2011/06/30 16:30:21.0445 6112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/06/30 16:30:21.0542 6112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
2011/06/30 16:30:21.0676 6112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/06/30 16:30:21.0859 6112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
2011/06/30 16:30:21.0973 6112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/06/30 16:30:22.0086 6112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/06/30 16:30:22.0230 6112 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/06/30 16:30:22.0435 6112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
2011/06/30 16:30:22.0861 6112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/06/30 16:30:23.0067 6112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/06/30 16:30:23.0201 6112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
2011/06/30 16:30:23.0340 6112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/06/30 16:30:23.0458 6112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/06/30 16:30:23.0588 6112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/06/30 16:30:23.0722 6112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/06/30 16:30:23.0827 6112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/06/30 16:30:23.0958 6112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/06/30 16:30:24.0117 6112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
2011/06/30 16:30:24.0267 6112 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/06/30 16:30:24.0361 6112 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/06/30 16:30:24.0483 6112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/06/30 16:30:24.0603 6112 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
2011/06/30 16:30:24.0713 6112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/06/30 16:30:24.0858 6112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/30 16:30:25.0004 6112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/06/30 16:30:25.0145 6112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
2011/06/30 16:30:25.0279 6112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
2011/06/30 16:30:25.0461 6112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/06/30 16:30:25.0575 6112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/06/30 16:30:25.0699 6112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/06/30 16:30:25.0865 6112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
2011/06/30 16:30:26.0060 6112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
2011/06/30 16:30:26.0195 6112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
2011/06/30 16:30:26.0318 6112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
2011/06/30 16:30:26.0465 6112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
2011/06/30 16:30:26.0600 6112 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
2011/06/30 16:30:26.0809 6112 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\windows\system32\drivers\iaStorV.sys
2011/06/30 16:30:27.0382 6112 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/06/30 16:30:27.0679 6112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/06/30 16:30:27.0986 6112 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
2011/06/30 16:30:28.0150 6112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
2011/06/30 16:30:28.0280 6112 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/06/30 16:30:28.0502 6112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/06/30 16:30:28.0673 6112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
2011/06/30 16:30:28.0774 6112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/06/30 16:30:28.0967 6112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/06/30 16:30:29.0096 6112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
2011/06/30 16:30:29.0243 6112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
2011/06/30 16:30:29.0393 6112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
2011/06/30 16:30:29.0567 6112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
2011/06/30 16:30:29.0687 6112 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
2011/06/30 16:30:29.0792 6112 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
2011/06/30 16:30:29.0960 6112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/06/30 16:30:30.0121 6112 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\windows\system32\DRIVERS\LEqdUsb.Sys
2011/06/30 16:30:30.0243 6112 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\windows\system32\DRIVERS\LHidEqd.Sys
2011/06/30 16:30:30.0400 6112 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\windows\system32\DRIVERS\LHidFilt.Sys
2011/06/30 16:30:30.0518 6112 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/06/30 16:30:30.0626 6112 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\windows\system32\DRIVERS\LMouFilt.Sys
2011/06/30 16:30:30.0752 6112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/06/30 16:30:30.0899 6112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/06/30 16:30:31.0033 6112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/06/30 16:30:31.0158 6112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/06/30 16:30:31.0294 6112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/06/30 16:30:31.0463 6112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/06/30 16:30:31.0638 6112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/06/30 16:30:31.0750 6112 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/06/30 16:30:31.0857 6112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/06/30 16:30:31.0970 6112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/06/30 16:30:32.0094 6112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/06/30 16:30:32.0218 6112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
2011/06/30 16:30:32.0332 6112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
2011/06/30 16:30:32.0443 6112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/06/30 16:30:32.0594 6112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
2011/06/30 16:30:32.0773 6112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/06/30 16:30:32.0909 6112 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/06/30 16:30:33.0069 6112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/06/30 16:30:33.0181 6112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
2011/06/30 16:30:33.0338 6112 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
2011/06/30 16:30:33.0460 6112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/06/30 16:30:33.0594 6112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/06/30 16:30:33.0772 6112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
2011/06/30 16:30:33.0905 6112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/06/30 16:30:34.0039 6112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/06/30 16:30:34.0172 6112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/06/30 16:30:34.0314 6112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
2011/06/30 16:30:34.0437 6112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
2011/06/30 16:30:34.0570 6112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/06/30 16:30:34.0683 6112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/06/30 16:30:34.0800 6112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/06/30 16:30:34.0960 6112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/06/30 16:30:35.0109 6112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
2011/06/30 16:30:35.0270 6112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/06/30 16:30:35.0387 6112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/06/30 16:30:35.0504 6112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
2011/06/30 16:30:35.0606 6112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
2011/06/30 16:30:35.0651 6112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
2011/06/30 16:30:35.0769 6112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/06/30 16:30:35.0891 6112 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
2011/06/30 16:30:36.0057 6112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/06/30 16:30:36.0223 6112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/06/30 16:30:36.0367 6112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/06/30 16:30:36.0707 6112 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\windows\system32\drivers\Ntfs.sys
2011/06/30 16:30:36.0959 6112 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/06/30 16:30:37.0158 6112 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\windows\system32\drivers\nvhda64v.sys
2011/06/30 16:30:37.0837 6112 nvlddmkm (7a0fa5fe8b2904cdf3e375f45c23a858) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/06/30 16:30:38.0047 6112 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\windows\system32\drivers\nvraid.sys
2011/06/30 16:30:38.0179 6112 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\windows\system32\drivers\nvstor.sys
2011/06/30 16:30:38.0383 6112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
2011/06/30 16:30:38.0587 6112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
2011/06/30 16:30:38.0769 6112 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/06/30 16:30:38.0882 6112 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
2011/06/30 16:30:39.0046 6112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
2011/06/30 16:30:39.0153 6112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
