Jump to content

Whitesmoke Toolbar hijack! can you help?


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Mr. Charlie, you rock. Here are the logs:

DDS:

---------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Lodge at 13:35:19 on 2012-05-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6120 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Avast\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe

C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Firefox\firefox.exe

C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Firefox\plugin-container.exe

C:\Program Files (x86)\Firefox\plugin-container.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

uDefault_Page_URL = www.dell.com

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll

uRun: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui

mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Lodge\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{72239310-0BE3-4CF7-A7D4-AC222947244A} : DhcpNameServer = 192.168.0.1

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll

BHO-X64: Fantapper - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui

mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-29 98208]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast\AvastSvc.exe [2012-5-18 44768]

R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2012-4-23 14336]

R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-18 136176]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-19 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-18 136176]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-18 129976]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-21 17:22:16 -------- d-----w- C:\Program Files (x86)\Revo Uninstaller

2012-05-21 16:44:19 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Malwarebytes

2012-05-21 16:44:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-21 16:44:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-21 16:44:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes

2012-05-21 16:35:51 -------- d-----w- C:\Program Files (x86)\SUPER

2012-05-21 16:35:39 -------- d-----w- C:\Users\Lodge\AppData\Local\CRE

2012-05-21 16:35:30 -------- d-----w- C:\Program Files (x86)\Conduit

2012-05-21 16:35:29 -------- d-----w- C:\Users\Lodge\AppData\Local\Conduit

2012-05-21 16:35:23 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo

2012-05-21 16:34:59 -------- d-----w- C:\Program Files (x86)\eRightSoft

2012-05-21 15:57:13 -------- d-----r- C:\Users\Lodge\Dropbox

2012-05-21 15:50:32 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Dropbox

2012-05-21 15:40:42 -------- d-----w- C:\Users\Lodge\AppData\Local\RSA

2012-05-21 15:38:49 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token for Windows

2012-05-21 15:38:49 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token Common

2012-05-20 20:43:04 -------- dc-h--w- C:\ProgramData\{F7D319B6-E312-49A7-AA67-4737E676DD03}

2012-05-20 20:42:56 -------- dc-h--w- C:\ProgramData\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}

2012-05-20 20:39:32 -------- dc-h--w- C:\ProgramData\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}

2012-05-20 20:39:31 -------- d-----w- C:\Program Files\Common Files\Topaz Labs

2012-05-20 20:39:26 -------- dc-h--w- C:\ProgramData\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}

2012-05-20 20:39:25 -------- d-----w- C:\Program Files (x86)\Topaz Labs

2012-05-20 20:39:25 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs

2012-05-20 20:38:59 -------- d-----w- C:\Users\Lodge\AppData\Local\PackageAware

2012-05-20 15:41:17 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2012-05-20 04:56:20 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-05-20 00:02:18 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-05-20 00:02:03 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-05-20 00:01:30 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-05-20 00:01:21 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-05-20 00:00:47 -------- d-----w- C:\Program Files\PlayReady

2012-05-19 17:32:17 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-05-19 17:32:15 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\mpengine.dll

2012-05-19 16:35:33 -------- d-----w- C:\Windows\SysWow64\Wat

2012-05-19 16:35:33 -------- d-----w- C:\Windows\System32\Wat

2012-05-19 16:15:27 -------- d-----w- C:\Users\Lodge\AppData\Local\Diagnostics

2012-05-19 16:14:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-05-19 16:14:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-05-19 16:14:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-05-19 16:14:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-05-19 16:14:31 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-05-19 16:14:31 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-05-19 16:14:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-05-19 16:11:08 -------- d-----w- C:\Users\Lodge\AppData\Roaming\WMCore

2012-05-19 16:11:01 -------- d-----w- C:\Users\Lodge\AppData\Roaming\WirelessManager

2012-05-19 15:47:30 -------- d-----w- C:\Windows\Downloaded Installations

2012-05-19 15:46:07 -------- d-----w- C:\Program Files (x86)\Dell

2012-05-19 15:43:32 -------- d-----w- C:\Users\Lodge\AppData\Local\BVRP Software

2012-05-19 15:43:32 -------- d-----w- C:\Program Files (x86)\Netwaiting

2012-05-19 14:59:15 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Dell

2012-05-19 14:52:02 -------- d-----w- C:\Users\Lodge\AppData\Local\Deployment

2012-05-19 14:52:02 -------- d-----w- C:\Users\Lodge\AppData\Local\Apps

2012-05-19 06:37:13 -------- d-----w- C:\ProgramData\ALM

2012-05-19 06:23:25 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Roxio Burn

