Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conserv.dll Combofix log


  • This topic is locked This topic is locked
19 replies to this topic

#1 walterbayliss

walterbayliss

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 19 February 2012 - 06:50 AM

Hi this is a copy of the combo fix log.

I have the trouble of the consrv.dll being detected on this computer - and one other at home.
Have run malwarebytes (nothign detects)
and then it shows in Kaspersky - but does not seem to delete.

Combofix log computer 1

ComboFix 12-02-17.02 - Walt 19/02/2012 21:56:52.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8048.4284 [GMT 11:00]
Running from: c:\users\Walt\Documents\My Dropbox\Public\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Walt\AppData\Local\assembly\tmp
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\MODIFIED\@APPDATA@\ubotcompile2480495\Interop.SHDocVw.dll
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\MODIFIED\@APPDATA@\ubotcompile2757997\Interop.SHDocVw.dll
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\MODIFIED\@APPDATA@\ubotcompile5497671\Interop.SHDocVw.dll
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\MODIFIED\@APPDATA@\ubotcompile7081688\Interop.SHDocVw.dll
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\MODIFIED\@APPDATA@\ubotcompile8915985\Interop.SHDocVw.dll
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\compile.exe_0x5F4166D53D18E674EF964D14371EFD8D.1.manifest
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\users\Walt\AppData\Local\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\XRegistry.tmp
c:\users\Walt\AppData\Roaming\EurekaLog
c:\users\Walt\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\Walt\AppData\Roaming\ubot
c:\users\Walt\AppData\Roaming\ubot\favorites.ubot
c:\users\Walt\Documents\~WRL3485.tmp
c:\users\Walt\Documents\u-bot
c:\users\Walt\Documents\u-bot\friendpos.txt
c:\users\Walt\Documents\u-bot\mailpos.txt
c:\users\Walt\Documents\u-bot\urls.txt
c:\users\Walt\g2mdlhlpx.exe
c:\users\Walt\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 11:08 . 2012-02-19 11:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-19 11:08 . 2012-02-19 11:08 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-02-17 20:52 . 2012-02-17 20:52 -------- d-----w- c:\users\Walt\AppData\Roaming\PrPowershot
2012-02-17 20:51 . 2012-02-17 20:51 -------- d-----w- c:\program files (x86)\PrPowershot
2012-02-16 00:37 . 2012-02-16 00:37 -------- d-----w- c:\program files (x86)\PingFM Multi
2012-02-14 19:57 . 2012-02-14 19:57 -------- d-----w- c:\users\Walt\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-02-14 19:43 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 19:43 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 19:43 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 19:43 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 19:42 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-13 04:24 . 2012-02-13 04:24 -------- d-----w- c:\program files (x86)\Cashflow Sofware
2012-02-03 00:55 . 2012-02-03 00:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-31 23:31 . 2012-01-31 23:31 -------- d-----w- c:\program files (x86)\SerpAlertPro
2012-01-30 10:56 . 2012-01-30 10:57 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-01-23 10:17 . 2012-01-23 10:17 -------- d-----w- c:\program files\iPod
2012-01-23 10:17 . 2012-01-23 10:17 -------- d-----w- c:\program files\iTunes
2012-01-23 10:17 . 2012-01-23 10:17 -------- d-----w- c:\program files (x86)\iTunes
2012-01-23 01:12 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 01:12 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-23 01:12 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-23 01:12 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-23 01:12 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-23 01:12 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-23 01:12 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-23 01:12 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 01:12 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 01:12 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:00 . 2010-08-19 01:48 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-08 06:00 . 2010-08-19 01:48 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-08 06:00 . 2010-08-19 01:48 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-26 13:52 . 2010-03-15 01:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58 . 2012-02-14 19:43 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 05:27 . 2012-02-14 19:43 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-19 11:36 . 2010-08-19 01:48 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-16 07:52 . 2012-02-14 19:42 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2011-12-14 02:57 . 2012-02-15 13:27 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 02:50 . 2012-02-15 13:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-10 04:24 . 2011-12-06 23:35 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 08:57 . 2011-06-08 11:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-04 01:40 . 2011-03-12 10:33 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-26 05:21 . 2011-03-22 02:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-26 05:21 . 2011-11-26 05:21 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BookMarkLoversPremium"="c:\users\Walt\Documents\Business\EMarketing\BookMarkLovers\BMLoversServerEngine_Premium\BMLoversServerEngine(Premium).exe" [2012-02-09 2847744]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"2467BAF4AE738DA0323CC1DF6C0122FD485BA56C._service_run"="c:\users\Walt\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-12-07 1047096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-12 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-11 365336]
"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Lightning.lnk - c:\program files (x86)\Desktop Lightning\Desktop Lightning.exe [2011-8-3 142848]
Dropbox.lnk - c:\users\Walt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-19 24246216]
SerpAlertPro.lnk - c:\program files (x86)\SerpAlertPro\SerpAlertPro.exe [2012-2-1 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 ReflectService;Reflect Customer Database;c:\program files (x86)\NCH Software\Reflect\reflect.exe [2011-05-13 913412]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbusx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$PROVIDUSSTD;SQL Server Agent (PROVIDUSSTD);c:\program files\Microsoft SQL Server\MSSQL10_50.PROVIDUSSTD\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-03 173352]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-11-23 330072]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-11-23 329544]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-08 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MSSQL$PROVIDUSSTD;SQL Server (PROVIDUSSTD);c:\program files\Microsoft SQL Server\MSSQL10_50.PROVIDUSSTD\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-14 2855808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [x]
S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 04:14]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 04:14]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4109752836-1056184250-3412177512-1004Core.job
- c:\users\Walt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 08:06]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4109752836-1056184250-3412177512-1004UA.job
- c:\users\Walt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 08:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-11-23 20:45 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Walt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"TosVolRegulator"="c:\windows\TosVolRegulator_x64.exe" [2009-09-05 47928]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 173.208.95.160:61493
uSearchURL,(Default) = hxxp://www.google.ro
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7762669A-B388-42F6-925D-BDB73B40B3BC}: NameServer = 10.62.16.1
FF - ProfilePath - c:\users\Walt\AppData\Roaming\Mozilla\Firefox\Profiles\jswqndhi.WaltProfile\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?hl=en&zx=94gqthzcjoo6&shva=1#inbox|http://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=alxf-2.11&src=ab&aid=KMMZc1BiKQ00gV&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-IBP - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-FBViralizer Fan Page Generator - c:\windows\system32\swb_uninst.exe
AddRemove-DesktopLightning - c:\users\Walt\Programs\DesktopLightning\DesktopLightning.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing]
"Order"=hex:08,00,00,00,02,00,00,00,24,1b,00,00,01,00,00,00,2c,00,00,00,ea,00,
00,00,00,00,00,00,dc,00,32,00,ee,00,00,00,6f,3d,27,9e,20,00,32,43,48,45,43,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\Advertising]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\butterfly]
"Order"=hex:08,00,00,00,02,00,00,00,86,06,00,00,01,00,00,00,09,00,00,00,ac,00,
00,00,00,00,00,00,9e,00,32,00,a6,00,00,00,6f,3d,27,9e,20,00,42,46,4d,53,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\Clickbank Duplication]
"Order"=hex:08,00,00,00,02,00,00,00,7c,04,00,00,01,00,00,00,08,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,e3,00,00,00,6f,3d,27,9e,20,00,43,4c,49,43,4b,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\Clickbank Duplication\products]
"Order"=hex:08,00,00,00,02,00,00,00,92,00,00,00,01,00,00,00,01,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,c7,00,00,00,6f,3d,27,9e,20,00,48,45,41,4c,54,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\domains]
"Order"=hex:08,00,00,00,02,00,00,00,2c,01,00,00,01,00,00,00,02,00,00,00,90,00,
00,00,00,00,00,00,82,00,32,00,c0,00,00,00,6f,3d,27,9e,20,00,44,4f,4d,41,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\Exit Tweet Generator]
"Order"=hex:08,00,00,00,02,00,00,00,70,01,00,00,01,00,00,00,03,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,9e,00,00,00,6f,3d,27,9e,20,00,41,46,46,49,4c,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\Hyperjava]
"Order"=hex:08,00,00,00,02,00,00,00,5c,02,00,00,01,00,00,00,04,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,8f,00,00,00,6f,3d,28,9e,20,00,48,59,50,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\SOURCECODE MILLIONS]
"Order"=hex:08,00,00,00,02,00,00,00,1c,01,00,00,01,00,00,00,02,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,b9,00,00,00,6f,3d,28,9e,20,00,50,52,49,56,41,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\speedppc]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,91,00,00,00,6f,3d,28,9e,20,00,47,45,54,53,54,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*u*s*i*n*e*s*s* *S*i*t*e*s* \Emarketing\web templates]
"Order"=hex:08,00,00,00,02,00,00,00,e2,14,00,00,01,00,00,00,1d,00,00,00,b4,00,
00,00,00,00,00,00,a6,00,32,00,a1,00,00,00,6f,3d,28,9e,20,00,35,30,30,5f,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \ABM]
"Order"=hex:08,00,00,00,02,00,00,00,86,08,00,00,01,00,00,00,0e,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,9c,00,00,00,6f,3d,28,9e,20,00,41,44,56,41,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites]
"Order"=hex:08,00,00,00,02,00,00,00,36,01,00,00,01,00,00,00,03,00,00,00,58,00,
00,00,00,00,00,00,4a,00,31,00,00,00,00,00,88,3d,d4,4b,10,00,45,63,61,72,00,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Ecar]
"Order"=hex:08,00,00,00,02,00,00,00,f6,02,00,00,01,00,00,00,05,00,00,00,b4,00,
00,00,00,00,00,00,a6,00,32,00,bf,00,00,00,6f,3d,28,9e,20,00,41,49,52,43,41,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing]
"Order"=hex:08,00,00,00,02,00,00,00,fe,3b,00,00,01,00,00,00,69,00,00,00,ea,00,
00,00,00,00,00,00,dc,00,32,00,ee,00,00,00,6f,3d,28,9e,20,00,32,43,48,45,43,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Advertising]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,88,3d,d4,4b,10,00,41,44,56,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Advertising\Advertising]
"Order"=hex:08,00,00,00,02,00,00,00,2a,76,00,00,01,00,00,00,d3,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,a3,00,00,00,6f,3d,28,9e,20,00,21,21,48,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\affiliate sites]
"Order"=hex:08,00,00,00,02,00,00,00,56,16,00,00,01,00,00,00,22,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,96,00,00,00,6f,3d,28,9e,20,00,2d,54,4f,4e,59,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Auctions]
"Order"=hex:08,00,00,00,02,00,00,00,74,02,00,00,01,00,00,00,03,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,90,00,00,00,6f,3d,28,9e,20,00,44,52,4f,50,53,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\butterfly]
"Order"=hex:08,00,00,00,02,00,00,00,86,06,00,00,01,00,00,00,09,00,00,00,ac,00,
00,00,00,00,00,00,9e,00,32,00,a6,00,00,00,6f,3d,28,9e,20,00,42,46,4d,53,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Clickbank Duplication]
