24 replies to this topic

[ktblue]

Hi, posted this in wrong forum before. I downloaded super.exe and now have the Whitesmoke toolbar trojan. Can some kind helper help me remove this? Many, many thanks.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

[ktblue]

Mr. Charlie, you rock. Here are the logs:

DDS:
---------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lodge at 13:35:19 on 2012-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6120 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Firefox\firefox.exe
C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Firefox\plugin-container.exe
C:\Program Files (x86)\Firefox\plugin-container.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uDefault_Page_URL = www.dell.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll
uRun: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Lodge\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{72239310-0BE3-4CF7-A7D4-AC222947244A} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui
mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-29 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast\AvastSvc.exe [2012-5-18 44768]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2012-4-23 14336]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-18 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-19 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-18 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-18 129976]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-21 17:22:16 -------- d-----w- C:\Program Files (x86)\Revo Uninstaller
2012-05-21 16:44:19 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Malwarebytes
2012-05-21 16:44:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-21 16:44:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-21 16:44:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes
2012-05-21 16:35:51 -------- d-----w- C:\Program Files (x86)\SUPER
2012-05-21 16:35:39 -------- d-----w- C:\Users\Lodge\AppData\Local\CRE
2012-05-21 16:35:30 -------- d-----w- C:\Program Files (x86)\Conduit
2012-05-21 16:35:29 -------- d-----w- C:\Users\Lodge\AppData\Local\Conduit
2012-05-21 16:35:23 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo
2012-05-21 16:34:59 -------- d-----w- C:\Program Files (x86)\eRightSoft
2012-05-21 15:57:13 -------- d-----r- C:\Users\Lodge\Dropbox
2012-05-21 15:50:32 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Dropbox
2012-05-21 15:40:42 -------- d-----w- C:\Users\Lodge\AppData\Local\RSA
2012-05-21 15:38:49 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token for Windows
2012-05-21 15:38:49 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token Common
2012-05-20 20:43:04 -------- dc-h--w- C:\ProgramData\{F7D319B6-E312-49A7-AA67-4737E676DD03}
2012-05-20 20:42:56 -------- dc-h--w- C:\ProgramData\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}
2012-05-20 20:39:32 -------- dc-h--w- C:\ProgramData\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}
2012-05-20 20:39:31 -------- d-----w- C:\Program Files\Common Files\Topaz Labs
2012-05-20 20:39:26 -------- dc-h--w- C:\ProgramData\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}
2012-05-20 20:39:25 -------- d-----w- C:\Program Files (x86)\Topaz Labs
2012-05-20 20:39:25 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs
2012-05-20 20:38:59 -------- d-----w- C:\Users\Lodge\AppData\Local\PackageAware
2012-05-20 15:41:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-05-20 04:56:20 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-20 00:02:18 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-20 00:02:03 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-20 00:01:30 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-20 00:01:21 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-20 00:00:47 -------- d-----w- C:\Program Files\PlayReady
2012-05-19 17:32:17 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-19 17:32:15 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\mpengine.dll
2012-05-19 16:35:33 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-19 16:35:33 -------- d-----w- C:\Windows\System32\Wat
2012-05-19 16:15:27 -------- d-----w- C:\Users\Lodge\AppData\Local\Diagnostics
2012-05-19 16:14:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-19 16:14:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-19 16:14:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-19 16:14:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-19 16:14:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-19 16:14:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-19 16:14:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-19 16:11:08 -------- d-----w- C:\Users\Lodge\AppData\Roaming\WMCore
2012-05-19 16:11:01 -------- d-----w- C:\Users\Lodge\AppData\Roaming\WirelessManager
2012-05-19 15:47:30 -------- d-----w- C:\Windows\Downloaded Installations
2012-05-19 15:46:07 -------- d-----w- C:\Program Files (x86)\Dell
2012-05-19 15:43:32 -------- d-----w- C:\Users\Lodge\AppData\Local\BVRP Software
2012-05-19 15:43:32 -------- d-----w- C:\Program Files (x86)\Netwaiting
2012-05-19 14:59:15 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Dell
2012-05-19 14:52:02 -------- d-----w- C:\Users\Lodge\AppData\Local\Deployment
2012-05-19 14:52:02 -------- d-----w- C:\Users\Lodge\AppData\Local\Apps
2012-05-19 06:37:13 -------- d-----w- C:\ProgramData\ALM
2012-05-19 06:23:25 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Roxio Burn
2012-05-19 05:25:40 -------- d-----w- C:\Windows\SysWow64\spool
2012-05-19 05:23:41 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-05-19 05:22:29 -------- d-----w- C:\Users\Lodge\AppData\Local\Adobe
2012-05-19 05:22:15 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-05-19 04:46:39 335872 ----a-r- C:\Users\Lodge\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2012-05-19 04:46:21 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies
2012-05-19 04:46:19 -------- d-----w- C:\Program Files (x86)\Nikon Transfer
2012-05-19 04:35:25 -------- d-----w- C:\Users\Lodge\AppData\Local\Nikon
2012-05-19 04:35:22 -------- d-----w- C:\ProgramData\Machines
2012-05-19 04:32:53 49152 ----a-r- C:\Users\Lodge\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2012-05-19 04:32:31 57344 ----a-r- C:\Users\Lodge\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-05-19 04:31:50 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2012-05-19 04:31:43 -------- d-----w- C:\Program Files (x86)\Capture NX 2
2012-05-19 04:30:49 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Macrovision
2012-05-19 02:16:18 -------- d-----w- C:\Users\Lodge\AppData\Local\Mozilla
2012-05-19 02:16:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-19 02:16:12 -------- d-----w- C:\Program Files (x86)\Firefox
2012-05-19 00:50:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-19 00:50:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 23:09:58 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-18 23:08:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-18 23:08:04 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-18 23:08:04 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-18 23:08:04 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-18 23:06:43 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-18 23:06:43 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-18 23:06:35 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-18 23:06:35 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-05-18 23:06:35 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-05-18 23:06:35 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-05-18 23:06:27 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-18 23:06:27 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-18 23:06:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-18 23:06:23 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-18 23:06:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-18 23:05:52 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 23:05:52 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-18 23:05:52 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-18 23:05:52 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-18 23:05:52 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 23:05:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-18 23:05:40 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-18 23:05:26 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-18 23:05:26 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-18 21:56:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-18 21:56:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-18 21:56:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-18 21:56:03 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-18 21:56:03 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-18 21:56:03 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-18 21:56:03 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-23 21:21:34 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-04-23 21:21:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-04-23 21:21:34 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
.
==================== Find3M ====================
.
2012-05-19 04:45:54 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-29 17:26:28 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-02-29 17:26:27 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-02-29 17:26:27 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-02-29 17:23:03 75 --sh--r- C:\Windows\CT4CET.bin
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2006-05-03 15:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 16:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 18:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 13:35:47.56 ===============