2011/06/30 16:30:39.0305 6112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/06/30 16:30:39.0460 6112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/06/30 16:30:39.0608 6112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/06/30 16:30:39.0727 6112 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/06/30 16:30:39.0878 6112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
2011/06/30 16:30:39.0976 6112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/06/30 16:30:40.0134 6112 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
2011/06/30 16:30:40.0261 6112 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\windows\system32\Drivers\PxHlpa64.sys
2011/06/30 16:30:40.0499 6112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/06/30 16:30:40.0695 6112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/06/30 16:30:40.0802 6112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/06/30 16:30:40.0929 6112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/06/30 16:30:41.0079 6112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/06/30 16:30:41.0204 6112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/06/30 16:30:41.0331 6112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/06/30 16:30:41.0457 6112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/06/30 16:30:41.0649 6112 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
2011/06/30 16:30:41.0759 6112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/06/30 16:30:41.0894 6112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/06/30 16:30:42.0028 6112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/06/30 16:30:42.0162 6112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/06/30 16:30:42.0329 6112 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
2011/06/30 16:30:42.0449 6112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
2011/06/30 16:30:42.0570 6112 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2011/06/30 16:30:42.0690 6112 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
2011/06/30 16:30:42.0798 6112 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
2011/06/30 16:30:42.0947 6112 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
2011/06/30 16:30:43.0097 6112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/06/30 16:30:43.0225 6112 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/06/30 16:30:43.0432 6112 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/06/30 16:30:43.0572 6112 SaiK8018 (4d7444c769af99eff134320542d812fa) C:\windows\system32\DRIVERS\SaiK8018.sys
2011/06/30 16:30:43.0676 6112 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/30 16:30:43.0692 6112 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/30 16:30:43.0814 6112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
2011/06/30 16:30:43.0931 6112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
2011/06/30 16:30:44.0087 6112 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
2011/06/30 16:30:44.0246 6112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/06/30 16:30:44.0379 6112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/06/30 16:30:44.0537 6112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/06/30 16:30:44.0652 6112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/06/30 16:30:44.0784 6112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/06/30 16:30:44.0895 6112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/06/30 16:30:44.0995 6112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
2011/06/30 16:30:45.0119 6112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/06/30 16:30:45.0242 6112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/06/30 16:30:45.0366 6112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/06/30 16:30:45.0490 6112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/06/30 16:30:45.0713 6112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/06/30 16:30:45.0893 6112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
2011/06/30 16:30:46.0009 6112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
2011/06/30 16:30:46.0133 6112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
2011/06/30 16:30:46.0271 6112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/06/30 16:30:46.0469 6112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
2011/06/30 16:30:46.0599 6112 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
2011/06/30 16:30:46.0854 6112 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys
2011/06/30 16:30:47.0143 6112 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys
2011/06/30 16:30:47.0331 6112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
2011/06/30 16:30:47.0463 6112 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/06/30 16:30:47.0680 6112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/06/30 16:30:47.0802 6112 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/06/30 16:30:47.0942 6112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
2011/06/30 16:30:48.0081 6112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
2011/06/30 16:30:48.0255 6112 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
2011/06/30 16:30:48.0361 6112 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/06/30 16:30:48.0630 6112 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
2011/06/30 16:30:48.0774 6112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/06/30 16:30:48.0899 6112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
2011/06/30 16:30:49.0026 6112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
2011/06/30 16:30:49.0141 6112 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/30 16:30:49.0240 6112 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/06/30 16:30:49.0357 6112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/06/30 16:30:49.0498 6112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
2011/06/30 16:30:49.0626 6112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
2011/06/30 16:30:49.0778 6112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
2011/06/30 16:30:49.0902 6112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/06/30 16:30:50.0028 6112 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\windows\system32\drivers\usbccgp.sys
2011/06/30 16:30:50.0150 6112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
2011/06/30 16:30:50.0253 6112 usbehci (74ee782b1d9c241efe425565854c661c) C:\windows\system32\drivers\usbehci.sys
2011/06/30 16:30:50.0383 6112 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\windows\system32\DRIVERS\usbhub.sys
2011/06/30 16:30:50.0501 6112 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
2011/06/30 16:30:50.0616 6112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/06/30 16:30:50.0733 6112 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/06/30 16:30:50.0829 6112 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
2011/06/30 16:30:50.0961 6112 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
2011/06/30 16:30:51.0101 6112 VBoxDrv (f8899654688af11b5e8ddf9ed53cb72e) C:\windows\system32\DRIVERS\VBoxDrv.sys
2011/06/30 16:30:51.0203 6112 VBoxNetAdp (01f5ff577ca9d3555941c5c266af4385) C:\windows\system32\DRIVERS\VBoxNetAdp.sys
2011/06/30 16:30:51.0319 6112 VBoxNetFlt (2666d93096570f92346e3117b9c051e8) C:\windows\system32\DRIVERS\VBoxNetFlt.sys
2011/06/30 16:30:51.0423 6112 VBoxUSBMon (92d8db75837262e3811dfabf80dc08e0) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
2011/06/30 16:30:51.0533 6112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
2011/06/30 16:30:51.0634 6112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/06/30 16:30:51.0733 6112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/06/30 16:30:51.0832 6112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
2011/06/30 16:30:51.0940 6112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
2011/06/30 16:30:52.0033 6112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
2011/06/30 16:30:52.0142 6112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
2011/06/30 16:30:52.0244 6112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
2011/06/30 16:30:52.0381 6112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/06/30 16:30:52.0498 6112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/06/30 16:30:52.0613 6112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/06/30 16:30:52.0827 6112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/06/30 16:30:52.0953 6112 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/30 16:30:52.0984 6112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/30 16:30:53.0219 6112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/06/30 16:30:53.0347 6112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/06/30 16:30:53.0514 6112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/06/30 16:30:53.0640 6112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/06/30 16:30:53.0926 6112 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
2011/06/30 16:30:54.0098 6112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
2011/06/30 16:30:54.0284 6112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/06/30 16:30:54.0420 6112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
2011/06/30 16:30:54.0540 6112 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/06/30 16:30:54.0633 6112 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/06/30 16:30:54.0661 6112 Boot (0x1200) (d53329e115a616b61fbc3a857e19e130) \Device\Harddisk0\DR0\Partition0
2011/06/30 16:30:54.0666 6112 ================================================================================
2011/06/30 16:30:54.0666 6112 Scan finished
2011/06/30 16:30:54.0666 6112 ================================================================================
2011/06/30 16:30:54.0688 4924 Detected object count: 0
2011/06/30 16:30:54.0688 4924 Actual detected object count: 0