"Order"=hex:08,00,00,00,02,00,00,00,7c,04,00,00,01,00,00,00,08,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,e3,00,00,00,6f,3d,28,9e,20,00,43,4c,49,43,4b,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Clickbank Duplication\products]
"Order"=hex:08,00,00,00,02,00,00,00,92,00,00,00,01,00,00,00,01,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,c8,00,00,00,6f,3d,28,9e,20,00,48,45,41,4c,54,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\coached by millionaires]
"Order"=hex:08,00,00,00,02,00,00,00,ee,01,00,00,01,00,00,00,03,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,32,00,b3,00,00,00,6f,3d,28,9e,20,00,31,30,30,4b,57,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\domains]
"Order"=hex:08,00,00,00,02,00,00,00,2c,01,00,00,01,00,00,00,02,00,00,00,90,00,
00,00,00,00,00,00,82,00,32,00,c1,00,00,00,6f,3d,28,9e,20,00,44,4f,4d,41,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Exit Tweet Generator]
"Order"=hex:08,00,00,00,02,00,00,00,70,01,00,00,01,00,00,00,03,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,9f,00,00,00,6f,3d,28,9e,20,00,41,46,46,49,4c,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\hosting]
"Order"=hex:08,00,00,00,02,00,00,00,4c,04,00,00,01,00,00,00,08,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,a0,00,00,00,6f,3d,28,9e,20,00,48,4f,53,54,46,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Hyperjava]
"Order"=hex:08,00,00,00,02,00,00,00,5c,02,00,00,01,00,00,00,04,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,90,00,00,00,6f,3d,28,9e,20,00,48,59,50,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Instant Hover Ads]
"Order"=hex:08,00,00,00,02,00,00,00,a2,01,00,00,01,00,00,00,03,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,9c,00,00,00,6f,3d,29,9e,20,00,48,4f,56,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\listbuilding]
"Order"=hex:08,00,00,00,02,00,00,00,a2,00,00,00,01,00,00,00,01,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,a4,00,00,00,6f,3d,29,9e,20,00,54,45,4c,4c,4d,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\MV]
"Order"=hex:08,00,00,00,02,00,00,00,c2,02,00,00,01,00,00,00,04,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,9c,00,00,00,6f,3d,29,9e,20,00,47,45,4e,45,53,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites]
"Order"=hex:08,00,00,00,02,00,00,00,34,06,00,00,01,00,00,00,0e,00,00,00,70,00,
00,00,00,00,00,00,62,00,31,00,00,00,00,00,88,3d,d4,4b,10,00,41,44,56,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Advertise Free]
"Order"=hex:08,00,00,00,02,00,00,00,2c,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,f1,00,00,00,6f,3d,29,9e,20,00,41,44,56,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\AmericanAuto]
"Order"=hex:08,00,00,00,02,00,00,00,3a,02,00,00,01,00,00,00,03,00,00,00,c8,00,
00,00,00,00,00,00,ba,00,32,00,a5,00,00,00,6f,3d,29,9e,20,00,43,41,52,4c,4f,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\BabyEden]
"Order"=hex:08,00,00,00,02,00,00,00,7a,00,00,00,01,00,00,00,01,00,00,00,6e,00,
00,00,00,00,00,00,60,00,31,00,00,00,00,00,88,3d,d4,4b,10,00,53,49,4d,49,4c,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\BabyEden\Similar sites]
"Order"=hex:08,00,00,00,02,00,00,00,0a,05,00,00,01,00,00,00,06,00,00,00,c6,00,
00,00,00,00,00,00,b8,00,32,00,92,00,00,00,6f,3d,29,9e,20,00,42,41,42,49,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Get Me ahead]
"Order"=hex:08,00,00,00,02,00,00,00,da,01,00,00,01,00,00,00,03,00,00,00,b0,00,
00,00,00,00,00,00,a2,00,32,00,9c,00,00,00,6f,3d,29,9e,20,00,48,54,54,50,2d,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Kids Active]
"Order"=hex:08,00,00,00,02,00,00,00,92,00,00,00,01,00,00,00,01,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,94,00,00,00,6f,3d,29,9e,20,00,47,45,54,54,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Launchpad]
"Order"=hex:08,00,00,00,02,00,00,00,86,01,00,00,01,00,00,00,03,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,04,01,00,00,6f,3d,29,9e,20,00,43,50,41,4e,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Money Magnify]
"Order"=hex:08,00,00,00,02,00,00,00,1a,08,00,00,01,00,00,00,10,00,00,00,68,00,
00,00,00,00,00,00,5a,00,31,00,00,00,00,00,88,3d,d4,4b,10,00,41,46,46,49,4c,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Money Magnify\Affiliates]
"Order"=hex:08,00,00,00,02,00,00,00,6e,03,00,00,01,00,00,00,06,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,ae,00,00,00,6f,3d,29,9e,20,00,45,53,49,54,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Money Magnify\Affiliates\MLM Success]
"Order"=hex:08,00,00,00,02,00,00,00,ac,00,00,00,01,00,00,00,01,00,00,00,a0,00,
00,00,00,00,00,00,92,00,32,00,9b,00,00,00,6f,3d,29,9e,20,00,57,57,57,52,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Money Magnify\Competitors]
"Order"=hex:08,00,00,00,02,00,00,00,82,01,00,00,01,00,00,00,02,00,00,00,b8,00,
00,00,00,00,00,00,aa,00,32,00,dc,00,00,00,6f,3d,29,9e,20,00,48,4f,55,53,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Money Magnify\forums]
"Order"=hex:08,00,00,00,02,00,00,00,c4,01,00,00,01,00,00,00,02,00,00,00,c0,00,
00,00,00,00,00,00,b2,00,32,00,a8,00,00,00,6f,3d,29,9e,20,00,41,55,53,54,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Money Magnify\True FInance Freedom]
"Order"=hex:08,00,00,00,02,00,00,00,6e,01,00,00,01,00,00,00,03,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,a4,00,00,00,6f,3d,29,9e,20,00,41,44,4d,49,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\MY-ADZspot]
"Order"=hex:08,00,00,00,02,00,00,00,e2,01,00,00,01,00,00,00,04,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,9c,00,00,00,6f,3d,29,9e,20,00,2d,41,44,4d,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\pagerankingsecret]
"Order"=hex:08,00,00,00,02,00,00,00,be,03,00,00,01,00,00,00,07,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,ae,00,00,00,6f,3d,29,9e,20,00,43,50,41,4e,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\SoYouThink]
"Order"=hex:08,00,00,00,02,00,00,00,0e,01,00,00,01,00,00,00,02,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,a8,00,00,00,6f,3d,29,9e,20,00,41,44,4d,49,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Success Fuel Traffic]
"Order"=hex:08,00,00,00,02,00,00,00,64,04,00,00,01,00,00,00,08,00,00,00,c0,00,
00,00,00,00,00,00,b2,00,32,00,98,00,00,00,6f,3d,29,9e,20,00,41,44,45,58,43,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\Success Fuel Traffic\ownership]
"Order"=hex:08,00,00,00,02,00,00,00,9e,00,00,00,01,00,00,00,01,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,ae,00,00,00,6f,3d,29,9e,20,00,4f,57,4e,45,52,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\SuccessBlackBelt]
"Order"=hex:08,00,00,00,02,00,00,00,88,03,00,00,01,00,00,00,07,00,00,00,64,00,
00,00,00,00,00,00,56,00,32,00,9f,00,00,00,6f,3d,29,9e,20,00,42,6c,6f,67,2e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\SuccessBlackBelt\Global Leaders]
"Order"=hex:08,00,00,00,02,00,00,00,86,00,00,00,01,00,00,00,01,00,00,00,7a,00,
00,00,00,00,00,00,6c,00,32,00,a5,00,00,00,6f,3d,29,9e,20,00,4c,45,41,44,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\SuccessBlackBelt\MillionaireCoaching]
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,b6,00,00,00,6f,3d,29,9e,20,00,41,44,4d,49,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\SuccessBlackBelt\MLMSuccess]
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,ad,00,00,00,6f,3d,29,9e,20,00,41,44,4d,49,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\SuccessBlackBelt\Net-Preneur]
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,ae,00,00,00,6f,3d,29,9e,20,00,41,44,4d,49,4e,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\My_Sites\successfuel]
"Order"=hex:08,00,00,00,02,00,00,00,08,01,00,00,01,00,00,00,02,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,ab,00,00,00,6f,3d,29,9e,20,00,43,50,41,4e,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\products to promote]
"Order"=hex:08,00,00,00,02,00,00,00,06,05,00,00,01,00,00,00,08,00,00,00,ea,00,
00,00,00,00,00,00,dc,00,32,00,f0,00,00,00,6f,3d,29,9e,20,00,44,49,47,49,54,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\products to promote\renegade]
"Order"=hex:08,00,00,00,02,00,00,00,c6,00,00,00,01,00,00,00,01,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,ab,00,00,00,6f,3d,29,9e,20,00,54,48,45,52,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\SOURCECODE MILLIONS]
"Order"=hex:08,00,00,00,02,00,00,00,1c,01,00,00,01,00,00,00,02,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,ba,00,00,00,6f,3d,2a,9e,20,00,50,52,49,56,41,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\speedppc]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,92,00,00,00,6f,3d,2a,9e,20,00,47,45,54,53,54,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\Traffic Python]
"Order"=hex:08,00,00,00,02,00,00,00,5a,01,00,00,01,00,00,00,02,00,00,00,d2,00,
00,00,00,00,00,00,c4,00,32,00,ad,00,00,00,6f,3d,2a,9e,20,00,47,4f,4f,47,4c,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Emarketing\web templates]
"Order"=hex:08,00,00,00,02,00,00,00,ac,13,00,00,01,00,00,00,1b,00,00,00,d4,00,
00,00,00,00,00,00,c6,00,32,00,24,01,00,00,6f,3d,2a,9e,20,00,41,44,4f,42,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Real estate]
"Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,7e,00,
00,00,00,00,00,00,70,00,31,00,00,00,00,00,88,3d,d4,4b,10,00,52,45,41,4c,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Real estate\Real Estate Resources]
"Order"=hex:08,00,00,00,02,00,00,00,8e,10,00,00,01,00,00,00,16,00,00,00,76,00,
00,00,00,00,00,00,68,00,32,00,8c,00,00,00,6f,3d,2a,9e,20,00,41,4e,52,45,50,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Real estate\Real Estate Resources\Renovation Sites]
"Order"=hex:08,00,00,00,02,00,00,00,0e,03,00,00,01,00,00,00,04,00,00,00,d2,00,
00,00,00,00,00,00,c4,00,32,00,e8,00,00,00,6f,3d,2a,9e,20,00,42,55,4e,4e,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Business Sites\Real estate\Renovateandprosper]
"Order"=hex:08,00,00,00,02,00,00,00,9a,03,00,00,01,00,00,00,06,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,a1,00,00,00,6f,3d,2a,9e,20,00,43,50,41,4e,45,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Coached By Millionaires]
"Order"=hex:08,00,00,00,02,00,00,00,18,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,e6,00,00,00,6f,3d,2a,9e,20,00,43,4f,41,43,48,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Favs]
"Order"=hex:08,00,00,00,02,00,00,00,8e,0c,00,00,01,00,00,00,15,00,00,00,76,00,
00,00,00,00,00,00,68,00,32,00,f0,00,00,00,6f,3d,2a,9e,20,00,2d,43,4c,49,43,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Links]
"Order"=hex:08,00,00,00,02,00,00,00,6c,09,00,00,01,00,00,00,11,00,00,00,76,00,
00,00,00,00,00,00,68,00,32,00,f0,00,00,00,6f,3d,2a,9e,20,00,2d,43,4c,49,43,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Microsoft Websites]
"Order"=hex:08,00,00,00,02,00,00,00,9a,02,00,00,01,00,00,00,05,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,9f,00,00,00,6f,3d,2b,9e,20,00,49,45,41,44,44,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \MISC Sites (ebay etc)]
"Order"=hex:08,00,00,00,02,00,00,00,12,04,00,00,01,00,00,00,06,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,8a,00,00,00,6f,3d,2b,9e,20,00,45,42,41,59,41,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \MSN Websites]
"Order"=hex:08,00,00,00,02,00,00,00,ba,02,00,00,01,00,00,00,06,00,00,00,60,00,
00,00,04,00,00,00,52,00,32,00,9f,00,00,00,6f,3d,2b,9e,20,00,4d,53,4e,2e,75,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Training and motivation]
"Order"=hex:08,00,00,00,02,00,00,00,ec,12,00,00,01,00,00,00,18,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,ef,00,00,00,6f,3d,2b,9e,20,00,41,4d,41,5a,4f,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Trains planes and travel]
"Order"=hex:08,00,00,00,02,00,00,00,ea,0b,00,00,01,00,00,00,10,00,00,00,f8,00,
00,00,00,00,00,00,ea,00,32,00,e6,00,00,00,6f,3d,2b,9e,20,00,43,48,45,41,50,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\F*r*o*m* *I*n*t*e*r*n*e*t* *E*x*p*l*o*r*e*r* \Windows Live]
"Order"=hex:08,00,00,00,02,00,00,00,1c,02,00,00,01,00,00,00,04,00,00,00,80,00,
00,00,00,00,00,00,72,00,32,00,9f,00,00,00,6f,3d,2b,9e,20,00,47,45,54,57,49,\
.
[HKEY_USERS\S-1-5-21-4109752836-1056184250-3412177512-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Advertising]
"Order"=hex:08,00,00,00,02,00,00,00,d6,65,00,00,01,00,00,00,b1,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,a3,00,00,00,6f,3d,2c,9e,20,00,21,21,48,45,52,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Macro Marketer\MacExp.exe
c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe
.
**************************************************************************
.
Completion time: 2012-02-19 22:32:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 11:32
.
Pre-Run: 204,464,562,176 bytes free
Post-Run: 206,224,306,176 bytes free
.
- - End Of File - - 681BE67D60AC0EEEAD5A7EDEFB365978