-----------------------------------------------------------------------------------------------------------------------
Here is the attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/18/2012 5:54:21 PM
System Uptime: 5/21/2012 1:25:37 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0XN71K
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz | CPU | 2376/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 560.911 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 6.314 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 5/21/2012 12:58:17 PM - restore521
.
==== Installed Programs ======================
.
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader X (10.1.3)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
avast! Free Antivirus
Capture NX 2
Connect
CyberLink PowerDVD 9.5
Dell Driver Download Manager
Dell Mobile Broadband Manager
Dell Webcam Central
Dell Wireless HSPA Mini-Card Drivers
DirectX 9 Runtime
Dropbox
Fantapper Player
Fantapper Updater
File Uploader
Google Chrome
Google Update Helper
InstallVC90Support
Intel® Processor Graphics
Junk Mail filter update
kuler
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
Nikon Message Center
Nikon Transfer
PDF Settings CS4
Photoshop Camera Raw
PhotoShowExpress
Picture Control Utility
Pixel Bender Toolkit
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.93
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
RSA SecurID Token for Windows Desktops
Sonic CinePlayer Decoder Pack
Suite Shared Configuration CS4
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
5/20/2012 5:24:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
5/19/2012 12:38:07 PM, Error: Service Control Manager [7023] -
5/19/2012 12:35:54 PM, Error: Service Control Manager [7038] - The avast! Antivirus service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/19/2012 12:35:54 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not start due to a logon failure.
5/19/2012 12:35:51 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/19/2012 12:35:51 PM, Error: Service Control Manager [7031] - The Mobile Broadband Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/19/2012 12:35:51 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
5/19/2012 12:35:49 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/19/2012 12:17:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
5/19/2012 12:17:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
5/19/2012 12:12:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
5/19/2012 12:12:35 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/19/2012 12:09:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/19/2012 1:52:38 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================

[ktblue]

Here is the Rogue report:
-------------------------------------------------------

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Lodge [Admin rights]
Mode: Scan -- Date: 05/21/2012 13:40:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 1174604c9a98154a461df6578a51b886
[BSP] 39ffb7bc106af253d9ff87357d0a091a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 701402 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436473344 | Size: 14000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[ktblue]

Note: prior to writing here, I had "uninstalled" Whitesmoke via Add/Remove control panel. See now that I shouldnt have done that, but it's too late...

[MrCharlie]

I strongly suggest you uninstall these:

Fantapper Player
Fantapper Updater

Here's why:
http://www.systemloo...taller_dll.html

-------------------------------------------

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

[ktblue]

I have no idea what Fantapper is. I presume I should uninstall these from Control Panel? Stand by for Combofix info. Thanks again.

[MrCharlie]

Yes, from control panels add/remove programs. MrC

[ktblue]

Ok, uninstalled fantapper(s), disabled the Avast before running, closed Firefox and ran the combofix from desktop. Reopened FF--toolbar still there, fyi

Here are the Combofix results.
--------------------------------------------------