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 04:54 PM

Thanks for the reply!

No problem! :)

I guess I should go ahead and let it update & then run?

Yes, please do :wink:.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 05:12 PM

Okay, here's the combo fix:

ComboFix 11-06-30.03 - Lori 06/30/2011 16:57:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4647 [GMT -5:00]
Running from: c:\users\Lori\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\extensions\{1899a8fc-d162-4190-96f5-822615580f89}
c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\extensions\{1899a8fc-d162-4190-96f5-822615580f89}\chrome.manifest
c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\extensions\{1899a8fc-d162-4190-96f5-822615580f89}\chrome\xulcache.jar
c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\extensions\{1899a8fc-d162-4190-96f5-822615580f89}\defaults\preferences\xulcache.js
c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\extensions\{1899a8fc-d162-4190-96f5-822615580f89}\install.rdf
c:\windows\security\Database\tmp.edb
c:\windows\system32\no
c:\windows\system32\SV
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 22:02 . 2011-06-30 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 17:43 . 2011-06-24 20:04 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-30 17:43 . 2011-06-24 20:05 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-30 17:43 . 2011-06-30 17:43 -------- d-----w- c:\program files\Oracle
2011-06-29 12:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 12:16 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 12:16 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 12:16 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 12:16 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-24 20:05 . 2011-06-24 20:05 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-06-24 20:05 . 2011-06-24 20:05 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-06-24 20:04 . 2011-06-24 20:04 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-06-22 14:06 . 2011-06-22 14:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-06-21 16:22 . 2011-06-21 16:22 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-21 04:37 . 2011-06-21 04:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-21 04:36 . 2011-06-21 04:36 -------- d-----w- c:\programdata\!SASCORE
2011-06-21 04:36 . 2011-06-21 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-20 23:30 . 2011-06-20 23:30 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-20 23:28 . 2011-06-20 23:28 -------- d-----w- c:\programdata\Lavasoft
2011-06-20 18:54 . 2011-06-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 18:54 . 2011-05-29 15:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-20 18:54 . 2011-06-20 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-20 18:54 . 2011-05-29 15:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 13:49 . 2011-06-20 13:49 -------- d-----w- C:\$AVG
2011-06-19 21:52 . 2011-06-19 21:52 -------- d-----w- c:\windows\Sun
2011-06-19 15:39 . 2010-06-27 10:49 330400 ----a-w- c:\program files (x86)\Common Files\MediaOrganizer.dll
2011-06-19 15:39 . 2010-06-27 10:45 31392 ----a-w- c:\program files (x86)\Common Files\FlickrProvider.dll
2011-06-19 15:39 . 2010-06-27 10:45 401056 ----a-w- c:\program files (x86)\Common Files\facebook.dll
2011-06-19 15:39 . 2010-06-27 10:45 128672 ----a-w- c:\program files (x86)\Common Files\PluginCommon.dll
2011-06-19 15:39 . 2010-06-27 10:44 463520 ----a-w- c:\program files (x86)\Common Files\AppFramework.dll
2011-06-19 14:53 . 2011-06-19 15:36 -------- d-----w- c:\programdata\Corel
2011-06-19 14:50 . 2011-06-19 14:51 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-06-19 03:01 . 2011-06-19 03:14 -------- d-----w- C:\TubeSucker Videos
2011-06-18 18:45 . 2011-06-18 18:45 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft
2011-06-18 18:45 . 2011-06-18 18:45 -------- d-----w- c:\program files\UltraMon
2011-06-18 18:34 . 2011-06-26 18:34 32278528 ----a-w- c:\windows\system32\imageres.dll
2011-06-18 18:07 . 2011-06-18 18:08 -------- d-----w- c:\program files (x86)\Weather Watcher
2011-06-18 18:07 . 2004-05-27 09:32 102400 ----a-w- c:\windows\SysWow64\unzip32.dll
2011-06-18 17:36 . 2011-06-30 21:27 -------- d-----w- c:\program files (x86)\Chameleon Clock
2011-06-18 16:10 . 2011-06-18 16:10 -------- d-----w- c:\program files (x86)\TeamViewer
2011-06-18 15:45 . 2011-06-22 14:06 -------- d-----w- c:\program files (x86)\Real
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----r- c:\program files (x86)\Skype
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\programdata\Skype
2011-06-18 15:42 . 2011-06-18 15:46 -------- d-----w- c:\programdata\Google Updater
2011-06-18 15:36 . 2005-04-05 00:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2011-06-18 15:36 . 2005-03-28 22:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2011-06-18 15:36 . 2005-03-28 22:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2011-06-18 15:36 . 2005-02-24 18:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2011-06-18 15:36 . 2005-05-18 18:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2011-06-18 15:36 . 2005-05-17 19:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2011-06-18 15:36 . 2005-04-25 20:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2011-06-18 15:36 . 2005-04-25 20:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2011-06-18 15:36 . 2005-04-15 19:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2011-06-18 15:36 . 2004-11-04 20:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2011-06-18 15:36 . 2002-01-05 23:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2011-06-18 15:36 . 2011-06-18 15:36 -------- d-----w- c:\program files (x86)\Audio Recorder for Free
2011-06-18 01:25 . 2007-07-26 10:00 53488 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Napster Shared
2011-06-18 01:23 . 2011-06-18 01:23 -------- d-----w- c:\programdata\Napster
2011-06-18 01:23 . 2011-06-18 01:26 -------- d-----w- c:\program files (x86)\Napster
2011-06-17 22:46 . 2011-06-17 22:47 -------- d-----w- c:\programdata\LogiShrd
2011-06-17 22:45 . 2011-06-17 22:46 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-06-17 22:45 . 2009-07-20 19:33 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-06-17 22:45 . 2009-07-20 19:35 96272 ----a-w- c:\windows\system32\KemXML.dll
2011-06-17 22:45 . 2009-07-20 19:34 159248 ----a-w- c:\windows\system32\KemWnd.dll
2011-06-17 22:45 . 2009-07-20 19:34 235536 ----a-w- c:\windows\system32\KemUtil.dll
2011-06-17 22:45 . 2009-07-20 19:34 235536 ----a-w- c:\windows\system32\kemutb.dll
2011-06-17 22:45 . 2011-06-17 22:45 -------- d-----w- c:\programdata\Logitech
2011-06-17 22:45 . 2011-06-17 22:46 -------- d-----w- c:\program files\Common Files\Logishrd
2011-06-17 22:45 . 2011-06-17 22:45 -------- d-----w- c:\program files\Logitech
2011-06-17 22:42 . 2011-06-17 22:42 -------- d-----w- c:\program files\Saitek
2011-06-17 22:40 . 2008-07-29 22:02 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-06-17 22:28 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-17 22:28 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-06-17 22:28 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files\Common Files\Apple
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files\Bonjour
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-17 22:26 . 2011-06-17 22:27 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\programdata\Apple
2011-06-17 21:27 . 2007-03-05 18:51 360580 ----a-w- c:\windows\eSellerateEngine.dll
2011-06-17 21:27 . 2011-06-17 21:28 -------- d-----w- c:\program files (x86)\Hot CPU Tester Pro 4 LE
2011-06-17 19:22 . 2011-06-17 19:22 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-06-17 19:19 . 2010-06-07 19:10 53904 ----a-w- c:\windows\system32\wbload.dll
2011-06-17 19:19 . 2011-06-17 19:19 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2011-06-17 19:18 . 2010-06-07 19:10 57904 ----a-w- c:\windows\SysWow64\wbload.dll
2011-06-17 19:13 . 2011-06-17 19:13 -------- d-----w- c:\programdata\Gibraltar
2011-06-17 19:10 . 2011-06-17 19:10 -------- d--h--w- c:\programdata\Common Files
2011-06-17 19:09 . 2011-06-30 21:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-06-17 19:08 . 2011-06-30 21:19 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-17 19:04 . 2011-06-18 15:27 -------- d-----w- c:\programdata\Stardock
2011-06-17 19:04 . 2011-06-17 19:21 -------- d-----w- c:\program files (x86)\Stardock
2011-06-17 19:03 . 2011-06-17 19:04 -------- dc-h--w- c:\programdata\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\programdata\AIM
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\AIM
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-06-17 18:11 . 2011-06-18 16:39 -------- d-----w- c:\programdata\Yahoo!
2011-06-17 18:10 . 2011-06-18 16:49 -------- d-----w- c:\program files (x86)\Yahoo!
2011-06-17 17:52 . 2011-06-17 17:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-17 17:26 . 2011-06-17 17:28 -------- d-----w- C:\Virtual Box Programs
2011-06-17 17:24 . 2011-06-30 21:21 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-17 16:31 . 2011-06-17 16:31 -------- d-----w- c:\windows\system32\SPReview
2011-06-17 16:31 . 2011-06-17 16:31 -------- d-----w- c:\windows\system32\EventProviders
2011-06-17 16:29 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-17 16:29 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-17 16:27 . 2010-11-20 13:27 1281024 ----a-w- c:\windows\system32\werconcpl.dll
2011-06-17 16:26 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-17 16:26 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-06-17 16:26 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-17 16:26 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-17 16:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-17 16:08 . 2011-06-17 16:08 -------- d-----w- c:\windows\en
2011-06-17 16:07 . 2011-06-17 16:07 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\program files\Windows Live
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\windows\system32\Wat
2011-06-17 16:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-17 16:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-17 15:23 . 2011-06-30 13:28 -------- d-----w- c:\program files (x86)\HardCopy Pro
2011-06-17 15:20 . 2011-06-17 15:20 -------- d-----w- c:\program files (x86)\7-Zip
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 14:05 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-22 14:05 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-06-17 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-17 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-17 15:20 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-05 07:59 . 2011-04-05 07:59 377936 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SansaDispatch"="c:\users\Lori\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-06-17 79872]
"HomeAlarm"="c:\program files (x86)\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 425984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-22 273544]
.
c:\users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-17 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-11-29 18:40 534832 ----a-w- c:\progra~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;c:\program files (x86)\Chameleon Clock\settime.exe [2007-06-27 58880]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\windows\system32\comres32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\windows\system32\sqlunirl32.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 WindowFX;Stardock WindowFX;c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2010-11-04 185648]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 SaiK8018;SaiK8018;c:\windows\system32\DRIVERS\SaiK8018.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 93449428
*Deregistered* - 93449428
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-18 15:42]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:43]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-07-29 186880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.westathome.net/Login.aspx?ReturnUrl=%2fNewsGroups%2fBroadCastMessages.aspx
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: toolbar-amazon@alexa.com - %profile%\extensions\toolbar-amazon@alexa.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-323256738-3390490011-1790856449-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-323256738-3390490011-1790856449-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-30 17:05:38
ComboFix-quarantined-files.txt 2011-06-30 22:05
.
Pre-Run: 375,051,350,016 bytes free
Post-Run: 374,987,681,792 bytes free
.
- - End Of File - - EA8A6B5C5655B30872B78AA0CC4E8CA1