Attached Files



BC AdBot (Login to Remove)

 


#2 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 19 February 2012 - 06:55 AM

This is the combo fix log on the second computer.

ComboFix 12-02-17.02 - Magda 19/02/2012 22:18:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3933.2232 [GMT 11:00]
Running from: c:\users\Magda\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Magda\AppData\Roaming\Microsoft\Windows\Recent\choc chip cookie.url
c:\users\Magda\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 11:36 . 2012-02-19 11:36 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-02-19 11:36 . 2012-02-19 11:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 20:51 . 2010-10-05 10:26 109240 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak\components\abhelperxpcom.dll
2012-02-18 20:51 . 2010-10-05 10:27 150200 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2012-02-18 20:50 . 2012-02-19 11:40 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-18 20:50 . 2012-02-18 20:50 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-02-18 20:48 . 2012-02-18 20:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2012-02-17 08:30 . 2012-02-17 08:30 -------- d-----w- c:\users\Magda\AppData\Roaming\PrPowershot
2012-02-17 08:30 . 2012-02-17 08:30 -------- d-----w- c:\program files (x86)\PrPowershot
2012-02-15 09:21 . 2012-02-15 09:21 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-15 09:21 . 2012-02-15 09:21 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-15 09:21 . 2012-02-15 09:21 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-15 09:21 . 2012-02-15 09:21 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-14 20:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 20:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 20:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 20:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 20:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 20:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-13 03:51 . 2011-04-24 12:13 147856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-13 02:18 . 2012-02-13 03:36 -------- d-----w- c:\users\Magda\AppData\Roaming\Reraky
2012-02-13 02:18 . 2012-02-13 03:30 -------- d-----w- c:\users\Magda\AppData\Roaming\Raezve
2012-02-13 02:18 . 2012-02-13 03:36 -------- d-----w- c:\users\Magda\AppData\Roaming\Peakc
2012-02-13 02:18 . 2012-02-13 02:19 -------- d-----w- c:\users\Magda\AppData\Roaming\Wuarw
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\users\Magda\AppData\Roaming\Malwarebytes
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-13 02:12 . 2011-12-10 04:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 02:07 . 2012-02-13 03:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-13 01:56 . 2012-02-13 01:56 -------- d-----we c:\windows\system64
2012-02-10 14:11 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA49E3BC-7200-4197-A526-949E193F547F}\mpengine.dll
2012-02-03 04:54 . 2012-02-03 04:54 -------- d-----w- c:\program files\iPod
2012-02-03 04:54 . 2012-02-03 04:55 -------- d-----w- c:\program files\iTunes
2012-02-03 04:54 . 2012-02-03 04:55 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 03:21 . 2011-07-21 07:01 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-08 03:21 . 2011-07-21 07:01 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-08 03:21 . 2011-07-21 07:01 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-26 13:52 . 2011-07-21 07:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 00:27 . 2011-07-21 07:01 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-12 03:23 . 2011-07-21 11:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"instanteyedropper"="c:\program files (x86)\InstantEyedropper\InstantEyedropper.exe" [2007-10-17 352256]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2012-02-18 365336]
.
c:\users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-19 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Macro Marketer.lnk - c:\program files (x86)\Macro Marketer\MacExp.exe [2011-9-27 3896832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-10-06 288088]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-26 329544]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-08 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-18 450848]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078504388-3627609576-2063209880-1005Core.job
- c:\users\Magda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 12:01]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078504388-3627609576-2063209880-1005UA.job
- c:\users\Magda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 12:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-06-20 17:37 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-03 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bc_ip_f
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AAA0B934-A7A9-417B-A527-8A0FBF4B5C31}: NameServer = 10.21.24.1
FF - ProfilePath - c:\users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\29k2vmqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Macro Marketer\macedit.exe
c:\program files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\users\Magda\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
c:\users\Magda\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
.
**************************************************************************
.
Completion time: 2012-02-19 22:50:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 11:49
.
Pre-Run: 281,688,637,440 bytes free
Post-Run: 282,820,517,888 bytes free
.
- - End Of File - - A996E16AF24003A23B2DCFB174380E40

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 24 February 2012 - 01:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


We Need to work on one computer at a time so pick one and when it is finished we will work on the other one



DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 27 February 2012 - 12:46 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 28 February 2012 - 03:49 AM

I definitely still need help.