ComboFix 12-05-21.05 - Lodge 05/21/2012 14:11:43.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6175 [GMT -4:00]
Running from: c:\users\Lodge\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NetServices
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 18:16 . 2012-05-21 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 18:12 . 2012-05-21 18:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\offreg.dll
2012-05-21 17:22 . 2012-05-21 17:22 -------- d-----w- c:\program files (x86)\Revo Uninstaller
2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes
2012-05-21 16:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\SUPER
2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\Conduit
2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\iNTERNET Turbo
2012-05-21 16:34 . 2012-05-21 16:34 -------- d-----w- c:\program files (x86)\eRightSoft
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token for Windows
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token Common
2012-05-20 20:43 . 2012-05-20 20:43 -------- dc-h--w- c:\programdata\{F7D319B6-E312-49A7-AA67-4737E676DD03}
2012-05-20 20:42 . 2012-05-20 20:42 -------- dc-h--w- c:\programdata\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}
2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}
2012-05-20 20:39 . 2012-05-20 20:43 -------- d-----w- c:\program files\Common Files\Topaz Labs
2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}
2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Topaz Labs
2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs
2012-05-20 15:41 . 2012-05-20 15:41 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-05-20 04:56 . 2012-05-20 04:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-20 02:30 . 2012-05-20 17:53 -------- d-----w- c:\programdata\FLEXnet
2012-05-20 00:02 . 2012-05-20 00:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-20 00:02 . 2012-05-20 00:02 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-20 00:01 . 2012-05-20 00:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-20 00:01 . 2012-05-20 00:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-20 00:00 . 2012-05-20 00:00 -------- d-----w- c:\program files\PlayReady
2012-05-19 17:32 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\mpengine.dll
2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\system32\Wat
2012-05-19 16:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-19 16:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-19 16:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-19 16:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-19 16:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-19 16:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-19 16:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\windows\Downloaded Installations
2012-05-19 15:46 . 2012-05-19 15:49 -------- d-----w- c:\program files (x86)\Dell
2012-05-19 15:43 . 2012-05-19 15:43 -------- d-----w- c:\program files (x86)\Netwaiting
2012-05-19 06:37 . 2012-05-19 06:37 -------- d-----w- c:\programdata\ALM
2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\windows\SysWow64\spool
2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-05-19 05:24 . 2012-05-19 05:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-05-19 05:23 . 2012-05-19 05:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-05-19 05:23 . 2012-05-20 02:54 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-19 05:22 . 2012-05-19 05:22 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-05-19 04:31 . 2012-05-19 04:46 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2012-05-19 04:31 . 2012-05-19 04:31 -------- d-----w- c:\program files (x86)\Capture NX 2
2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\Ultima_T15
2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\EnterNHelp
2012-05-19 02:47 . 2012-05-19 02:51 -------- d-----w- c:\program files (x86)\Google
2012-05-19 02:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-19 02:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-19 02:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-19 02:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-19 02:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-19 02:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-19 02:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-19 02:47 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-19 02:47 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-19 02:47 . 2012-05-19 16:09 -------- d-----w- c:\program files\Avast
2012-05-19 02:47 . 2012-05-19 02:47 -------- d-----w- c:\programdata\AVAST Software
2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Firefox
2012-05-19 00:50 . 2012-05-20 17:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-19 00:50 . 2012-05-20 17:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\SysWow64\Macromed
2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\system32\Macromed
2012-05-18 23:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-18 23:08 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-18 23:08 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-18 23:08 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-18 23:08 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-18 23:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-18 23:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-18 23:06 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-18 23:06 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-18 23:06 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-18 23:06 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-18 23:06 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-18 23:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-18 23:06 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-18 23:06 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-18 23:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-18 23:05 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-18 23:05 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-18 23:05 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 23:05 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-18 23:05 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 23:05 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-18 23:05 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-18 23:05 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-18 23:05 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-18 21:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-18 21:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-18 21:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-18 21:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-18 21:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-18 21:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-18 21:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-18 21:54 . 2012-05-21 15:57 -------- d-----w- c:\users\Lodge
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 04:45 . 2003-03-19 01:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-02-29 17:26 . 2012-02-29 17:26 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-29 17:26 . 2012-02-29 17:26 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-29 17:26 . 2012-02-29 17:26 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-29 17:14 . 2012-02-29 17:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-29 17:14 . 2012-02-29 17:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-29 17:14 . 2012-02-29 17:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-29 17:14 . 2012-02-29 17:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-29 17:14 . 2012-02-29 17:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-29 17:14 . 2012-02-29 17:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-29 17:14 . 2012-02-29 17:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-29 17:14 . 2012-02-29 17:14 448512 ----a-w- c:\windows\system32\html.iec
2012-02-29 17:14 . 2012-02-29 17:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-29 17:14 . 2012-02-29 17:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-29 17:14 . 2012-02-29 17:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-29 17:14 . 2012-02-29 17:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 17:14 . 2012-02-29 17:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-29 17:14 . 2012-02-29 17:14 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-29 17:14 . 2012-02-29 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-29 17:14 . 2012-02-29 17:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-29 17:14 . 2012-02-29 17:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-29 17:14 . 2012-02-29 17:14 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-29 17:14 . 2012-02-29 17:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-29 17:14 . 2012-02-29 17:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-29 17:14 . 2012-02-29 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-29 17:14 . 2012-02-29 17:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 17:14 . 2012-02-29 17:14 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-29 17:14 . 2012-02-29 17:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-29 17:14 . 2012-02-29 17:14 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-29 17:14 . 2012-02-29 17:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-29 17:14 . 2012-02-29 17:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-29 17:14 . 2012-02-29 17:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2006-05-03 15:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 16:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 18:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-06-04 193064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"avast"="c:\program files\Avast\avastUI.exe" [2012-03-06 4241512]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-19 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-17 317248]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-08-29 4146848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4c,de,b9,b8,7b,37,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-21 14:17:51
ComboFix-quarantined-files.txt 2012-05-21 18:17
.
Pre-Run: 601,579,790,336 bytes free
Post-Run: 601,422,823,424 bytes free
.
- - End Of File - - 50993F51BC81B9E1625727A450D3954B

[MrCharlie]

Quote

Note: prior to writing here, I had "uninstalled" Whitesmoke via Add/Remove control panel. See now that I shouldnt have done that, but it's too late...

I missed this post and it's OK that you did uninstall it.

-----------------------------------------------------------

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

Quote

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
Firefox::
FF - ProfilePath - c:\users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
Folder::
c:\program files (x86)\Conduit

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[ktblue]

NO reboot requested, so I did not... did as requested, toolbar remains. Here are the results:

ComboFix 12-05-21.05 - Lodge 05/21/2012 15:48:25.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6242 [GMT -4:00]
Running from: c:\users\Lodge\Desktop\ComboFix.exe
Command switches used :: c:\users\Lodge\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 19:52 . 2012-05-21 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 19:27 . 2012-05-21 19:27 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{498C3C16-B8C5-4DF4-8656-4F1270C56ABA}\offreg.dll
2012-05-21 19:12 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{498C3C16-B8C5-4DF4-8656-4F1270C56ABA}\mpengine.dll
2012-05-21 19:09 . 2012-05-21 19:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-21 19:09 . 2012-05-21 19:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-21 19:08 . 2012-05-21 19:08 -------- d-----w- C:\8efce6287315c8de9a4a1357a35853
2012-05-21 18:12 . 2012-05-21 18:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\offreg.dll
2012-05-21 17:22 . 2012-05-21 17:22 -------- d-----w- c:\program files (x86)\Revo Uninstaller
2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes
2012-05-21 16:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\SUPER
2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\iNTERNET Turbo
2012-05-21 16:34 . 2012-05-21 16:34 -------- d-----w- c:\program files (x86)\eRightSoft
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token for Windows
2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token Common
2012-05-20 20:43 . 2012-05-20 20:43 -------- dc-h--w- c:\programdata\{F7D319B6-E312-49A7-AA67-4737E676DD03}
2012-05-20 20:42 . 2012-05-20 20:42 -------- dc-h--w- c:\programdata\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}
2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}
2012-05-20 20:39 . 2012-05-20 20:43 -------- d-----w- c:\program files\Common Files\Topaz Labs
2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}
2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Topaz Labs
2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs
2012-05-20 15:41 . 2012-05-20 15:41 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-05-20 04:56 . 2012-05-20 04:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-20 02:30 . 2012-05-20 17:53 -------- d-----w- c:\programdata\FLEXnet
2012-05-20 00:02 . 2012-05-20 00:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-20 00:02 . 2012-05-20 00:02 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-20 00:01 . 2012-05-20 00:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-20 00:01 . 2012-05-20 00:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-20 00:00 . 2012-05-20 00:00 -------- d-----w- c:\program files\PlayReady
2012-05-19 17:32 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\mpengine.dll
2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\system32\Wat
2012-05-19 16:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-19 16:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-19 16:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-19 16:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-19 16:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-19 16:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-19 16:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\windows\Downloaded Installations
2012-05-19 15:46 . 2012-05-19 15:49 -------- d-----w- c:\program files (x86)\Dell
2012-05-19 15:43 . 2012-05-19 15:43 -------- d-----w- c:\program files (x86)\Netwaiting
2012-05-19 06:37 . 2012-05-19 06:37 -------- d-----w- c:\programdata\ALM
2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\windows\SysWow64\spool
2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-05-19 05:24 . 2012-05-19 05:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-05-19 05:23 . 2012-05-19 05:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-05-19 05:23 . 2012-05-20 02:54 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-19 05:22 . 2012-05-19 05:22 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-05-19 04:31 . 2012-05-19 04:46 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2012-05-19 04:31 . 2012-05-19 04:31 -------- d-----w- c:\program files (x86)\Capture NX 2
2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\Ultima_T15
2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\EnterNHelp
2012-05-19 02:47 . 2012-05-19 02:51 -------- d-----w- c:\program files (x86)\Google
2012-05-19 02:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-19 02:47 . 2012-05-21 19:17 -------- d-----w- c:\programdata\AVAST Software
2012-05-19 02:47 . 2012-05-21 19:17 -------- d-----w- c:\program files\Avast
2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Firefox
2012-05-19 00:50 . 2012-05-20 17:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-19 00:50 . 2012-05-20 17:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\SysWow64\Macromed
2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\system32\Macromed
2012-05-18 23:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-18 23:08 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-18 23:08 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-18 23:08 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-18 23:08 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-18 23:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-18 23:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-18 23:06 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-18 23:06 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-18 23:06 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-18 23:06 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-18 23:06 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-18 23:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-18 23:06 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-18 23:06 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-18 23:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-18 23:05 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-18 23:05 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-18 23:05 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 23:05 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-18 23:05 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 23:05 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-18 23:05 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-18 23:05 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-18 23:05 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-18 21:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-18 21:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-18 21:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-18 21:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-18 21:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-18 21:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-18 21:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-18 21:54 . 2012-05-21 19:27 -------- d-----w- c:\users\Lodge
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 04:45 . 2003-03-19 01:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-29 17:26 . 2012-02-29 17:26 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-29 17:26 . 2012-02-29 17:26 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-29 17:26 . 2012-02-29 17:26 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-29 17:14 . 2012-02-29 17:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-29 17:14 . 2012-02-29 17:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-29 17:14 . 2012-02-29 17:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-29 17:14 . 2012-02-29 17:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-29 17:14 . 2012-02-29 17:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-29 17:14 . 2012-02-29 17:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-29 17:14 . 2012-02-29 17:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-29 17:14 . 2012-02-29 17:14 448512 ----a-w- c:\windows\system32\html.iec
2012-02-29 17:14 . 2012-02-29 17:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-29 17:14 . 2012-02-29 17:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-29 17:14 . 2012-02-29 17:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-29 17:14 . 2012-02-29 17:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 17:14 . 2012-02-29 17:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-29 17:14 . 2012-02-29 17:14 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-29 17:14 . 2012-02-29 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-29 17:14 . 2012-02-29 17:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-29 17:14 . 2012-02-29 17:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-29 17:14 . 2012-02-29 17:14 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-29 17:14 . 2012-02-29 17:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-29 17:14 . 2012-02-29 17:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-29 17:14 . 2012-02-29 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-29 17:14 . 2012-02-29 17:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 17:14 . 2012-02-29 17:14 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-29 17:14 . 2012-02-29 17:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-29 17:14 . 2012-02-29 17:14 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-29 17:14 . 2012-02-29 17:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-29 17:14 . 2012-02-29 17:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-29 17:14 . 2012-02-29 17:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2006-05-03 15:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 16:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 18:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_18.16.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-05-21 19:19 29664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-02-29 17:08 . 2012-05-21 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-29 17:08 . 2012-05-21 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-29 17:08 . 2012-05-21 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-29 17:08 . 2012-05-21 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-21 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-21 19:09 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-19 02:34 . 2012-05-21 19:19 4454 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-558802021-4168072929-2660782545-1002_UserData.bin
- 2012-05-21 17:26 . 2012-05-21 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-21 17:26 . 2012-05-21 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-21 17:26 . 2012-05-21 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-21 17:26 . 2012-05-21 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-21 19:09 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-21 19:09 104702 c:\windows\system32\perfc009.dat
+ 2010-11-21 03:27 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
- 2010-11-21 03:27 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe
+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-05-21 19:09 . 2012-05-21 19:09 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2010-06-08 19:46 . 2010-06-08 19:46 402800 c:\windows\Downloaded Program Files\JuniperExt.exe
+ 2012-03-26 23:21 . 2012-03-26 23:21 7622656 c:\windows\Installer\5eb6f6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-06-04 193064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-19 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-17 317248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4c,de,b9,b8,7b,37,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-21 15:54:01
ComboFix-quarantined-files.txt 2012-05-21 19:54
ComboFix2.txt 2012-05-21 19:08
ComboFix3.txt 2012-05-21 18:17
.
Pre-Run: 600,822,910,976 bytes free
Post-Run: 600,535,736,320 bytes free
.
- - End Of File - - 1ABC45CE36D9E088251354BD0840971D