And the checkup log:

Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 14
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (3.6.18) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 06:10 PM

We're making progress :wink:


Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::
93449428

File::
c:\windows\system32\drivers\93449428.sys

Reglock::
[HKEY_USERS\S-1-5-21-323256738-3390490011-1790856449-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-323256738-3390490011-1790856449-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how your system is running :).
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 06:47 PM

My system is running fine, but it wasn't actually running bad before. All that was happening was whenever I googled something and clicked any of the results, I ended up at the wrong pages. I did test by googling some stuff after running the combo fix earlier and everything seemed to take me to the correct links...no more yellow pages and various other sites I was getting directed to before.

Here is the new log:

ComboFix 11-06-30.03 - Lori 06/30/2011 18:34:19.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4591 [GMT -5:00]
Running from: c:\users\Lori\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 23:39 . 2011-06-30 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 22:37 . 2011-06-30 22:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 22:37 . 2011-05-04 09:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-30 17:43 . 2011-06-24 20:04 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-30 17:43 . 2011-06-24 20:05 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-30 17:43 . 2011-06-30 17:43 -------- d-----w- c:\program files\Oracle
2011-06-29 12:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 12:16 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 12:16 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 12:16 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 12:16 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-24 20:05 . 2011-06-24 20:05 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-06-24 20:05 . 2011-06-24 20:05 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-06-24 20:04 . 2011-06-24 20:04 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-06-22 14:06 . 2011-06-22 14:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-06-21 16:22 . 2011-06-21 16:22 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-21 04:37 . 2011-06-21 04:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-21 04:36 . 2011-06-21 04:36 -------- d-----w- c:\programdata\!SASCORE
2011-06-21 04:36 . 2011-06-30 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-20 23:30 . 2011-06-20 23:30 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-20 23:28 . 2011-06-20 23:28 -------- d-----w- c:\programdata\Lavasoft
2011-06-20 18:54 . 2011-06-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 18:54 . 2011-05-29 15:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-20 18:54 . 2011-06-20 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-20 18:54 . 2011-05-29 15:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 13:49 . 2011-06-20 13:49 -------- d-----w- C:\$AVG
2011-06-19 21:52 . 2011-06-19 21:52 -------- d-----w- c:\windows\Sun
2011-06-19 15:39 . 2010-06-27 10:49 330400 ----a-w- c:\program files (x86)\Common Files\MediaOrganizer.dll
2011-06-19 15:39 . 2010-06-27 10:45 31392 ----a-w- c:\program files (x86)\Common Files\FlickrProvider.dll
2011-06-19 15:39 . 2010-06-27 10:45 401056 ----a-w- c:\program files (x86)\Common Files\facebook.dll
2011-06-19 15:39 . 2010-06-27 10:45 128672 ----a-w- c:\program files (x86)\Common Files\PluginCommon.dll
2011-06-19 15:39 . 2010-06-27 10:44 463520 ----a-w- c:\program files (x86)\Common Files\AppFramework.dll
2011-06-19 14:53 . 2011-06-19 15:36 -------- d-----w- c:\programdata\Corel
2011-06-19 14:50 . 2011-06-19 14:51 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-06-19 03:01 . 2011-06-19 03:14 -------- d-----w- C:\TubeSucker Videos
2011-06-18 18:45 . 2011-06-18 18:45 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft
2011-06-18 18:45 . 2011-06-18 18:45 -------- d-----w- c:\program files\UltraMon
2011-06-18 18:34 . 2011-06-26 18:34 32278528 ----a-w- c:\windows\system32\imageres.dll
2011-06-18 18:07 . 2011-06-18 18:08 -------- d-----w- c:\program files (x86)\Weather Watcher
2011-06-18 18:07 . 2004-05-27 09:32 102400 ----a-w- c:\windows\SysWow64\unzip32.dll
2011-06-18 17:36 . 2011-06-30 22:30 -------- d-----w- c:\program files (x86)\Chameleon Clock
2011-06-18 16:10 . 2011-06-18 16:10 -------- d-----w- c:\program files (x86)\TeamViewer
2011-06-18 15:45 . 2011-06-22 14:06 -------- d-----w- c:\program files (x86)\Real
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----r- c:\program files (x86)\Skype
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\programdata\Skype
2011-06-18 15:42 . 2011-06-18 15:46 -------- d-----w- c:\programdata\Google Updater
2011-06-18 15:36 . 2005-04-05 00:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2011-06-18 15:36 . 2005-03-28 22:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2011-06-18 15:36 . 2005-03-28 22:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2011-06-18 15:36 . 2005-02-24 18:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2011-06-18 15:36 . 2005-05-18 18:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2011-06-18 15:36 . 2005-05-17 19:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2011-06-18 15:36 . 2005-04-25 20:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2011-06-18 15:36 . 2005-04-25 20:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2011-06-18 15:36 . 2005-04-15 19:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2011-06-18 15:36 . 2004-11-04 20:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2011-06-18 15:36 . 2002-01-05 23:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2011-06-18 15:36 . 2011-06-18 15:36 -------- d-----w- c:\program files (x86)\Audio Recorder for Free
2011-06-18 01:25 . 2007-07-26 10:00 53488 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Napster Shared
2011-06-18 01:23 . 2011-06-18 01:23 -------- d-----w- c:\programdata\Napster
2011-06-18 01:23 . 2011-06-18 01:26 -------- d-----w- c:\program files (x86)\Napster
2011-06-17 22:46 . 2011-06-17 22:47 -------- d-----w- c:\programdata\LogiShrd
2011-06-17 22:45 . 2011-06-17 22:46 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-06-17 22:45 . 2009-07-20 19:33 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-06-17 22:45 . 2009-07-20 19:35 96272 ----a-w- c:\windows\system32\KemXML.dll
2011-06-17 22:45 . 2009-07-20 19:34 159248 ----a-w- c:\windows\system32\KemWnd.dll
2011-06-17 22:45 . 2009-07-20 19:34 235536 ----a-w- c:\windows\system32\KemUtil.dll
2011-06-17 22:45 . 2009-07-20 19:34 235536 ----a-w- c:\windows\system32\kemutb.dll
2011-06-17 22:45 . 2011-06-17 22:45 -------- d-----w- c:\programdata\Logitech
2011-06-17 22:45 . 2011-06-17 22:46 -------- d-----w- c:\program files\Common Files\Logishrd
2011-06-17 22:45 . 2011-06-17 22:45 -------- d-----w- c:\program files\Logitech
2011-06-17 22:42 . 2011-06-17 22:42 -------- d-----w- c:\program files\Saitek