It is a bit technical -

I am trying the best to follow....
but definitely still need help.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 28 February 2012 - 03:56 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 28 February 2012 - 04:27 AM

this is from the DDS program

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Magda at 19:54:56 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3933.1514 [GMT 11:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Macro Marketer\MacExp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\notepad.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Magda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MACROM~1.LNK - C:\Program Files (x86)\Macro Marketer\MacExp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1464AC9D-B610-4E61-B92B-8CB5879F051E} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1464AC9D-B610-4E61-B92B-8CB5879F051E}\44D2C496E6B6024435C4D22373430324 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AAA0B934-A7A9-417B-A527-8A0FBF4B5C31} : NameServer = 10.21.24.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Yahoo!7 Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\29k2vmqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Magda\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Magda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Magda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-10-5 365336]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-15 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-10-6 288088]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\drivers\LVUSBS64.sys --> C:\windows\system32\drivers\LVUSBS64.sys [?]
R3 LVUVC64;Logitech Webcam C210(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-22 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-4 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-5 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 lvpepf64;Volume Adapter;C:\windows\system32\DRIVERS\lv302a64.sys --> C:\windows\system32\DRIVERS\lv302a64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.=============== Created Last 30 ================
.
2012-02-26 15:03:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90B4AF5E-14D0-4111-97D4-CF5A5CCA7964}\offreg.dll
2012-02-24 22:49:54 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90B4AF5E-14D0-4111-97D4-CF5A5CCA7964}\mpengine.dll
2012-02-21 01:34:39 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-19 11:12:59 98816 ----a-w- C:\windows\sed.exe
2012-02-19 11:12:59 518144 ----a-w- C:\windows\SWREG.exe
2012-02-19 11:12:59 256000 ----a-w- C:\windows\PEV.exe
2012-02-19 11:12:59 208896 ----a-w- C:\windows\MBR.exe
2012-02-18 20:51:25 109240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak\components\abhelperxpcom.dll
2012-02-18 20:51:21 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2012-02-18 20:50:14 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-02-18 20:50:14 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-02-18 20:48:40 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2012-02-17 08:30:40 -------- d-----w- C:\Users\Magda\AppData\Roaming\PrPowershot
2012-02-17 08:30:23 -------- d-----w- C:\Program Files (x86)\PrPowershot
2012-02-15 09:21:39 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-15 09:21:39 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-15 09:21:39 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-15 09:21:39 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-02-14 20:02:01 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-14 20:02:01 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-14 20:01:54 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-14 20:01:54 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-14 20:01:53 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-02-14 20:01:52 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-14 20:01:50 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-02-14 20:01:50 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-02-13 03:51:47 147856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-13 02:18:29 -------- d-----w- C:\Users\Magda\AppData\Roaming\Reraky
2012-02-13 02:18:29 -------- d-----w- C:\Users\Magda\AppData\Roaming\Raezve
2012-02-13 02:18:03 -------- d-----w- C:\Users\Magda\AppData\Roaming\Wuarw
2012-02-13 02:18:03 -------- d-----w- C:\Users\Magda\AppData\Roaming\Peakc
2012-02-13 02:12:12 -------- d-----w- C:\Users\Magda\AppData\Roaming\Malwarebytes
2012-02-13 02:12:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-13 02:12:05 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-13 02:12:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-13 02:07:48 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-02-13 01:56:13 -------- d-----we C:\windows\system64
2012-02-03 04:54:38 -------- d-----w- C:\Program Files\iPod
2012-02-03 04:54:37 -------- d-----w- C:\Program Files\iTunes
2012-02-03 04:54:37 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-02-21 01:40:51 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 03:21:32 87456 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-02-08 03:21:32 80768 ----a-w- C:\windows\System32\LMIinit.dll
2012-02-08 03:21:32 34688 ----a-w- C:\windows\System32\LMIport.dll
2012-01-28 18:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe
2011-12-17 00:27:17 87456 ----a-w- C:\windows\System32\LMIRfsClientNP.dll.000.bak
2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:55:51.74 ===============




This is from the other one

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21/07/2011 4:17:07 PM
System Uptime: 21/02/2012 12:34:03 PM (175 hours ago)
.
Motherboard: TOSHIBA | | KSKAA
Processor: Intel® Core™2 Duo CPU P7450 @ 2.13GHz | U2E1 | 2133/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 360 GiB total, 262.982 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP74: 7/02/2012 7:20:45 PM - Windows Update
RP75: 11/02/2012 1:10:32 AM - Windows Update
RP76: 16/02/2012 3:00:17 AM - Windows Update
RP77: 19/02/2012 7:49:22 AM - Installed Kaspersky Internet Security 2011.
RP78: 20/02/2012 12:23:57 AM - Windows Update
RP79: 25/02/2012 9:49:07 AM - Windows Update
.
==== Installed Programs ======================
.
.
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Reader 9.5.0
Apple Application Support
Apple Software Update
Business Contact Manager for Outlook 2007 SP2
CameraHelperMsi
CCleaner (remove only)
Direct DiscRecorder
Dropbox
DVD MovieFactory for TOSHIBA
erLT
FinanceFreedom
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
HDMI Control Manager
Hotspot Shield 2.09
Instant Eyedropper 1.75
Java™ 6 Update 14
Jing
JMicron Flash Media Controller Driver
Junk Mail filter update
Kaspersky Internet Security 2011
Leads Phantom
Leads Phantom Air
Logitech Vid HD
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macro Marketer
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Mozilla Firefox 10.0.1 (x86 en-US)
MSVCRT
PrPowershot
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.5
TheBestSpinner3
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
UBot Studio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Utility Common Driver
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Software Update
Yahoo!7 Messenger
Yahoo!7 Toolbar
.
==== Event Viewer Messages From Past Week ========
.
27/02/2012 12:05:21 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
23/02/2012 1:49:27 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.5 with the system having network hardware address 00-22-5F-61-18-36. Network operations on this system may be disrupted as a result.
21/02/2012 12:23:12 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================




The only problems are still the esitence of the initial file.

Thanks ongoin.

Cheers.
Walt

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 28 February 2012 - 07:54 AM

Hello


This is probably the hardest step we have to do - but it will be safer if you do it this way


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 29 February 2012 - 05:37 AM

Thanks ongoing - this is the log.

Scan result of Farbar Recovery Scan Tool Version: 27-02-2012 01
Ran by SYSTEM at 29-02-2012 21:33:25
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [165912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [387608 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [365592 2009-09-02] (Intel Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-08-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-17] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-08-03] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-10] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-15] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-12] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [365336 2012-02-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
HKU\Magda\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6276408 2011-06-15] (Yahoo! Inc.)
HKU\Magda\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [3069192 2010-08-18] (TechSmith Corporation)
HKU\Magda\...\Run: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe" [352256 2007-10-16] ()
HKU\Magda\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-12] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
Tcpip\..\Interfaces\{AAA0B934-A7A9-417B-A527-8A0FBF4B5C31}: [NameServer]10.21.24.1

==================== Services (Whitelisted) ======

2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" -r [365336 2012-02-18] (Kaspersky Lab ZAO)
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 bc_ip_f; C:\Windows\System32\dmboot.dll [6656 2009-07-13] (Oak Technology Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [181616 2009-07-17] (TOSHIBA CORPORATION)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [288088 2011-10-05] ()
2 HssSrv; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-05-26] (AnchorFree Inc.)
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2011-10-05] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2011-05-26] ()
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-02-07] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-02-07] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-12] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [531520 2009-07-08] (TOSHIBA Corporation)
2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-18] (Logitech Inc.)
3 MSSQL$MSSMLBIZ; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [56832 2011-05-24] (AnchorFree Inc.)
0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-08] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-08] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2012-02-18] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.)
3 lvpepf64; C:\Windows\System32\DRIVERS\lv302a64.sys [15768 2008-07-25] (Logitech Inc.)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [23152 2011-12-09] (Malwarebytes Corporation)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V64.SYS [2624408 2008-07-25] (Logitech Inc.)
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [37888 2011-05-24] (AnchorFree Inc)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: bc_ip_f