[ktblue]

Note: I hope this didn't mess things up...but my company had me uninstall Avast and reinstall MS Sec. Essentials, in between these last ComboFixes. Of course, it was disabled when running the scan/fix.

[MrCharlie]

I don't see it in the ComboFix log, try OTL.....

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

[ktblue]

Thank you again, Mr C. Ran OTL, and here is the OTL log. Extras log will be posted in this message, below this:

OTL:
----------------------
OTL logfile created on: 5/21/2012 4:33:09 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Lodge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 79.52% Memory free
15.79 Gb Paging File | 14.01 Gb Available in Paging File | 88.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.96 Gb Total Space | 559.22 Gb Free Space | 81.64% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 6.26 Gb Free Space | 45.76% Space Free | Partition Type: NTFS

Computer Name: MININT-A5BLASO | User Name: Lodge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 16:31:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lodge\Desktop\OTL.exe
PRC - [2012/05/04 14:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 18:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/06/10 23:56:14 | 000,320,880 | ---- | M] (Juniper Networks") -- C:\Users\Lodge\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
PRC - [2010/06/08 18:46:20 | 000,529,776 | ---- | M] (Juniper Networks) -- C:\Users\Lodge\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
PRC - [2010/06/04 15:47:44 | 000,193,064 | ---- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
PRC - [2010/01/28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/21 09:47:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/21 09:47:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/21 09:47:23 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/21 09:47:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/19 12:46:31 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/19 12:45:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/19 12:42:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/19 12:42:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/19 12:42:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/19 12:42:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/19 12:42:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/19 12:41:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/02/12 14:53:46 | 000,058,880 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\MBMDebug.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/19 01:23:41 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/19 01:22:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/01/28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/17 15:01:00 | 000,027,712 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/09/13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/19 16:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 02:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/30 15:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/23 18:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/27 13:42:00 | 001,800,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/08/20 15:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/26 22:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E F2 58 72 8C 37 CD 01 [binary data]
IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012/05/18 22:16:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins

[2012/05/18 22:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Extensions
[2012/05/21 12:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions
[2012/05/21 12:35:34 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2012/05/15 17:25:54 | 000,000,929 | ---- | M] () -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\searchplugins\conduit.xml
[2012/05/19 01:03:57 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\LODGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\47I18J1O.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: WhiteSmoke US = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\2.3.9.0_0\
CHR - Extension: YouTube = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: StumbleUpon = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.5.7.1_0\
CHR - Extension: Hover Zoom = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.3_0\
CHR - Extension: Gmail = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/21 15:52:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-558802021-4168072929-2660782545-1002..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O4 - Startup: C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.coxinc.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72239310-0BE3-4CF7-A7D4-AC222947244A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 16:31:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lodge\Desktop\OTL.exe
[2012/05/21 16:00:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/21 15:54:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/21 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\Lodge\2-Clark
[2012/05/21 15:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/21 15:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/21 15:08:52 | 000,000,000 | ---D | C] -- C:\8efce6287315c8de9a4a1357a35853
[2012/05/21 14:39:41 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2012/05/21 14:39:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Juniper Networks
[2012/05/21 14:11:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/21 14:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/21 14:11:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/21 14:10:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/21 14:10:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/21 14:02:39 | 004,501,170 | R--- | C] (Swearware) -- C:\Users\Lodge\Desktop\ComboFix.exe
[2012/05/21 13:40:30 | 000,000,000 | ---D | C] -- C:\Users\Lodge\Desktop\RK_Quarantine
[2012/05/21 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/05/21 13:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Revo Uninstaller
[2012/05/21 12:44:19 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Malwarebytes
[2012/05/21 12:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2012/05/21 12:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/21 12:44:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/21 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes
[2012/05/21 12:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER Converter
[2012/05/21 12:36:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012/05/21 12:36:27 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012/05/21 12:36:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012/05/21 12:36:25 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012/05/21 12:36:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012/05/21 12:36:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012/05/21 12:36:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012/05/21 12:36:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012/05/21 12:36:25 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012/05/21 12:36:21 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012/05/21 12:36:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2012/05/21 12:36:17 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012/05/21 12:36:17 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012/05/21 12:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPER
[2012/05/21 12:35:39 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\CRE
[2012/05/21 12:35:29 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Conduit
[2012/05/21 12:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNTERNET Turbo
[2012/05/21 12:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012/05/21 11:57:13 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Dropbox
[2012/05/21 11:50:48 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/05/21 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Dropbox
[2012/05/21 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\RSA
[2012/05/21 11:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Token
[2012/05/21 11:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSA SecurID Token for Windows
[2012/05/21 11:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSA SecurID Token Common
[2012/05/21 10:31:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/20 16:43:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F7D319B6-E312-49A7-AA67-4737E676DD03}
[2012/05/20 16:42:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}
[2012/05/20 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
[2012/05/20 16:39:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}
[2012/05/20 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2012/05/20 16:39:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}
[2012/05/20 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2012/05/20 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs
[2012/05/20 16:38:59 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\PackageAware
[2012/05/20 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/05/20 11:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/05/20 00:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/05/19 22:31:34 | 000,000,000 | ---D | C] -- C:\Users\Lodge\Documents\Adobe
[2012/05/19 22:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/05/19 20:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012/05/19 12:35:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/05/19 12:35:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/05/19 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Diagnostics
[2012/05/19 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\WMCore
[2012/05/19 12:11:01 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\WirelessManager
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2012/05/19 12:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012/05/19 11:47:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/05/19 11:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2012/05/19 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2012/05/19 11:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting
[2012/05/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netwaiting
[2012/05/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\BVRP Software
[2012/05/19 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Dell
[2012/05/19 10:52:36 | 000,000,000 | ---D | C] -- C:\Users\Lodge\Documents\Drivers
[2012/05/19 10:52:13 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2012/05/19 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Deployment
[2012/05/19 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Apps
[2012/05/19 02:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/05/19 02:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/05/19 02:23:25 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Roxio Burn
[2012/05/19 01:25:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/05/19 01:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/05/19 01:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/05/19 01:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/05/19 01:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4
[2012/05/19 01:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/05/19 01:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/05/19 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Adobe
[2012/05/19 01:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/05/19 00:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer
[2012/05/19 00:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2012/05/19 00:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2012/05/19 00:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon Transfer
[2012/05/19 00:35:25 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Nikon
[2012/05/19 00:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Machines
[2012/05/19 00:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2012/05/19 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Nikon
[2012/05/19 00:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture NX 2
[2012/05/19 00:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Capture NX 2
[2012/05/19 00:30:49 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Macrovision
[2012/05/19 00:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2012/05/19 00:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2012/05/18 22:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/18 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Google
[2012/05/18 22:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/05/18 22:47:56 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/05/18 22:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/18 22:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avast
[2012/05/18 22:16:18 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Mozilla
[2012/05/18 22:16:18 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Mozilla
[2012/05/18 22:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/18 22:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 22:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox
[2012/05/18 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Macromedia
[2012/05/18 21:00:35 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Adobe
[2012/05/18 20:50:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/05/18 20:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/18 17:55:06 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Roxio
[2012/05/18 17:54:49 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/18 17:54:49 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Searches
[2012/05/18 17:54:49 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/18 17:54:49 | 000,000,000 | -H-D | C] -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/18 17:54:35 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Identities
[2012/05/18 17:54:31 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Contacts
[2012/05/18 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\VirtualStore
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\AppData\Local\Temporary Internet Files
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Templates
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Start Menu
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\SendTo
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Recent
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\PrintHood
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\NetHood
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Documents\My Videos
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Documents\My Pictures
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Documents\My Music
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\My Documents
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Local Settings
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\AppData\Local\History
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Cookies
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Application Data
[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\AppData\Local\Application Data
[2012/05/18 17:54:22 | 000,000,000 | --SD | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Videos
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Saved Games
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Pictures
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Music
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Links
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Favorites
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Downloads
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Documents
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Desktop
[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/18 17:54:22 | 000,000,000 | -H-D | C] -- C:\Users\Lodge\AppData
[2012/05/18 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Temp
[2012/05/18 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Microsoft
[2012/05/18 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2012/05/21 16:31:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lodge\Desktop\OTL.exe
[2012/05/21 16:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/21 16:07:23 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 16:07:23 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 16:00:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 15:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/21 15:59:49 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/21 15:52:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/21 15:09:07 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/21 15:09:07 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/21 15:09:07 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/21 15:02:56 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/21 14:02:53 | 004,501,170 | R--- | M] (Swearware) -- C:\Users\Lodge\Desktop\ComboFix.exe
[2012/05/21 14:01:14 | 000,001,371 | ---- | M] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/21 13:22:16 | 000,001,104 | ---- | M] () -- C:\Users\Lodge\Desktop\Revo Uninstaller.lnk
[2012/05/21 12:44:16 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 11:57:13 | 000,001,053 | ---- | M] () -- C:\Users\Lodge\Desktop\Dropbox.lnk
[2012/05/21 11:50:55 | 000,001,063 | ---- | M] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/21 10:32:10 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/21 09:45:05 | 003,069,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/20 17:15:45 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/05/20 17:00:18 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/20 11:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/05/19 11:46:07 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Dell Mobile Broadband Manager.lnk
[2012/05/19 00:46:21 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
[2012/05/19 00:45:56 | 000,000,268 | RH-- | M] () -- C:\Users\Lodge\AppData\Roaming\Metadata Importer
[2012/05/19 00:45:56 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/05/19 00:45:56 | 000,000,012 | RH-- | M] () -- C:\ProgramData\PPD Plugins
[2012/05/19 00:35:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Synth Basics
[2012/05/19 00:35:22 | 000,000,268 | RH-- | M] () -- C:\Users\Lodge\AppData\Roaming\Super Strings
[2012/05/19 00:34:27 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2012/05/18 22:51:43 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/18 22:51:43 | 000,002,245 | ---- | M] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/18 22:47:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/18 22:16:15 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/18 18:52:48 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/05/18 18:52:48 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/05/21 15:09:09 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/21 15:09:07 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/21 15:02:56 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/21 14:11:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/21 14:11:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/21 14:11:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/21 14:11:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/21 14:11:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/21 13:22:16 | 000,001,104 | ---- | C] () -- C:\Users\Lodge\Desktop\Revo Uninstaller.lnk
[2012/05/21 12:44:16 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 12:36:25 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012/05/21 12:36:25 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/05/21 12:36:25 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012/05/21 12:36:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012/05/21 12:36:21 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012/05/21 12:36:19 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012/05/21 12:36:17 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012/05/21 12:36:17 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012/05/21 12:36:17 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012/05/21 12:36:17 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012/05/21 11:57:13 | 000,001,053 | ---- | C] () -- C:\Users\Lodge\Desktop\Dropbox.lnk
[2012/05/21 11:50:55 | 000,001,063 | ---- | C] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/21 10:32:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/21 10:32:10 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/20 11:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/05/19 11:46:07 | 000,002,316 | ---- | C] () -- C:\Users\Public\Desktop\Dell Mobile Broadband Manager.lnk
[2012/05/19 01:28:21 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/05/19 00:46:21 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
[2012/05/19 00:45:56 | 000,000,268 | RH-- | C] () -- C:\Users\Lodge\AppData\Roaming\Metadata Importer
[2012/05/19 00:45:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/05/19 00:45:56 | 000,000,012 | RH-- | C] () -- C:\ProgramData\PPD Plugins
[2012/05/19 00:35:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Basics
[2012/05/19 00:35:22 | 000,000,268 | RH-- | C] () -- C:\Users\Lodge\AppData\Roaming\Super Strings
[2012/05/19 00:34:27 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2012/05/19 00:30:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/05/18 22:51:43 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/18 22:51:43 | 000,002,245 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/18 22:48:01 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 22:47:59 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 22:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/05/18 22:16:15 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/18 22:16:15 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/18 20:42:31 | 000,001,371 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/18 17:54:53 | 000,001,415 | ---- | C] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/18 17:54:50 | 000,001,449 | ---- | C] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/18 17:54:22 | 000,000,290 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/18 17:54:22 | 000,000,272 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/29 14:36:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/29 14:36:31 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/29 14:36:31 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/29 14:36:30 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/29 14:36:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_6B071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_5B011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_3B011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_1C011461_61.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2012/02/29 14:36:17 | 000,000,436 | ---- | C] () -- C:\Windows\11317231_1C0F1461_41.bin
[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin
[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2012/02/29 14:36:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2012/02/29 14:36:17 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_0B001461_aa.bin
[2012/02/29 14:36:17 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2012/02/29 13:23:03 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2012/02/29 13:09:40 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