2012-05-19 05:25:40 -------- d-----w- C:\Windows\SysWow64\spool

2012-05-19 05:23:41 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2012-05-19 05:22:29 -------- d-----w- C:\Users\Lodge\AppData\Local\Adobe

2012-05-19 05:22:15 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2012-05-19 04:46:39 335872 ----a-r- C:\Users\Lodge\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2012-05-19 04:46:21 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies

2012-05-19 04:46:19 -------- d-----w- C:\Program Files (x86)\Nikon Transfer

2012-05-19 04:35:25 -------- d-----w- C:\Users\Lodge\AppData\Local\Nikon

2012-05-19 04:35:22 -------- d-----w- C:\ProgramData\Machines

2012-05-19 04:32:53 49152 ----a-r- C:\Users\Lodge\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2012-05-19 04:32:31 57344 ----a-r- C:\Users\Lodge\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2012-05-19 04:31:50 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon

2012-05-19 04:31:43 -------- d-----w- C:\Program Files (x86)\Capture NX 2

2012-05-19 04:30:49 -------- d-----w- C:\Users\Lodge\AppData\Roaming\Macrovision

2012-05-19 02:16:18 -------- d-----w- C:\Users\Lodge\AppData\Local\Mozilla

2012-05-19 02:16:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-05-19 02:16:12 -------- d-----w- C:\Program Files (x86)\Firefox

2012-05-19 00:50:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-19 00:50:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 23:09:58 142336 ----a-w- C:\Windows\System32\poqexec.exe

2012-05-18 23:08:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-05-18 23:08:04 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2012-05-18 23:08:04 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2012-05-18 23:08:04 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2012-05-18 23:06:43 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-05-18 23:06:43 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-05-18 23:06:35 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-05-18 23:06:35 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-05-18 23:06:35 331776 ----a-w- C:\Windows\System32\oleacc.dll

2012-05-18 23:06:35 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2012-05-18 23:06:27 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-05-18 23:06:27 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-05-18 23:06:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-05-18 23:06:23 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-05-18 23:06:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-18 23:05:52 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-18 23:05:52 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-18 23:05:52 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-18 23:05:52 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-18 23:05:52 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-18 23:05:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-05-18 23:05:40 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-05-18 23:05:26 77312 ----a-w- C:\Windows\System32\packager.dll

2012-05-18 23:05:26 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-05-18 21:56:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-05-18 21:56:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-05-18 21:56:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-05-18 21:56:03 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-05-18 21:56:03 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-05-18 21:56:03 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-05-18 21:56:03 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-04-23 21:21:34 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2012-04-23 21:21:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2012-04-23 21:21:34 138056 ----a-w- C:\Windows\SysWow64\atl100.dll

.

==================== Find3M ====================

.

2012-05-19 04:45:54 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL

2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-29 17:26:28 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-02-29 17:26:27 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-02-29 17:26:27 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-02-29 17:23:03 75 --sh--r- C:\Windows\CT4CET.bin

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2006-05-03 15:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 16:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 18:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 13:35:47.56 ===============

-----------------------------------------------------------------------------------------------------------------------

Here is the attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/18/2012 5:54:21 PM

System Uptime: 5/21/2012 1:25:37 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0XN71K

Processor: Intel® Core i7-2760QM CPU @ 2.40GHz | CPU | 2376/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 685 GiB total, 560.911 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 6.314 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP3: 5/21/2012 12:58:17 PM - restore521

.

==== Installed Programs ======================

.