============ One Month Created Files and Folders ==============

2012-02-28 03:01 - 2012-02-28 03:01 - 0006468 ____A C:\Users\Magda\Desktop\Attach.txt
2012-02-28 00:57 - 2012-02-28 00:57 - 0026236 ____A C:\Users\Magda\Desktop\DDS.txt
2012-02-28 00:52 - 2012-02-28 00:54 - 0607260 ____R (Swearware) C:\Users\Magda\Desktop\dds.scr
2012-02-28 00:51 - 2012-02-28 00:51 - 0000472 ____A C:\Users\Magda\Desktop\defogger_disable.log
2012-02-28 00:51 - 2012-02-28 00:51 - 0000000 ____A C:\Users\Magda\defogger_reenable
2012-02-22 20:25 - 2012-02-22 20:25 - 0000306 ____A C:\Users\Magda\Desktop\prajitura cu vanilie si cocos.url
2012-02-20 18:34 - 2012-02-20 18:35 - 0004429 ____A C:\Windows\LDPINST.LOG
2012-02-20 18:34 - 2012-02-20 18:35 - 0000000 ____D C:\Windows\LastGood
2012-02-20 18:31 - 2012-02-28 18:15 - 0000858 __ASH C:\Windows\KLIF.spi
2012-02-20 17:42 - 2012-02-20 17:42 - 0002063 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-02-20 17:34 - 2012-02-20 17:34 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-19 03:50 - 2012-02-19 03:50 - 0022588 ____A C:\ComboFix.txt
2012-02-19 03:12 - 2012-02-19 03:44 - 0000000 ____D C:\Windows\ERDNT
2012-02-19 03:12 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-19 03:12 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-19 03:12 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-19 03:12 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-19 03:12 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-19 03:12 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-19 03:12 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-19 03:12 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-19 03:11 - 2012-02-19 03:50 - 0000000 ____D C:\Qoobox
2012-02-19 03:10 - 2012-02-19 03:10 - 4406994 ____R (Swearware) C:\Users\Magda\Desktop\ComboFix.exe
2012-02-18 12:51 - 2012-02-18 13:02 - 0152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-02-18 12:51 - 2012-02-18 13:02 - 0107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-02-18 12:50 - 2012-02-29 01:33 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-02-18 12:50 - 2012-02-29 01:33 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-02-18 12:50 - 2012-02-18 12:50 - 0556120 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-02-18 12:50 - 2012-02-18 12:50 - 0000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-02-18 12:48 - 2012-02-18 12:48 - 0000000 ____D C:\Users\All Users\Kaspersky Lab Setup Files
2012-02-18 12:48 - 2012-02-18 12:48 - 0000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2012-02-17 00:30 - 2012-02-17 00:30 - 0000950 ____A C:\Users\Public\Desktop\PrPowershot.lnk
2012-02-17 00:30 - 2012-02-17 00:30 - 0000000 ____D C:\Users\Magda\AppData\Roaming\PrPowershot
2012-02-17 00:30 - 2012-02-17 00:30 - 0000000 ____D C:\Program Files (x86)\PrPowershot
2012-02-17 00:29 - 2012-02-17 00:29 - 1117622 ____A C:\Users\Magda\Downloads\PrPowershot.air
2012-02-15 08:00 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 08:00 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 08:00 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-15 08:00 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 08:00 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 08:00 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-15 08:00 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 08:00 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 08:00 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-15 08:00 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 08:00 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 08:00 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 08:00 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 08:00 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 08:00 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 08:00 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-15 08:00 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 08:00 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 08:00 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-15 08:00 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 08:00 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 08:00 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-15 08:00 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 08:00 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-15 08:00 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 08:00 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 02:36 - 2012-02-20 19:46 - 0000244 ____A C:\Users\Magda\Desktop\copanele cu ciuperci si branza.url
2012-02-14 17:14 - 2012-02-23 04:48 - 0000226 ____A C:\Users\Magda\Desktop\papanasi cu branza.url
2012-02-14 12:02 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-14 12:02 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-14 12:02 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-14 12:02 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-14 12:01 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-14 12:01 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-14 12:01 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-14 12:01 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 12:01 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-14 12:01 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-13 18:59 - 2012-02-13 18:59 - 0000289 ____A C:\Users\Magda\Desktop\foietaj cu mar si caramel.url
2012-02-13 15:14 - 2012-02-13 15:14 - 0000195 ____A C:\Users\Magda\Desktop\ballet 2.url
2012-02-13 15:07 - 2012-02-13 15:07 - 0000188 ____A C:\Users\Magda\Desktop\ballet.url
2012-02-13 12:59 - 2012-02-19 00:13 - 10937148 ____A C:\Windows\ntbtlog.txt
2012-02-13 00:50 - 2012-02-13 00:59 - 155681792 ____A (Kaspersky Lab) C:\Users\Magda\Downloads\kav12.0.0.374en_gb(1).exe
2012-02-13 00:48 - 2012-02-13 00:48 - 3751372 ____A (Kaspersky Lab) C:\Users\Magda\Downloads\kav12.0.0.374en_gb.exe
2012-02-13 00:10 - 2012-02-13 00:12 - 70132512 ____A (Kaspersky Lab) C:\Users\Magda\Downloads\kis2012.exe
2012-02-12 20:37 - 2012-02-12 20:36 - 0005092 ____A C:\Users\Magda\Desktop\License Code for Kaspersky Anti Virus 6.0 (element 5 Ref # 94647205).txt
2012-02-12 19:53 - 2012-02-12 19:53 - 0017408 ____A C:\Users\Magda\AppData\Local\WebpageIcons.db
2012-02-12 18:18 - 2012-02-12 19:36 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Reraky
2012-02-12 18:18 - 2012-02-12 19:36 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Peakc
2012-02-12 18:18 - 2012-02-12 19:30 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Raezve
2012-02-12 18:18 - 2012-02-12 18:19 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Wuarw
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default User\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:12 - 2012-02-12 18:12 - 0001162 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Malwarebytes
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-12 18:12 - 2011-12-09 20:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-12 18:07 - 2012-02-12 19:37 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-12 17:56 - 2012-02-12 17:56 - 0000000 ____D C:\Windows\system64
2012-02-06 01:49 - 2012-02-06 01:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-02 20:55 - 2012-02-02 20:55 - 0001832 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-02 20:54 - 2012-02-02 20:55 - 0000000 ____D C:\Program Files\iTunes
2012-02-02 20:54 - 2012-02-02 20:55 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-02 20:54 - 2012-02-02 20:54 - 0000000 ____D C:\Program Files\iPod
2012-01-30 02:52 - 2012-01-30 02:52 - 0036661 ____A C:\Users\Magda\Downloads\Returns form to fax2.docx
2012-01-30 00:37 - 2012-01-30 00:37 - 0124530 ____A C:\Users\Magda\Downloads\Application11615016.pdf