2011-06-17 22:40 . 2008-07-29 22:02 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-06-17 22:28 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-17 22:28 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-06-17 22:28 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files\Common Files\Apple
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files\Bonjour
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-17 22:26 . 2011-06-17 22:27 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\programdata\Apple
2011-06-17 21:27 . 2007-03-05 18:51 360580 ----a-w- c:\windows\eSellerateEngine.dll
2011-06-17 21:27 . 2011-06-17 21:28 -------- d-----w- c:\program files (x86)\Hot CPU Tester Pro 4 LE
2011-06-17 19:22 . 2011-06-17 19:22 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-06-17 19:19 . 2010-06-07 19:10 53904 ----a-w- c:\windows\system32\wbload.dll
2011-06-17 19:19 . 2011-06-17 19:19 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2011-06-17 19:18 . 2010-06-07 19:10 57904 ----a-w- c:\windows\SysWow64\wbload.dll
2011-06-17 19:13 . 2011-06-17 19:13 -------- d-----w- c:\programdata\Gibraltar
2011-06-17 19:10 . 2011-06-17 19:10 -------- d--h--w- c:\programdata\Common Files
2011-06-17 19:09 . 2011-06-30 21:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-06-17 19:08 . 2011-06-30 21:19 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-17 19:04 . 2011-06-18 15:27 -------- d-----w- c:\programdata\Stardock
2011-06-17 19:04 . 2011-06-17 19:21 -------- d-----w- c:\program files (x86)\Stardock
2011-06-17 19:03 . 2011-06-17 19:04 -------- dc-h--w- c:\programdata\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\programdata\AIM
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\AIM
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-06-17 18:11 . 2011-06-18 16:39 -------- d-----w- c:\programdata\Yahoo!
2011-06-17 18:10 . 2011-06-18 16:49 -------- d-----w- c:\program files (x86)\Yahoo!
2011-06-17 17:52 . 2011-06-17 17:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-17 17:26 . 2011-06-17 17:28 -------- d-----w- C:\Virtual Box Programs
2011-06-17 17:24 . 2011-06-30 21:21 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-17 16:31 . 2011-06-17 16:31 -------- d-----w- c:\windows\system32\SPReview
2011-06-17 16:31 . 2011-06-17 16:31 -------- d-----w- c:\windows\system32\EventProviders
2011-06-17 16:29 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-17 16:29 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-17 16:27 . 2010-11-20 13:27 1281024 ----a-w- c:\windows\system32\werconcpl.dll
2011-06-17 16:26 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-17 16:26 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-06-17 16:26 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-17 16:26 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-17 16:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-17 16:08 . 2011-06-17 16:08 -------- d-----w- c:\windows\en
2011-06-17 16:07 . 2011-06-17 16:07 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\program files\Windows Live
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\windows\system32\Wat
2011-06-17 16:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-17 16:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 14:05 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-22 14:05 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-06-17 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-17 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-17 15:20 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-05 07:59 . 2011-04-05 07:59 377936 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-30_22.03.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-17 07:06 . 2011-06-30 22:33 42582 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-30 22:33 40812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-30 21:26 40812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-17 14:02 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-17 14:02 . 2011-06-30 22:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-17 14:02 . 2011-06-30 22:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-17 14:02 . 2011-06-30 21:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-17 14:02 . 2011-06-30 22:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-17 14:02 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-17 13:45 . 2011-06-30 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-17 13:45 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-17 13:45 . 2011-06-30 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-17 13:45 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-17 15:01 . 2011-06-30 22:33 8332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-323256738-3390490011-1790856449-1001_UserData.bin
- 2011-06-30 21:23 . 2011-06-30 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-30 22:30 . 2011-06-30 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-30 21:23 . 2011-06-30 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 22:30 . 2011-06-30 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 22:37 . 2011-05-04 09:52 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-06-30 22:37 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-06-30 22:37 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\java.exe
- 2009-07-14 05:01 . 2011-06-30 21:22 331968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-30 22:29 331968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-30 22:37 . 2011-06-30 22:37 207360 c:\windows\Installer\69672.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SansaDispatch"="c:\users\Lori\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-06-17 79872]
"HomeAlarm"="c:\program files (x86)\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 425984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-22 273544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-17 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-11-29 18:40 534832 ----a-w- c:\progra~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;c:\program files (x86)\Chameleon Clock\settime.exe [2007-06-27 58880]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\windows\system32\comres32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\windows\system32\sqlunirl32.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 WindowFX;Stardock WindowFX;c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2010-11-04 185648]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 SaiK8018;SaiK8018;c:\windows\system32\DRIVERS\SaiK8018.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-18 15:42]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:43]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-07-29 186880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.westathome.net/Login.aspx?ReturnUrl=%2fNewsGroups%2fBroadCastMessages.aspx
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: toolbar-amazon@alexa.com - %profile%\extensions\toolbar-amazon@alexa.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-323256738-3390490011-1790856449-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-323256738-3390490011-1790856449-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-30 18:41:44
ComboFix-quarantined-files.txt 2011-06-30 23:41
ComboFix2.txt 2011-06-30 22:05
.
Pre-Run: 374,929,764,352 bytes free
Post-Run: 374,506,500,096 bytes free
.
- - End Of File - - C9FDD232A2D026C1504CAD179CC6E943