Acrobat.com

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Template Projects & Footage

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 American English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Reader X (10.1.3)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advanced Audio FX Engine

avast! Free Antivirus

Capture NX 2

Connect

CyberLink PowerDVD 9.5

Dell Driver Download Manager

Dell Mobile Broadband Manager

Dell Webcam Central

Dell Wireless HSPA Mini-Card Drivers

DirectX 9 Runtime

Dropbox

Fantapper Player

Fantapper Updater

File Uploader

Google Chrome

Google Update Helper

InstallVC90Support

Intel® Processor Graphics

Junk Mail filter update

kuler

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Netwaiting

Nikon Message Center

Nikon Transfer

PDF Settings CS4

Photoshop Camera Raw

PhotoShowExpress

Picture Control Utility

Pixel Bender Toolkit

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller 1.93

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

RSA SecurID Token for Windows Desktops

Sonic CinePlayer Decoder Pack

Suite Shared Configuration CS4

SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51

Topaz Adjust 5

Topaz Adjust 5 (64-bit)

Topaz DeJpeg 4

Topaz DeJpeg 4 (64-bit)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

5/20/2012 5:24:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

5/19/2012 12:38:07 PM, Error: Service Control Manager [7023] -

5/19/2012 12:35:54 PM, Error: Service Control Manager [7038] - The avast! Antivirus service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/19/2012 12:35:54 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not start due to a logon failure.

5/19/2012 12:35:51 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/19/2012 12:35:51 PM, Error: Service Control Manager [7031] - The Mobile Broadband Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/19/2012 12:35:51 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

5/19/2012 12:35:49 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/19/2012 12:17:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).

5/19/2012 12:17:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).

5/19/2012 12:12:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

5/19/2012 12:12:35 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/19/2012 12:09:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

5/19/2012 1:52:38 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

.

==== End Of File ===========================

Link to post
Share on other sites

Here is the Rogue report:

-------------------------------------------------------

RogueKiller V7.4.5 [05/18/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Lodge [Admin rights]

Mode: Scan -- Date: 05/21/2012 13:40:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] 1174604c9a98154a461df6578a51b886

[bSP] 39ffb7bc106af253d9ff87357d0a091a : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 701402 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436473344 | Size: 14000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

I strongly suggest you uninstall these:

Fantapper Player

Fantapper Updater

Here's why:

http://www.systemloo...taller_dll.html

-------------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok, uninstalled fantapper(s), disabled the Avast before running, closed Firefox and ran the combofix from desktop. Reopened FF--toolbar still there, fyi

Here are the Combofix results.

--------------------------------------------------

ComboFix 12-05-21.05 - Lodge 05/21/2012 14:11:43.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6175 [GMT -4:00]

Running from: c:\users\Lodge\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\NetServices

.

.

((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))

.

.

2012-05-21 18:16 . 2012-05-21 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 18:12 . 2012-05-21 18:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\offreg.dll

2012-05-21 17:22 . 2012-05-21 17:22 -------- d-----w- c:\program files (x86)\Revo Uninstaller

2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\programdata\Malwarebytes

2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes

2012-05-21 16:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\SUPER

2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\Conduit

2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\iNTERNET Turbo

2012-05-21 16:34 . 2012-05-21 16:34 -------- d-----w- c:\program files (x86)\eRightSoft

2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token for Windows

2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token Common

2012-05-20 20:43 . 2012-05-20 20:43 -------- dc-h--w- c:\programdata\{F7D319B6-E312-49A7-AA67-4737E676DD03}

2012-05-20 20:42 . 2012-05-20 20:42 -------- dc-h--w- c:\programdata\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}

2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}

2012-05-20 20:39 . 2012-05-20 20:43 -------- d-----w- c:\program files\Common Files\Topaz Labs

2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}

2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Topaz Labs

2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs

2012-05-20 15:41 . 2012-05-20 15:41 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-05-20 04:56 . 2012-05-20 04:56 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-05-20 02:30 . 2012-05-20 17:53 -------- d-----w- c:\programdata\FLEXnet

2012-05-20 00:02 . 2012-05-20 00:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-05-20 00:02 . 2012-05-20 00:02 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-05-20 00:01 . 2012-05-20 00:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-05-20 00:01 . 2012-05-20 00:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-05-20 00:00 . 2012-05-20 00:00 -------- d-----w- c:\program files\PlayReady

2012-05-19 17:32 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\mpengine.dll

2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\SysWow64\Wat

2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\system32\Wat

2012-05-19 16:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-05-19 16:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-05-19 16:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-05-19 16:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-05-19 16:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-05-19 16:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-05-19 16:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\windows\Downloaded Installations