========== LOP Check ==========

[2012/05/21 16:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\Dropbox
[2012/05/21 14:50:30 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\Juniper Networks
[2012/05/19 00:35:25 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\Nikon
[2012/05/19 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\WirelessManager
[2012/05/19 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\WMCore
[2009/07/14 01:08:49 | 000,008,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


----------------------------------------------------------------------------

Extras:


OTL Extras logfile created on: 5/21/2012 4:33:09 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Lodge\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 79.52% Memory free
15.79 Gb Paging File | 14.01 Gb Available in Paging File | 88.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.96 Gb Total Space | 559.22 Gb Free Space | 81.64% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 6.26 Gb Free Space | 45.76% Space Free | Partition Type: NTFS

Computer Name: MININT-A5BLASO | User Name: Lodge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CA732AE-895E-4BAE-8DCB-B01A9D150D6F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17402CA8-6336-4794-95E8-3ECBFDA181C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2883D20D-3C26-4F02-95F9-0CC356BC2E01}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BE28BA0-882A-4C0E-B6F6-25C1FF783892}" = rport=137 | protocol=17 | dir=out | app=system |
"{2E517438-4FC8-4AF8-B643-D81D8AEF5CBC}" = lport=445 | protocol=6 | dir=in | app=system |
"{42212447-7DD3-4871-AC1D-828C790917F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{453F7CB3-8042-43C1-95D8-FE24B79569AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{587CC405-8495-4D4F-8654-AC34FD7BABB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E2CC08E-835C-4BE9-9809-9521A8C4AC38}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{78788B0B-156B-4383-8C37-53CC8A6543F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82CEC8B2-0734-4C18-8CBA-FC9A8266B879}" = lport=10243 | protocol=6 | dir=in | app=system |
"{837CC0D7-EB17-435F-9FE6-EDD123E17390}" = rport=10243 | protocol=6 | dir=out | app=system |
"{842716A2-30C6-41A4-A406-7A11555E48D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8CC22EFD-7EC9-48CB-A260-51895E159DCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A81A1D92-33BA-411D-B1F7-5E61F0D16AA1}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFE118D5-986F-4457-A3A4-310CE079ADDD}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE9D9663-7DC5-4ECC-B8B6-06EBD320CC6C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E189AE71-9636-4CBF-9071-38E10C25BE75}" = rport=445 | protocol=6 | dir=out | app=system |
"{E61D5925-17CD-43BC-86D2-8362B29143E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC9BCBDF-5DEB-4154-9929-38F906C1E37D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3FEA592-3F6D-4E86-A3FE-398DACA94B90}" = lport=137 | protocol=17 | dir=in | app=system |
"{F60E466C-5F1B-489F-82EC-790DDE9A5011}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F9E1F9BA-C6CB-4CDF-914C-CB78A0349755}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE66AE34-BED9-4FBC-A05D-115D40042479}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A5F275-8046-4B98-96EB-1FEC8EA60A23}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{205FD176-2B36-41C7-82F6-9BEA9CBCE602}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21EDBF26-AF36-4F6C-86FC-802502377997}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{34ADB4A9-0B2F-40DC-B1EE-A789E68EFD28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3559B40F-29B6-47CB-8038-5FEBA0F2B90B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3954226C-EDEE-4AD1-869B-80F4A2F156B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D6EEE59-65FB-4D0A-827D-15205E48C45B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4656444A-9524-4EF6-A543-7B9A8294F5F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{501DBC82-71A9-41CF-8693-92B9EC75818F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5655A8C7-F300-49BB-8F50-A18E89CFAA03}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5BD89F7E-25FE-4229-A608-45F90CB51CC5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{5EA7416F-1E39-43CE-9B58-53ECAF7EAC23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{659139B7-45D6-4B59-A1E2-3FB2F8767A0F}" = protocol=6 | dir=out | app=system |
"{6EEC5880-CAEF-42A4-87B2-81720104E76D}" = protocol=17 | dir=in | app=c:\users\lodge\appdata\roaming\dropbox\bin\dropbox.exe |
"{764A9315-2BB0-4EFE-9F46-8408E598998A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{77C03D14-225B-4546-9253-9D21900DD482}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{816EF729-C45A-44C9-9D30-3DEB67DD704A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{86E6AEB1-AE81-42D3-8F9E-3402113673B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F69D31E-086B-4BC0-9BC0-5EEF8093E772}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9161D0D4-0ADF-40EA-BFC2-FC53E24C1C6B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{94506B96-C1CB-439A-B902-5280989E0126}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C15E7F22-25B8-4046-ABAC-5B967CCAFF2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE0B9DF1-B5D3-40E9-8F79-89935D06C6F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D31DCAB0-31BB-4BEA-B045-77E6E70B0CC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DB0E1B9E-4DB8-4930-8C71-3D5BB1310588}" = protocol=6 | dir=in | app=c:\users\lodge\appdata\roaming\dropbox\bin\dropbox.exe |
"{DB72511E-E124-41C3-BEE6-D0D44C30DBAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7B7F93F-A488-485C-9B95-22558371EF1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6A59772-3A0F-4FAF-9CFF-3FD8A3CFC9D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DC8F0C18-E6B0-4722-A4AB-D134473091C2}" = Topaz DeJpeg 4 (64-bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4800D75D-4697-4D6B-9B3B-0BF36245B95C}" = RSA SecurID Token for Windows Desktops
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Capture NX 2" = Capture NX 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.93
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz Adjust 5 (64-bit)" = Topaz Adjust 5 (64-bit)
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeJpeg 4 (64-bit)" = Topaz DeJpeg 4 (64-bit)
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2012 12:45:26 AM | Computer Name = MININT-A5BLASO | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 5/19/2012 3:35:41 AM | Computer Name = MININT-A5BLASO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/19/2012 3:36:02 AM | Computer Name = MININT-A5BLASO | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/19/2012 11:47:38 AM | Computer Name = MININT-A5BLASO | Source = MsiInstaller | ID = 1013
Description =