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 07:28 PM

You didn't use the CFScript. Please re-read my instructions and post the log ComboFix creates after you have drag-and-drop the CFScript onto ComboFix.exe. :wink:
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 07:54 PM

Well, actually I did do the CF Script the first time, but when it was doing the extracting, it did pop up a warning about some file (and sorry, I don't remember what it said) but it gave me the option to ignore, abort or retry. When I hit the retry button, it seemed to finish running through what it was supposed to on it's own. I did do the steps again and this time, it didn't pop up any warning but the combo fix program rebooted my machine at the end (didn't do that before). Here is the log that came up after this run....let me know if it still is not working, I don't really know how to tell:

ComboFix 11-06-30.03 - Lori 06/30/2011 19:35:08.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4316 [GMT -5:00]
Running from: c:\users\Lori\Desktop\ComboFix.exe
Command switches used :: c:\users\Lori\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\93449428.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_93449428
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 00:39 . 2011-07-01 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 22:37 . 2011-06-30 22:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 22:37 . 2011-05-04 09:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-30 17:43 . 2011-06-24 20:04 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-30 17:43 . 2011-06-24 20:05 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-30 17:43 . 2011-06-30 17:43 -------- d-----w- c:\program files\Oracle
2011-06-29 12:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 12:16 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 12:16 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 12:16 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 12:16 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-24 20:05 . 2011-06-24 20:05 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-06-24 20:05 . 2011-06-24 20:05 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-06-24 20:04 . 2011-06-24 20:04 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-06-22 14:06 . 2011-06-22 14:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-06-21 16:22 . 2011-06-21 16:22 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-21 04:37 . 2011-06-21 04:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-21 04:36 . 2011-06-21 04:36 -------- d-----w- c:\programdata\!SASCORE
2011-06-21 04:36 . 2011-06-30 22:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-20 23:30 . 2011-06-20 23:30 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-20 23:28 . 2011-06-20 23:28 -------- d-----w- c:\programdata\Lavasoft
2011-06-20 18:54 . 2011-06-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 18:54 . 2011-05-29 15:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-20 18:54 . 2011-06-20 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-20 18:54 . 2011-05-29 15:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 13:49 . 2011-06-20 13:49 -------- d-----w- C:\$AVG
2011-06-19 21:52 . 2011-06-19 21:52 -------- d-----w- c:\windows\Sun
2011-06-19 15:39 . 2010-06-27 10:49 330400 ----a-w- c:\program files (x86)\Common Files\MediaOrganizer.dll
2011-06-19 15:39 . 2010-06-27 10:45 31392 ----a-w- c:\program files (x86)\Common Files\FlickrProvider.dll
2011-06-19 15:39 . 2010-06-27 10:45 401056 ----a-w- c:\program files (x86)\Common Files\facebook.dll
2011-06-19 15:39 . 2010-06-27 10:45 128672 ----a-w- c:\program files (x86)\Common Files\PluginCommon.dll
2011-06-19 15:39 . 2010-06-27 10:44 463520 ----a-w- c:\program files (x86)\Common Files\AppFramework.dll
2011-06-19 14:53 . 2011-06-19 15:36 -------- d-----w- c:\programdata\Corel
2011-06-19 14:50 . 2011-06-19 14:51 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-06-19 03:01 . 2011-06-19 03:14 -------- d-----w- C:\TubeSucker Videos
2011-06-18 18:45 . 2011-06-18 18:45 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft
2011-06-18 18:45 . 2011-06-18 18:45 -------- d-----w- c:\program files\UltraMon
2011-06-18 18:34 . 2011-06-26 18:34 32278528 ----a-w- c:\windows\system32\imageres.dll
2011-06-18 18:07 . 2011-06-18 18:08 -------- d-----w- c:\program files (x86)\Weather Watcher
2011-06-18 18:07 . 2004-05-27 09:32 102400 ----a-w- c:\windows\SysWow64\unzip32.dll
2011-06-18 17:36 . 2011-07-01 00:42 -------- d-----w- c:\program files (x86)\Chameleon Clock
2011-06-18 16:10 . 2011-06-18 16:10 -------- d-----w- c:\program files (x86)\TeamViewer
2011-06-18 15:45 . 2011-06-22 14:06 -------- d-----w- c:\program files (x86)\Real
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----r- c:\program files (x86)\Skype
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\programdata\Skype
2011-06-18 15:42 . 2011-06-18 15:46 -------- d-----w- c:\programdata\Google Updater
2011-06-18 15:36 . 2005-04-05 00:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2011-06-18 15:36 . 2005-03-28 22:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2011-06-18 15:36 . 2005-03-28 22:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2011-06-18 15:36 . 2005-02-24 18:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2011-06-18 15:36 . 2005-05-18 18:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2011-06-18 15:36 . 2005-05-17 19:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2011-06-18 15:36 . 2005-04-25 20:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2011-06-18 15:36 . 2005-04-25 20:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2011-06-18 15:36 . 2005-04-15 19:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2011-06-18 15:36 . 2004-11-04 20:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2011-06-18 15:36 . 2002-01-05 23:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2011-06-18 15:36 . 2011-06-18 15:36 -------- d-----w- c:\program files (x86)\Audio Recorder for Free
2011-06-18 01:25 . 2007-07-26 10:00 53488 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-06-18 01:25 . 2011-06-18 01:25 -------- d-----w- c:\program files (x86)\Common Files\Napster Shared
2011-06-18 01:23 . 2011-06-18 01:23 -------- d-----w- c:\programdata\Napster
2011-06-18 01:23 . 2011-06-18 01:26 -------- d-----w- c:\program files (x86)\Napster
2011-06-17 22:46 . 2011-06-17 22:47 -------- d-----w- c:\programdata\LogiShrd
2011-06-17 22:45 . 2011-06-17 22:46 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-06-17 22:45 . 2009-07-20 19:33 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-06-17 22:45 . 2009-07-20 19:35 96272 ----a-w- c:\windows\system32\KemXML.dll
2011-06-17 22:45 . 2009-07-20 19:34 159248 ----a-w- c:\windows\system32\KemWnd.dll
2011-06-17 22:45 . 2009-07-20 19:34 235536 ----a-w- c:\windows\system32\KemUtil.dll
2011-06-17 22:45 . 2009-07-20 19:34 235536 ----a-w- c:\windows\system32\kemutb.dll
2011-06-17 22:45 . 2011-06-17 22:45 -------- d-----w- c:\programdata\Logitech
2011-06-17 22:45 . 2011-06-17 22:46 -------- d-----w- c:\program files\Common Files\Logishrd
2011-06-17 22:45 . 2011-06-17 22:45 -------- d-----w- c:\program files\Logitech
2011-06-17 22:42 . 2011-06-17 22:42 -------- d-----w- c:\program files\Saitek
2011-06-17 22:40 . 2008-07-29 22:02 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-06-17 22:28 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-17 22:28 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-06-17 22:28 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files\Common Files\Apple
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files\Bonjour
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-17 22:26 . 2011-06-17 22:27 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-06-17 22:26 . 2011-06-17 22:26 -------- d-----w- c:\programdata\Apple