2012-05-19 15:46 . 2012-05-19 15:49 -------- d-----w- c:\program files (x86)\Dell

2012-05-19 15:43 . 2012-05-19 15:43 -------- d-----w- c:\program files (x86)\Netwaiting

2012-05-19 06:37 . 2012-05-19 06:37 -------- d-----w- c:\programdata\ALM

2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\windows\SysWow64\spool

2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\program files (x86)\Adobe Media Player

2012-05-19 05:24 . 2012-05-19 05:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-05-19 05:23 . 2012-05-19 05:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-05-19 05:23 . 2012-05-20 02:54 -------- d-----w- c:\program files\Common Files\Adobe

2012-05-19 05:22 . 2012-05-19 05:22 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-05-19 04:31 . 2012-05-19 04:46 -------- d-----w- c:\program files (x86)\Common Files\Nikon

2012-05-19 04:31 . 2012-05-19 04:31 -------- d-----w- c:\program files (x86)\Capture NX 2

2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\Ultima_T15

2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\EnterNHelp

2012-05-19 02:47 . 2012-05-19 02:51 -------- d-----w- c:\program files (x86)\Google

2012-05-19 02:47 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-05-19 02:47 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-05-19 02:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-19 02:47 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-05-19 02:47 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-05-19 02:47 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-05-19 02:47 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-05-19 02:47 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-05-19 02:47 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-05-19 02:47 . 2012-05-19 16:09 -------- d-----w- c:\program files\Avast

2012-05-19 02:47 . 2012-05-19 02:47 -------- d-----w- c:\programdata\AVAST Software

2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Firefox

2012-05-19 00:50 . 2012-05-20 17:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-19 00:50 . 2012-05-20 17:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\SysWow64\Macromed

2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\system32\Macromed

2012-05-18 23:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-05-18 23:08 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2012-05-18 23:08 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2012-05-18 23:08 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2012-05-18 23:08 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2012-05-18 23:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-05-18 23:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-05-18 23:06 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2012-05-18 23:06 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2012-05-18 23:06 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2012-05-18 23:06 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2012-05-18 23:06 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2012-05-18 23:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-05-18 23:06 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2012-05-18 23:06 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-05-18 23:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-18 23:05 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-18 23:05 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-18 23:05 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-18 23:05 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-18 23:05 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-18 23:05 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-05-18 23:05 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-05-18 23:05 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-05-18 23:05 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-05-18 21:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-05-18 21:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-05-18 21:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-05-18 21:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-05-18 21:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-05-18 21:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-05-18 21:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-05-18 21:54 . 2012-05-21 15:57 -------- d-----w- c:\users\Lodge

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-19 04:45 . 2003-03-19 01:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL

2012-02-29 17:26 . 2012-02-29 17:26 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-02-29 17:26 . 2012-02-29 17:26 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-02-29 17:26 . 2012-02-29 17:26 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-02-29 17:14 . 2012-02-29 17:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-29 17:14 . 2012-02-29 17:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-29 17:14 . 2012-02-29 17:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-29 17:14 . 2012-02-29 17:14 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-29 17:14 . 2012-02-29 17:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-02-29 17:14 . 2012-02-29 17:14 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-02-29 17:14 . 2012-02-29 17:14 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-29 17:14 . 2012-02-29 17:14 448512 ----a-w- c:\windows\system32\html.iec

2012-02-29 17:14 . 2012-02-29 17:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-02-29 17:14 . 2012-02-29 17:14 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-02-29 17:14 . 2012-02-29 17:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-02-29 17:14 . 2012-02-29 17:14 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-29 17:14 . 2012-02-29 17:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-29 17:14 . 2012-02-29 17:14 222208 ----a-w- c:\windows\system32\msls31.dll

2012-02-29 17:14 . 2012-02-29 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-29 17:14 . 2012-02-29 17:14 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-02-29 17:14 . 2012-02-29 17:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-02-29 17:14 . 2012-02-29 17:14 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-29 17:14 . 2012-02-29 17:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-02-29 17:14 . 2012-02-29 17:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-02-29 17:14 . 2012-02-29 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-29 17:14 . 2012-02-29 17:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-29 17:14 . 2012-02-29 17:14 12288 ----a-w- c:\windows\system32\mshta.exe