============ 3 Months Modified Files and Folders =============

2012-02-29 21:33 - 2012-02-29 21:33 - 0000000 ____D C:\FRST
2012-02-29 02:22 - 2011-07-21 14:05 - 1169776 ____A C:\Windows\WindowsUpdate.log
2012-02-29 02:11 - 2011-10-19 04:01 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078504388-3627609576-2063209880-1005UA.job
2012-02-29 01:53 - 2011-10-14 04:55 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Dropbox
2012-02-29 01:36 - 2011-07-21 03:02 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Skype
2012-02-29 01:33 - 2012-02-18 12:50 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-02-29 01:33 - 2012-02-18 12:50 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-02-28 21:11 - 2011-10-19 04:01 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078504388-3627609576-2063209880-1005Core.job
2012-02-28 18:49 - 2011-07-20 23:01 - 0000000 ____D C:\Users\All Users\LogMeIn
2012-02-28 18:49 - 2011-07-20 23:01 - 0000000 ____D C:\ProgramData\LogMeIn
2012-02-28 18:15 - 2012-02-20 18:31 - 0000858 __ASH C:\Windows\KLIF.spi
2012-02-28 03:01 - 2012-02-28 03:01 - 0006468 ____A C:\Users\Magda\Desktop\Attach.txt
2012-02-28 00:57 - 2012-02-28 00:57 - 0026236 ____A C:\Users\Magda\Desktop\DDS.txt
2012-02-28 00:54 - 2012-02-28 00:52 - 0607260 ____R (Swearware) C:\Users\Magda\Desktop\dds.scr
2012-02-28 00:51 - 2012-02-28 00:51 - 0000472 ____A C:\Users\Magda\Desktop\defogger_disable.log
2012-02-28 00:51 - 2012-02-28 00:51 - 0000000 ____A C:\Users\Magda\defogger_reenable
2012-02-28 00:51 - 2011-07-20 22:17 - 0000000 ____D C:\users\Magda
2012-02-27 03:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-27 03:35 - 2011-12-08 19:36 - 0004739 ____A C:\Windows\setupact.log
2012-02-27 02:54 - 2011-10-23 19:09 - 0000000 ____D C:\Users\Magda\AppData\Local\ElevatedDiagnostics
2012-02-26 22:48 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-24 08:06 - 2009-07-13 20:45 - 0016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-24 08:06 - 2009-07-13 20:45 - 0016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-23 18:18 - 2011-07-20 23:08 - 0001990 ___AH C:\Users\Magda\Documents\Default.rdp
2012-02-23 04:48 - 2012-02-14 17:14 - 0000226 ____A C:\Users\Magda\Desktop\papanasi cu branza.url
2012-02-22 20:26 - 2011-07-20 23:07 - 0000000 ____D C:\Users\Magda\Desktop\recipies
2012-02-22 20:25 - 2012-02-22 20:25 - 0000306 ____A C:\Users\Magda\Desktop\prajitura cu vanilie si cocos.url
2012-02-22 19:31 - 2011-10-14 04:57 - 0001029 ____A C:\Users\Magda\Desktop\Dropbox.lnk
2012-02-22 19:31 - 2011-10-14 04:55 - 0001009 ____A C:\Users\Magda\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-22 19:31 - 2011-10-14 04:55 - 0001009 ____A C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-22 19:31 - 2011-07-20 23:05 - 0000000 ___RD C:\Users\Magda\Dropbox
2012-02-20 19:46 - 2012-02-15 02:36 - 0000244 ____A C:\Users\Magda\Desktop\copanele cu ciuperci si branza.url
2012-02-20 18:35 - 2012-02-20 18:34 - 0004429 ____A C:\Windows\LDPINST.LOG
2012-02-20 18:35 - 2012-02-20 18:34 - 0000000 ____D C:\Windows\LastGood
2012-02-20 18:35 - 2011-07-28 23:40 - 0027356 ____A C:\Windows\System32\lvcoinst.log
2012-02-20 18:34 - 2011-07-28 23:40 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-02-20 18:33 - 2011-09-28 22:33 - 0001673 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-02-20 17:42 - 2012-02-20 17:42 - 0002063 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-02-20 17:42 - 2011-07-21 04:03 - 0000000 ____D C:\Users\Magda\AppData\Local\Adobe
2012-02-20 17:42 - 2009-08-21 01:07 - 0000000 ____D C:\Users\All Users\Adobe
2012-02-20 17:42 - 2009-08-21 01:07 - 0000000 ____D C:\ProgramData\Adobe
2012-02-20 17:40 - 2011-07-21 03:02 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-20 17:34 - 2012-02-20 17:34 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-20 17:34 - 2011-12-17 02:05 - 0009060 ____A C:\Windows\PFRO.log
2012-02-20 17:34 - 2011-07-21 14:02 - 3092930560 __ASH C:\hiberfil.sys
2012-02-20 17:34 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-19 03:50 - 2012-02-19 03:50 - 0022588 ____A C:\ComboFix.txt
2012-02-19 03:50 - 2012-02-19 03:11 - 0000000 ____D C:\Qoobox
2012-02-19 03:50 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-02-19 03:50 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-19 03:44 - 2012-02-19 03:12 - 0000000 ____D C:\Windows\ERDNT
2012-02-19 03:40 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-02-19 03:40 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-19 03:10 - 2012-02-19 03:10 - 4406994 ____R (Swearware) C:\Users\Magda\Desktop\ComboFix.exe
2012-02-19 00:13 - 2012-02-13 12:59 - 10937148 ____A C:\Windows\ntbtlog.txt
2012-02-18 13:02 - 2012-02-18 12:51 - 0152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-02-18 13:02 - 2012-02-18 12:51 - 0107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-02-18 12:50 - 2012-02-18 12:50 - 0556120 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-02-18 12:50 - 2012-02-18 12:50 - 0000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-02-18 12:48 - 2012-02-18 12:48 - 0000000 ____D C:\Users\All Users\Kaspersky Lab Setup Files
2012-02-18 12:48 - 2012-02-18 12:48 - 0000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2012-02-18 12:42 - 2011-07-20 23:09 - 0000000 ____D C:\Users\Magda\Documents\Walt
2012-02-17 00:30 - 2012-02-17 00:30 - 0000950 ____A C:\Users\Public\Desktop\PrPowershot.lnk
2012-02-17 00:30 - 2012-02-17 00:30 - 0000000 ____D C:\Users\Magda\AppData\Roaming\PrPowershot
2012-02-17 00:30 - 2012-02-17 00:30 - 0000000 ____D C:\Program Files (x86)\PrPowershot
2012-02-17 00:29 - 2012-02-17 00:29 - 1117622 ____A C:\Users\Magda\Downloads\PrPowershot.air
2012-02-16 19:12 - 2011-10-19 04:03 - 0002413 ____A C:\Users\Magda\Desktop\Google Chrome.lnk
2012-02-15 08:26 - 2011-07-20 22:18 - 0000174 ___SH C:\Users\Magda\Start Menu\Programs\Startup\desktop.ini
2012-02-15 08:26 - 2011-07-20 22:18 - 0000174 ___SH C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 08:25 - 2009-07-13 20:45 - 0440488 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 08:05 - 2009-07-13 21:13 - 0930004 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-15 08:01 - 2011-07-21 23:24 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-15 01:21 - 2011-10-19 03:48 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-13 18:59 - 2012-02-13 18:59 - 0000289 ____A C:\Users\Magda\Desktop\foietaj cu mar si caramel.url
2012-02-13 15:14 - 2012-02-13 15:14 - 0000195 ____A C:\Users\Magda\Desktop\ballet 2.url
2012-02-13 15:07 - 2012-02-13 15:07 - 0000188 ____A C:\Users\Magda\Desktop\ballet.url
2012-02-13 00:59 - 2012-02-13 00:50 - 155681792 ____A (Kaspersky Lab) C:\Users\Magda\Downloads\kav12.0.0.374en_gb(1).exe
2012-02-13 00:48 - 2012-02-13 00:48 - 3751372 ____A (Kaspersky Lab) C:\Users\Magda\Downloads\kav12.0.0.374en_gb.exe
2012-02-13 00:12 - 2012-02-13 00:10 - 70132512 ____A (Kaspersky Lab) C:\Users\Magda\Downloads\kis2012.exe
2012-02-12 20:36 - 2012-02-12 20:37 - 0005092 ____A C:\Users\Magda\Desktop\License Code for Kaspersky Anti Virus 6.0 (element 5 Ref # 94647205).txt
2012-02-12 19:53 - 2012-02-12 19:53 - 0017408 ____A C:\Users\Magda\AppData\Local\WebpageIcons.db
2012-02-12 19:37 - 2012-02-12 18:07 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-12 19:36 - 2012-02-12 18:18 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Reraky
2012-02-12 19:36 - 2012-02-12 18:18 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Peakc
2012-02-12 19:35 - 2011-12-11 15:17 - 0000000 ____D C:\LinkShield
2012-02-12 19:30 - 2012-02-12 18:18 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Raezve
2012-02-12 18:19 - 2012-02-12 18:18 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Wuarw
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default User\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:18 - 2012-02-12 18:18 - 0000174 ___SH C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-12 18:12 - 2012-02-12 18:12 - 0001162 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Malwarebytes
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-12 18:12 - 2012-02-12 18:12 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-12 17:56 - 2012-02-12 17:56 - 0000000 ____D C:\Windows\system64