2011-06-17 21:27 . 2007-03-05 18:51 360580 ----a-w- c:\windows\eSellerateEngine.dll
2011-06-17 21:27 . 2011-06-17 21:28 -------- d-----w- c:\program files (x86)\Hot CPU Tester Pro 4 LE
2011-06-17 19:22 . 2011-06-17 19:22 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-06-17 19:19 . 2010-06-07 19:10 53904 ----a-w- c:\windows\system32\wbload.dll
2011-06-17 19:19 . 2011-06-17 19:19 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2011-06-17 19:18 . 2010-06-07 19:10 57904 ----a-w- c:\windows\SysWow64\wbload.dll
2011-06-17 19:13 . 2011-06-17 19:13 -------- d-----w- c:\programdata\Gibraltar
2011-06-17 19:10 . 2011-06-17 19:10 -------- d--h--w- c:\programdata\Common Files
2011-06-17 19:09 . 2011-06-30 21:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-06-17 19:08 . 2011-06-30 21:19 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-17 19:04 . 2011-06-18 15:27 -------- d-----w- c:\programdata\Stardock
2011-06-17 19:04 . 2011-06-17 19:21 -------- d-----w- c:\program files (x86)\Stardock
2011-06-17 19:03 . 2011-06-17 19:04 -------- dc-h--w- c:\programdata\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\programdata\AIM
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\AIM
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-06-17 18:17 . 2011-06-17 18:17 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-06-17 18:11 . 2011-06-18 16:39 -------- d-----w- c:\programdata\Yahoo!
2011-06-17 18:10 . 2011-06-18 16:49 -------- d-----w- c:\program files (x86)\Yahoo!
2011-06-17 17:52 . 2011-06-17 17:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-17 17:26 . 2011-06-17 17:28 -------- d-----w- C:\Virtual Box Programs
2011-06-17 17:24 . 2011-06-30 21:21 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-17 16:31 . 2011-06-17 16:31 -------- d-----w- c:\windows\system32\SPReview
2011-06-17 16:31 . 2011-06-17 16:31 -------- d-----w- c:\windows\system32\EventProviders
2011-06-17 16:29 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-17 16:29 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-17 16:27 . 2010-11-20 13:27 1281024 ----a-w- c:\windows\system32\werconcpl.dll
2011-06-17 16:26 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-17 16:26 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-06-17 16:26 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-17 16:26 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-17 16:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-17 16:08 . 2011-06-17 16:08 -------- d-----w- c:\windows\en
2011-06-17 16:07 . 2011-06-17 16:07 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\program files\Windows Live
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-17 16:06 . 2011-06-17 16:06 -------- d-----w- c:\windows\system32\Wat
2011-06-17 16:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-17 16:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 14:05 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-22 14:05 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-06-17 16:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-17 16:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-17 15:20 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-25 02:12 . 2011-06-17 07:38 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C86110C0-50D9-47FB-8248-10741DDF155F}\mpengine.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-05 07:59 . 2011-04-05 07:59 377936 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-30_22.03.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-17 07:06 . 2011-06-30 22:33 42582 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-01 00:44 40820 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-17 14:02 . 2011-07-01 00:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-17 14:02 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-17 14:02 . 2011-07-01 00:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-17 14:02 . 2011-06-30 21:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-17 14:02 . 2011-07-01 00:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-17 14:02 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-17 13:45 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-17 13:45 . 2011-07-01 00:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-17 13:45 . 2011-06-30 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-17 13:45 . 2011-07-01 00:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-17 15:01 . 2011-07-01 00:44 8606 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-323256738-3390490011-1790856449-1001_UserData.bin
+ 2011-07-01 00:41 . 2011-07-01 00:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-30 21:23 . 2011-06-30 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-30 21:23 . 2011-06-30 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-01 00:41 . 2011-07-01 00:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 22:37 . 2011-05-04 09:52 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-06-30 22:37 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-06-30 22:37 . 2011-05-04 09:52 145184 c:\windows\SysWOW64\java.exe
+ 2011-06-17 15:31 . 2011-07-01 00:40 797056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-06-17 15:31 . 2011-06-30 01:16 797056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-07-01 00:40 331968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-06-30 21:22 331968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-30 22:37 . 2011-06-30 22:37 207360 c:\windows\Installer\69672.msi
- 2011-06-17 23:08 . 2011-06-30 21:07 1746964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-323256738-3390490011-1790856449-1001-12288.dat
+ 2011-06-17 23:08 . 2011-07-01 00:40 1746964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-323256738-3390490011-1790856449-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SansaDispatch"="c:\users\Lori\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-06-17 79872]
"HomeAlarm"="c:\program files (x86)\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 425984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-22 273544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-17 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-11-29 18:40 534832 ----a-w- c:\progra~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 136176]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\windows\system32\comres32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\windows\system32\sqlunirl32.exe [x]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;c:\program files (x86)\Chameleon Clock\settime.exe [2007-06-27 58880]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 WindowFX;Stardock WindowFX;c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2010-11-04 185648]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 SaiK8018;SaiK8018;c:\windows\system32\DRIVERS\SaiK8018.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-18 15:42]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:43]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"combofix"="c:\combofix\CF20830.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-07-29 186880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4psfgjp1.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.westathome.net/Login.aspx?ReturnUrl=%2fNewsGroups%2fBroadCastMessages.aspx
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: toolbar-amazon@alexa.com - %profile%\extensions\toolbar-amazon@alexa.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WFX32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-06-30 19:48:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-01 00:48
ComboFix2.txt 2011-06-30 23:41
ComboFix3.txt 2011-06-30 22:05
.
Pre-Run: 374,579,589,120 bytes free
Post-Run: 374,349,246,464 bytes free
.
- - End Of File - - BBF4A339824CFD5102339EA27AAE9A15