2012-02-29 17:14 . 2012-02-29 17:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-02-29 17:14 . 2012-02-29 17:14 114176 ----a-w- c:\windows\system32\admparse.dll

2012-02-29 17:14 . 2012-02-29 17:14 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-29 17:14 . 2012-02-29 17:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-02-29 17:14 . 2012-02-29 17:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2006-05-03 15:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 16:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 18:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-06-04 193064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"avast"="c:\program files\Avast\avastUI.exe" [2012-03-06 4241512]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

c:\users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-19 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-17 317248]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-08-29 4146848]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:4c,de,b9,b8,7b,37,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-21 14:17:51

ComboFix-quarantined-files.txt 2012-05-21 18:17

.

Pre-Run: 601,579,790,336 bytes free

Post-Run: 601,422,823,424 bytes free

.

- - End Of File - - 50993F51BC81B9E1625727A450D3954B

Link to post
Share on other sites

Note: prior to writing here, I had "uninstalled" Whitesmoke via Add/Remove control panel. See now that I shouldnt have done that, but it's too late...

I missed this post and it's OK that you did uninstall it.

-----------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

Firefox::

FF - ProfilePath - c:\users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

Folder::

c:\program files (x86)\Conduit

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

NO reboot requested, so I did not... did as requested, toolbar remains. Here are the results:

ComboFix 12-05-21.05 - Lodge 05/21/2012 15:48:25.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6242 [GMT -4:00]

Running from: c:\users\Lodge\Desktop\ComboFix.exe

Command switches used :: c:\users\Lodge\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))

.

.

2012-05-21 19:52 . 2012-05-21 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 19:27 . 2012-05-21 19:27 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{498C3C16-B8C5-4DF4-8656-4F1270C56ABA}\offreg.dll

2012-05-21 19:12 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{498C3C16-B8C5-4DF4-8656-4F1270C56ABA}\mpengine.dll

2012-05-21 19:09 . 2012-05-21 19:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-05-21 19:09 . 2012-05-21 19:09 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-21 19:08 . 2012-05-21 19:08 -------- d-----w- C:\8efce6287315c8de9a4a1357a35853

2012-05-21 18:12 . 2012-05-21 18:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\offreg.dll

2012-05-21 17:22 . 2012-05-21 17:22 -------- d-----w- c:\program files (x86)\Revo Uninstaller

2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\programdata\Malwarebytes

2012-05-21 16:44 . 2012-05-21 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes

2012-05-21 16:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\SUPER

2012-05-21 16:35 . 2012-05-21 16:35 -------- d-----w- c:\program files (x86)\iNTERNET Turbo

2012-05-21 16:34 . 2012-05-21 16:34 -------- d-----w- c:\program files (x86)\eRightSoft

2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token for Windows

2012-05-21 15:38 . 2012-05-21 15:38 -------- d-----w- c:\program files (x86)\RSA SecurID Token Common

2012-05-20 20:43 . 2012-05-20 20:43 -------- dc-h--w- c:\programdata\{F7D319B6-E312-49A7-AA67-4737E676DD03}

2012-05-20 20:42 . 2012-05-20 20:42 -------- dc-h--w- c:\programdata\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}

2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}

2012-05-20 20:39 . 2012-05-20 20:43 -------- d-----w- c:\program files\Common Files\Topaz Labs

2012-05-20 20:39 . 2012-05-20 20:39 -------- dc-h--w- c:\programdata\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}

2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Topaz Labs

2012-05-20 20:39 . 2012-05-20 20:42 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs

2012-05-20 15:41 . 2012-05-20 15:41 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-05-20 04:56 . 2012-05-20 04:56 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-05-20 02:30 . 2012-05-20 17:53 -------- d-----w- c:\programdata\FLEXnet

2012-05-20 00:02 . 2012-05-20 00:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-05-20 00:02 . 2012-05-20 00:02 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-05-20 00:01 . 2012-05-20 00:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-05-20 00:01 . 2012-05-20 00:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-05-20 00:00 . 2012-05-20 00:00 -------- d-----w- c:\program files\PlayReady

2012-05-19 17:32 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{981DE2A5-53F2-4FB9-96AE-A59B169095EC}\mpengine.dll