2012-02-12 17:37 - 2011-07-21 03:00 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-02-12 17:37 - 2011-07-21 03:00 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-12 17:36 - 2011-07-21 02:59 - 0000000 ____D C:\Users\All Users\Skype
2012-02-12 17:36 - 2011-07-21 02:59 - 0000000 ____D C:\ProgramData\Skype
2012-02-12 15:23 - 2011-10-14 03:47 - 0000000 ____D C:\Users\Magda\AppData\Roaming\UBot Studio
2012-02-10 19:23 - 2011-07-20 23:01 - 0000000 ____D C:\Program Files (x86)\LogMeIn
2012-02-07 19:21 - 2011-07-20 23:01 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-02-07 19:21 - 2011-07-20 23:01 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-02-07 19:21 - 2011-07-20 23:01 - 0034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-02-06 01:49 - 2012-02-06 01:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-06 01:49 - 2011-10-28 22:56 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Apple Computer
2012-02-03 21:50 - 2012-01-29 15:45 - 0000354 ____A C:\Users\Magda\Desktop\Rulada cu crema de portocale.url
2012-02-02 20:55 - 2012-02-02 20:55 - 0001832 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-02 20:55 - 2012-02-02 20:54 - 0000000 ____D C:\Program Files\iTunes
2012-02-02 20:55 - 2012-02-02 20:54 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-02 20:54 - 2012-02-02 20:54 - 0000000 ____D C:\Program Files\iPod
2012-02-02 20:54 - 2011-10-28 22:55 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-02-02 20:54 - 2011-10-28 22:55 - 0000000 ____D C:\ProgramData\Apple Computer
2012-01-30 02:52 - 2012-01-30 02:52 - 0036661 ____A C:\Users\Magda\Downloads\Returns form to fax2.docx
2012-01-30 00:37 - 2012-01-30 00:37 - 0124530 ____A C:\Users\Magda\Downloads\Application11615016.pdf
2012-01-29 20:15 - 2012-01-29 20:15 - 0131995 ____A C:\Users\Magda\Downloads\Application11611891.pdf
2012-01-28 10:10 - 2011-07-20 23:04 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-17 22:44 - 2012-01-17 22:44 - 4865568 ____A (Logitech Inc.) C:\Windows\System32\Drivers\lvuvc64.sys
2012-01-17 22:44 - 2012-01-17 22:44 - 10920984 ____A C:\Windows\SysWOW64\LogiDPP.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 10920984 ____A C:\Windows\System32\LogiDPP.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0769312 ____A (Logitech Inc.) C:\Windows\System32\LVUI64.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0561440 ____A (Logitech Inc.) C:\Windows\System32\LVUIRC64.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0545056 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0540960 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0351136 ____A (Logitech Inc.) C:\Windows\System32\Drivers\lvrs64.sys
2012-01-17 22:44 - 2012-01-17 22:44 - 0336408 ____A C:\Windows\SysWOW64\DevManagerCore.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0336408 ____A C:\Windows\System32\DevManagerCore.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0307488 ____A (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0263456 ____A (Logitech Inc.) C:\Windows\System32\lvco13311044.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0176416 ____A (Logitech Inc.) C:\Windows\System32\lvcod64.dll
2012-01-17 22:44 - 2012-01-17 22:44 - 0104472 ____A C:\Windows\SysWOW64\LogiDPPApp.exe
2012-01-17 22:44 - 2012-01-17 22:44 - 0104472 ____A C:\Windows\System32\LogiDPPApp.exe
2012-01-16 21:35 - 2011-10-19 03:59 - 0000000 ____D C:\Users\Magda\AppData\Roaming\Mozilla
2012-01-16 21:35 - 2011-07-20 22:21 - 0000000 ____D C:\Users\Magda\AppData\Local\Google
2012-01-16 19:43 - 2012-01-16 19:43 - 0000980 ____A C:\Users\Public\Desktop\FinanceFreedom.lnk
2012-01-16 19:43 - 2012-01-16 19:43 - 0000000 ____D C:\Users\Magda\AppData\Roaming\FinanceFreedom.27359B1D52BECB35F2F34FCBCE01A404C168CC28.1
2012-01-16 19:43 - 2012-01-16 19:43 - 0000000 ____D C:\Program Files (x86)\FinanceFreedom
2012-01-13 20:06 - 2012-02-14 12:01 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 08:04 - 2011-07-21 14:52 - 0909850 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-04 02:44 - 2012-02-14 12:02 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-14 12:02 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-14 12:02 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-14 12:02 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2011-12-29 22:26 - 2012-02-14 12:01 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-14 12:01 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-27 19:59 - 2012-02-14 12:01 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-19 01:55 - 2011-12-19 01:55 - 0000285 ____A C:\Users\Magda\Desktop\Nuci.url
2011-12-16 16:27 - 2011-07-20 23:01 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2011-12-16 00:46 - 2012-02-14 12:01 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-15 23:52 - 2012-02-14 12:01 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 08:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 20:02 - 2011-12-13 18:46 - 0000000 ____D C:\massblogupdater
2011-12-13 23:43 - 2012-02-15 08:00 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-13 23:16 - 2012-02-15 08:00 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-13 23:11 - 2012-02-15 08:00 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-13 23:04 - 2012-02-15 08:00 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-13 23:04 - 2012-02-15 08:00 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-13 23:03 - 2012-02-15 08:00 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-13 23:03 - 2012-02-15 08:00 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-13 23:01 - 2012-02-15 08:00 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-13 23:00 - 2012-02-15 08:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-13 22:59 - 2012-02-15 08:00 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-13 22:57 - 2012-02-15 08:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-13 22:57 - 2012-02-15 08:00 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-13 22:53 - 2012-02-15 08:00 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 19:30 - 2012-02-15 08:00 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-13 19:10 - 2012-02-15 08:00 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-13 19:04 - 2012-02-15 08:00 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-13 18:57 - 2012-02-15 08:00 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-13 18:57 - 2012-02-15 08:00 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-13 18:56 - 2012-02-15 08:00 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-13 18:55 - 2012-02-15 08:00 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-13 18:54 - 2012-02-15 08:00 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-13 18:53 - 2012-02-15 08:00 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-13 18:52 - 2012-02-15 08:00 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-13 18:50 - 2012-02-15 08:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-13 18:50 - 2012-02-15 08:00 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-13 18:47 - 2012-02-15 08:00 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-11 22:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-12-10 18:43 - 2011-12-10 18:41 - 0000210 ____A C:\Users\Magda\Desktop\tomato soup.url
2011-12-09 20:56 - 2011-12-09 20:56 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2011-12-09 20:56 - 2011-12-09 20:56 - 0000000 ____D C:\Program Files (x86)\Safari
2011-12-09 20:24 - 2012-02-12 18:12 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-08 19:36 - 2011-12-08 19:36 - 0000000 ____A C:\Windows\setuperr.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3932.87 MB
Available physical RAM: 3360.35 MB
Total Pagefile: 3931.02 MB
Available Pagefile: 3350.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (S3A8029D003) (Fixed) (Total:360.26 GB) (Free:262.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.74 GB) (Free:1.89 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 372 GB 0 B
Disk 1 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 360 GB 1501 MB
Partition 3 Primary 10 GB 361 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C S3A8029D003 NTFS Partition 360 GB Healthy