Error - 5/19/2012 12:10:38 PM | Computer Name = MININT-A5BLASO | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2012 12:16:44 PM | Computer Name = MININT-A5BLASO | Source = MsiInstaller | ID = 11935
Description =

Error - 5/19/2012 12:17:38 PM | Computer Name = MININT-A5BLASO | Source = MsiInstaller | ID = 11935
Description =

Error - 5/19/2012 12:35:50 PM | Computer Name = MININT-A5BLASO | Source = Application Error | ID = 1000
Description = Faulting application name: mini_WMCore.exe, version: 0.0.0.0, time
stamp: 0x4b6195d7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73496c9c Faulting process id: 0xa10 Faulting application
start time: 0x01cd35d9eaa49ebe Faulting application path: C:\Program Files (x86)\Dell\Dell
WWAN\WMCore\mini_WMCore.exe Faulting module path: unknown Report Id: b1385f58-a1d0-11e1-beff-88532e9936f7

Error - 5/19/2012 12:38:27 PM | Computer Name = MININT-A5BLASO | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2012 8:28:57 PM | Computer Name = MININT-A5BLASO | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/19/2012 8:02:07 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 8:02:07 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 8:12:57 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 8:12:57 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 9:14:19 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 9:14:07 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 10:14:52 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 10:14:41 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:43:34 AM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 11:43:16 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 5:24:40 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 5:24:24 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:47:42 AM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0
Description = 9:47:42 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 5/19/2012 8:52:55 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:09 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:24 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:33 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:40 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:48 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:55 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:54:02 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:54:11 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:54:18 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

[MrCharlie]

Please do this:
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search"
  [2012/05/21 12:35:34 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------------------------------

It's also listed in Chrome as an Extension:

Quote

CHR - Extension: WhiteSmoke US = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\2.3.9.0_0\

You should be able to disable it by copying this in to Google Chrome's address bar and hit Enter:

chrome:extensions

Also check Plugins the same way.

chrome:plugins

Let me know, MrC

[ktblue]

Allrightie, sir, here you go. FYI: upon requested reboot--I no longer see the toolbar... Cautiously optimistic... (?)

OTL log
---------------------------------
All processes killed
========== OTL ==========
Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.defaultthis.engineName
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\searchplugin folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\components folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome folder moved successfully.
C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} folder moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lodge

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lodge
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47389496 bytes
->FireFox cache emptied: 117947547 bytes
->Google Chrome cache emptied: 68275765 bytes
->Flash cache emptied: 6152 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 223.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05212012_172328

Files\Folders moved on Reboot...
C:\Users\Lodge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[MrCharlie]

Looks Good......it's OK now??

MrC

[ktblue]

Yes, so far so good. No trace right now. If this indeed is fixed...I can't begin to thank you enough...such kindness to a stranger. Thank you.
Now, question: This came about with a download of super.exe (super converter.) I still need to access that program--but am now afraid if I activate it I'll reifect myself. Are you familiar with this issue enough to know if I should go ahead delete the program entirely -- or whether I'd be safe to kick it up now?

[MrCharlie]

Give me a link to the program and I'll install it on my machine and see if that's the culprit.

MrC

[ktblue]

Here it is... been downloading this program for years with no problem. Google tells me others have found this same trojan via the link in the past, but the software folks said they'd fixed it.....not so much perhaps?

http://www.erightsof...?SUPERsetup.exe