#10 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 07:55 PM

Forgot to add, after the combo fix rebooted my computer, when it came back up, the CF Script text file I made is now deleted off my desk top.

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 08:00 PM

I did do the steps again and this time, it didn't pop up any warning but the combo fix program rebooted my machine at the end (didn't do that before). Here is the log that came up after this run....let me know if it still is not working, I don't really know how to tell:

I understand- it appears some glitch occurred (happens sometimes :P ). Fortunately, the CFScript ran correctly this time, which means we've made great progress! :wink:

Forgot to add, after the combo fix rebooted my computer, when it came back up, the CF Script text file I made is now deleted off my desk top.

Yep, that's normal :thumbup2:.

Before we move on, are you still encountering any issues? Do you have any problems or concerns I could answer before we move to the next step? :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 08:03 PM

No everything is fine over here. Google is working fine so as far as I can tell, everything is back to normal.

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 08:05 PM

Glad to hear that! Let's run some online scans to confirm you're clean :wink: :

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

--------

Please include the ESET and BitDefender scan logs in your next reply :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 Cheesestick

Cheesestick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 June 2011 - 08:05 PM

Oh, I noticed after running each fix, it is deleting my work software program which I reinstalled in between and I just noticed it is gone again. It is Gateway V2 (West). It is no problem for me, I can reinstall any time after we are done but I didn't know if you are setting it to delete because you think it is bad??

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:17 AM

Posted 30 June 2011 - 08:10 PM

Oh, I noticed after running each fix, it is deleting my work software program which I reinstalled in between and I just noticed it is gone again. It is Gateway V2 (West). It is no problem for me, I can reinstall any time after we are done but I didn't know if you are setting it to delete because you think it is bad??

I don't believe I have. That is odd for ComboFix to be removing it :blink:

If you can wait until we're done to reinstall it, that would probably be the safest option.

Can you give me some more information about the program, such as which company makes it and what files (if you don't know then that's no problem) it created?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users