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3827 MB Healthy



==========================================================

Last Boot: 2012-02-28 05:24

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 29 February 2012 - 10:29 AM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

2 bc_ip_f; C:\Windows\System32\dmboot.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\dmboot.dll
NETSVC: bc_ip_f

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 29 February 2012 - 11:02 AM

thanks -

this is the fixlog.txt

I tried to run combofix again - and it said it had expired.....?


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-02-2012 01
Ran by SYSTEM at 2012-03-01 02:55:32 R:1
Running from F:\

==============================================

bc_ip_f service deleted successfully.
C:\Windows\System32\dmboot.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs bc_ip_f Deleted successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 29 February 2012 - 11:12 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 29 February 2012 - 06:25 PM

Ok - Will post.
Computer is ok - just the file.
Also just made a donation p******@universalmedia-online.com

It is only a little - but to say thanks. and to hope that we all above board with running everything.....

Will post the log etc

Cheers.
Walt

#14 walterbayliss

walterbayliss
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 29 February 2012 - 07:09 PM

Combo Fix log is here.
Thanks again.

ComboFix 12-02-29.01 - Magda 01/03/2012 10:28:59.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3933.1978 [GMT 11:00]
Running from: c:\users\Magda\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-03-01 05:33 . 2012-03-01 05:34 -------- d-----w- C:\FRST
2012-02-29 23:37 . 2012-02-29 23:37 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-02-29 23:37 . 2012-02-29 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 20:51 . 2010-10-05 10:26 109240 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak\components\abhelperxpcom.dll
2012-02-18 20:51 . 2010-10-05 10:27 150200 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2012-02-18 20:50 . 2012-02-29 23:40 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-18 20:50 . 2012-02-18 20:50 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-02-18 20:48 . 2012-02-18 20:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2012-02-17 08:30 . 2012-02-17 08:30 -------- d-----w- c:\users\Magda\AppData\Roaming\PrPowershot
2012-02-17 08:30 . 2012-02-17 08:30 -------- d-----w- c:\program files (x86)\PrPowershot
2012-02-15 09:21 . 2012-02-15 09:21 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-15 09:21 . 2012-02-15 09:21 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-15 09:21 . 2012-02-15 09:21 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-15 09:21 . 2012-02-15 09:21 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-14 20:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 20:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 20:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 20:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 20:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 20:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-13 03:51 . 2011-04-24 12:13 147856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-13 02:18 . 2012-02-13 03:36 -------- d-----w- c:\users\Magda\AppData\Roaming\Reraky
2012-02-13 02:18 . 2012-02-13 03:30 -------- d-----w- c:\users\Magda\AppData\Roaming\Raezve
2012-02-13 02:18 . 2012-02-13 03:36 -------- d-----w- c:\users\Magda\AppData\Roaming\Peakc
2012-02-13 02:18 . 2012-02-13 02:19 -------- d-----w- c:\users\Magda\AppData\Roaming\Wuarw
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\users\Magda\AppData\Roaming\Malwarebytes
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-13 02:12 . 2011-12-10 04:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 02:07 . 2012-02-13 03:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-13 01:56 . 2012-02-13 01:56 -------- d-----we c:\windows\system64
2012-02-03 04:54 . 2012-02-03 04:54 -------- d-----w- c:\program files\iPod
2012-02-03 04:54 . 2012-02-03 04:55 -------- d-----w- c:\program files\iTunes
2012-02-03 04:54 . 2012-02-03 04:55 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 01:40 . 2011-07-21 11:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 03:21 . 2011-07-21 07:01 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-08 03:21 . 2011-07-21 07:01 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-08 03:21 . 2011-07-21 07:01 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-28 18:10 . 2011-07-21 07:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 06:44 . 2012-01-18 06:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44 . 2012-01-18 06:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 06:44 . 2012-01-18 06:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 06:44 . 2012-01-18 06:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 06:44 . 2012-01-18 06:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 06:44 . 2012-01-18 06:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 06:44 . 2012-01-18 06:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 06:44 . 2012-01-18 06:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 06:44 . 2012-01-18 06:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-12-17 00:27 . 2011-07-21 07:01 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_11.40.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-19 11:42 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-29 23:42 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 22:16 . 2012-02-29 15:59 48182 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-29 23:44 44610 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-21 06:18 . 2012-02-29 23:44 10390 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2078504388-3627609576-2063209880-1005_UserData.bin
- 2009-07-14 05:30 . 2012-02-18 20:50 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-02-21 02:35 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2012-01-18 06:44 . 2012-01-18 06:44 25632 c:\windows\system64\DriverStore\FileRepository\lpro564c.inf_amd64_neutral_a8c5185c17f74702\lvbflt64.sys
+ 2011-07-21 23:11 . 2012-02-29 15:56 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-21 23:11 . 2012-02-19 11:40 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-21 23:11 . 2012-02-19 11:40 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-21 23:11 . 2012-02-29 15:56 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 15:56 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-19 11:40 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 22:16 . 2012-02-29 15:59 48182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-29 15:58 44444 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-21 06:18 . 2012-02-29 15:58 10072 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2078504388-3627609576-2063209880-1005_UserData.bin
- 2009-07-14 05:30 . 2012-02-18 20:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-02-21 02:35 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-18 06:44 . 2012-01-18 06:44 25632 c:\windows\system32\DriverStore\FileRepository\lpro564c.inf_amd64_neutral_a8c5185c17f74702\lvbflt64.sys
- 2011-07-21 23:11 . 2012-02-19 11:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 23:11 . 2012-02-29 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 23:11 . 2012-02-29 15:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-21 23:11 . 2012-02-19 11:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 15:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-19 11:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-16 01:31 . 2011-05-16 01:31 77128 c:\windows\Downloaded Program Files\CONFLICT.3\LMIProxyHelper.exe
+ 2011-05-16 01:31 . 2011-05-16 01:31 8592 c:\windows\system64\ractrlkeyhook.dll
+ 2011-05-16 01:31 . 2011-05-16 01:31 8592 c:\windows\system32\ractrlkeyhook.dll
+ 2012-02-29 23:40 . 2012-02-29 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-19 10:54 . 2012-02-19 11:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-19 10:54 . 2012-02-19 11:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-29 23:40 . 2012-02-29 23:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-21 01:40 . 2012-02-21 01:40 250016 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
+ 2012-02-21 01:40 . 2012-02-21 01:40 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.dll
- 2009-07-14 04:54 . 2012-02-19 11:40 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 23:42 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 10:51 . 2012-02-28 03:23 281682 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-07-21 07:04 . 2012-01-28 18:10 279656 c:\windows\system64\MpSigStub.exe
- 2011-07-21 07:04 . 2012-01-26 13:52 279656 c:\windows\system64\MpSigStub.exe
+ 2011-12-12 03:23 . 2012-02-21 01:40 465056 c:\windows\system64\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2011-12-12 03:23 . 2012-02-21 01:40 376480 c:\windows\system64\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
- 2011-12-12 03:23 . 2011-12-12 03:23 376480 c:\windows\system64\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 561440 c:\windows\system64\LVUIRC64.dll
- 2011-08-18 23:27 . 2011-08-18 23:27 561440 c:\windows\system64\LVUIRC64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 769312 c:\windows\system64\LVUI64.dll
- 2011-08-18 23:27 . 2011-08-18 23:27 769312 c:\windows\system64\LVUI64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 176416 c:\windows\system64\lvcod64.dll
- 2011-08-18 23:27 . 2011-08-18 23:27 176416 c:\windows\system64\lvcod64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 263456 c:\windows\system64\lvco13311044.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 104472 c:\windows\system64\LogiDPPApp.exe
- 2011-08-18 23:26 . 2011-08-18 23:26 104472 c:\windows\system64\LogiDPPApp.exe
- 2009-07-14 05:30 . 2012-02-18 20:50 143360 c:\windows\system64\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-21 02:35 143360 c:\windows\system64\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-18 20:50 143360 c:\windows\system64\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-02-21 02:34 143360 c:\windows\system64\DriverStore\infstor.dat
+ 2012-01-18 06:43 . 2012-01-18 06:43 685592 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\WUApp64.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 450848 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\UMVPFSrv.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 561440 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUIRC64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 769312 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUI64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 540960 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUI2RC.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 545056 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUI2.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 263456 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvcoin64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 307488 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvcodec2.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 176416 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvcod64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 104472 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LogiDPPApp.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 336408 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\DevManagerCore.dll
+ 2012-01-18 06:43 . 2012-01-18 06:43 685592 c:\windows\system64\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_994b928f76d55939\WUApp64.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 351136 c:\windows\system64\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_994b928f76d55939\lvrs64.sys
+ 2012-01-18 06:44 . 2012-01-18 06:44 263456 c:\windows\system64\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_994b928f76d55939\lvcoin64.dll
- 2011-08-18 23:27 . 2011-08-18 23:27 351136 c:\windows\system64\drivers\lvrs64.sys
+ 2012-01-18 06:44 . 2012-01-18 06:44 351136 c:\windows\system64\drivers\lvrs64.sys
- 2011-08-18 23:26 . 2011-08-18 23:26 336408 c:\windows\system64\DevManagerCore.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 336408 c:\windows\system64\DevManagerCore.dll
+ 2011-07-21 10:51 . 2012-02-28 03:23 281682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-12-12 03:23 . 2012-02-21 01:40 465056 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2011-12-12 03:23 . 2012-02-21 01:40 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
- 2011-12-12 03:23 . 2011-12-12 03:23 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2009-07-14 05:30 . 2012-02-21 02:35 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-18 20:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-21 02:34 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-18 20:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-01-18 06:43 . 2012-01-18 06:43 685592 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\WUApp64.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 450848 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\UMVPFSrv.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 561440 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUIRC64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 769312 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUI64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 540960 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUI2RC.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 545056 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LVUI2.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 263456 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvcoin64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 307488 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvcodec2.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 176416 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvcod64.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 104472 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LogiDPPApp.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 336408 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\DevManagerCore.dll
+ 2012-01-18 06:43 . 2012-01-18 06:43 685592 c:\windows\system32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_994b928f76d55939\WUApp64.exe
+ 2012-01-18 06:44 . 2012-01-18 06:44 351136 c:\windows\system32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_994b928f76d55939\lvrs64.sys
+ 2012-01-18 06:44 . 2012-01-18 06:44 263456 c:\windows\system32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_994b928f76d55939\lvcoin64.dll
- 2011-08-28 07:08 . 2012-02-19 09:52 487696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-28 07:08 . 2012-02-29 23:39 487696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-02-19 10:53 407536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-29 10:22 407536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-21 01:43 . 2012-02-21 01:43 734720 c:\windows\Installer\35f7dd.msi
+ 2012-02-21 01:42 . 2012-02-21 01:42 379904 c:\windows\Installer\35f7ce.msi
+ 2012-02-21 01:42 . 2012-02-21 01:42 487424 c:\windows\Installer\35f7c5.msi
+ 2012-02-29 16:01 . 2012-02-29 16:01 316416 c:\windows\Installer\{7AB01508-C2B2-43C8-8B44-514801E7CCC9}\IconA17C9A58.exe
+ 2012-02-27 06:48 . 2012-02-27 06:48 252816 c:\windows\Downloaded Program Files\CONFLICT.3\swscale-2.dll
+ 2012-01-31 23:51 . 2012-01-31 23:51 310160 c:\windows\Downloaded Program Files\CONFLICT.3\LMIGuardianEvt.dll
+ 2012-01-31 23:51 . 2012-01-31 23:51 375184 c:\windows\Downloaded Program Files\CONFLICT.3\LMIGuardian.exe
+ 2012-02-27 06:48 . 2012-02-27 06:48 144272 c:\windows\Downloaded Program Files\CONFLICT.3\LMIBroker.exe
+ 2012-02-27 06:48 . 2012-02-27 06:48 143248 c:\windows\Downloaded Program Files\CONFLICT.3\avutil-51.dll
- 2009-07-14 04:54 . 2012-02-19 11:40 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 23:42 1458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-18 06:44 . 2012-01-18 06:44 4865568 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvuvc64.sys
+ 2012-01-18 06:44 . 2012-01-18 06:44 4865568 c:\windows\system64\drivers\lvuvc64.sys
+ 2012-01-18 06:44 . 2012-01-18 06:44 4865568 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\lvuvc64.sys
+ 2012-01-04 07:05 . 2012-01-04 07:05 3979776 c:\windows\Installer\6a33c.msi
+ 2012-02-01 03:19 . 2012-02-01 03:19 9425408 c:\windows\Installer\4d01c.msi
+ 2012-02-21 01:42 . 2012-02-21 01:42 1406464 c:\windows\Installer\35f7bc.msi
+ 2012-02-21 01:42 . 2012-02-21 01:42 4807680 c:\windows\Installer\35f7a9.msi
+ 2012-02-21 01:41 . 2012-02-21 01:41 1690624 c:\windows\Installer\35f792.msi
+ 2012-02-21 01:41 . 2012-02-21 01:41 1687552 c:\windows\Installer\35f777.msi
+ 2012-01-31 23:51 . 2012-01-31 23:51 5912464 c:\windows\Downloaded Program Files\CONFLICT.3\RACtrl.dll
+ 2012-01-31 23:51 . 2012-01-31 23:51 1311632 c:\windows\Downloaded Program Files\CONFLICT.3\LMIGuardianDll.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 10920984 c:\windows\system64\LogiDPP.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 10920984 c:\windows\system64\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LogiDPP.dll
+ 2012-01-18 06:44 . 2012-01-18 06:44 10920984 c:\windows\system32\DriverStore\FileRepository\lpro564v.inf_amd64_neutral_f091ef6c15de54b0\LogiDPP.dll
+ 2011-10-19 11:54 . 2012-02-29 10:22 31021366 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2078504388-3627609576-2063209880-1005-12288.dat
+ 2012-02-21 01:41 . 2012-02-21 01:41 12637184 c:\windows\Installer\35f785.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"instanteyedropper"="c:\program files (x86)\InstantEyedropper\InstantEyedropper.exe" [2007-10-17 352256]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2012-02-18 365336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
.
c:\users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Macro Marketer.lnk - c:\program files (x86)\Macro Marketer\MacExp.exe [2011-9-27 3896832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-10-06 288088]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-26 329544]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-08 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078504388-3627609576-2063209880-1005Core.job
- c:\users\Magda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 12:01]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078504388-3627609576-2063209880-1005UA.job
- c:\users\Magda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 12:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-03 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AAA0B934-A7A9-417B-A527-8A0FBF4B5C31}: NameServer = 10.21.24.1
FF - ProfilePath - c:\users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\29k2vmqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Macro Marketer\macedit.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-03-01 10:51:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 23:50
ComboFix2.txt 2012-02-19 11:50
.
Pre-Run: 281,720,209,408 bytes free
Post-Run: 282,060,316,672 bytes free
.
- - End Of File - - 6268DE27E68A4632E93F14C232D35854

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:13 PM

Posted 01 March 2012 - 12:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Magda\AppData\Roaming\Reraky
c:\users\Magda\AppData\Roaming\Raezve
c:\users\Magda\AppData\Roaming\Peakc
c:\users\Magda\AppData\Roaming\Wuarw

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users