2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\SysWow64\Wat

2012-05-19 16:35 . 2012-05-19 16:35 -------- d-----w- c:\windows\system32\Wat

2012-05-19 16:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-05-19 16:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-05-19 16:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-05-19 16:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-05-19 16:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-05-19 16:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-05-19 16:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-05-19 15:47 . 2012-05-19 15:47 -------- d-----w- c:\windows\Downloaded Installations

2012-05-19 15:46 . 2012-05-19 15:49 -------- d-----w- c:\program files (x86)\Dell

2012-05-19 15:43 . 2012-05-19 15:43 -------- d-----w- c:\program files (x86)\Netwaiting

2012-05-19 06:37 . 2012-05-19 06:37 -------- d-----w- c:\programdata\ALM

2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\windows\SysWow64\spool

2012-05-19 05:25 . 2012-05-19 05:25 -------- d-----w- c:\program files (x86)\Adobe Media Player

2012-05-19 05:24 . 2012-05-19 05:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-05-19 05:23 . 2012-05-19 05:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-05-19 05:23 . 2012-05-20 02:54 -------- d-----w- c:\program files\Common Files\Adobe

2012-05-19 05:22 . 2012-05-19 05:22 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-05-19 04:31 . 2012-05-19 04:46 -------- d-----w- c:\program files (x86)\Common Files\Nikon

2012-05-19 04:31 . 2012-05-19 04:31 -------- d-----w- c:\program files (x86)\Capture NX 2

2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\Ultima_T15

2012-05-19 04:30 . 2012-05-19 04:45 -------- d-----w- c:\programdata\EnterNHelp

2012-05-19 02:47 . 2012-05-19 02:51 -------- d-----w- c:\program files (x86)\Google

2012-05-19 02:47 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-19 02:47 . 2012-05-21 19:17 -------- d-----w- c:\programdata\AVAST Software

2012-05-19 02:47 . 2012-05-21 19:17 -------- d-----w- c:\program files\Avast

2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-19 02:16 . 2012-05-19 02:16 -------- d-----w- c:\program files (x86)\Firefox

2012-05-19 00:50 . 2012-05-20 17:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-19 00:50 . 2012-05-20 17:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\SysWow64\Macromed

2012-05-19 00:50 . 2012-05-19 00:50 -------- d-----w- c:\windows\system32\Macromed

2012-05-18 23:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-05-18 23:08 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2012-05-18 23:08 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2012-05-18 23:08 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2012-05-18 23:08 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2012-05-18 23:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-05-18 23:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-05-18 23:06 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2012-05-18 23:06 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2012-05-18 23:06 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2012-05-18 23:06 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2012-05-18 23:06 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2012-05-18 23:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-05-18 23:06 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2012-05-18 23:06 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-05-18 23:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-18 23:05 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-18 23:05 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-18 23:05 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-18 23:05 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-18 23:05 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-18 23:05 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-05-18 23:05 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-05-18 23:05 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-05-18 23:05 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-05-18 21:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-05-18 21:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-05-18 21:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-05-18 21:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-05-18 21:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-05-18 21:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-05-18 21:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-05-18 21:54 . 2012-05-21 19:27 -------- d-----w- c:\users\Lodge

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-19 04:45 . 2003-03-19 01:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL

2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-02-29 17:26 . 2012-02-29 17:26 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-02-29 17:26 . 2012-02-29 17:26 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-02-29 17:26 . 2012-02-29 17:26 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-02-29 17:14 . 2012-02-29 17:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-29 17:14 . 2012-02-29 17:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-29 17:14 . 2012-02-29 17:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-29 17:14 . 2012-02-29 17:14 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-29 17:14 . 2012-02-29 17:14 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-29 17:14 . 2012-02-29 17:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-29 17:14 . 2012-02-29 17:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-02-29 17:14 . 2012-02-29 17:14 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-02-29 17:14 . 2012-02-29 17:14 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-02-29 17:14 . 2012-02-29 17:14 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-29 17:14 . 2012-02-29 17:14 448512 ----a-w- c:\windows\system32\html.iec

2012-02-29 17:14 . 2012-02-29 17:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-02-29 17:14 . 2012-02-29 17:14 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-02-29 17:14 . 2012-02-29 17:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-02-29 17:14 . 2012-02-29 17:14 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-29 17:14 . 2012-02-29 17:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-29 17:14 . 2012-02-29 17:14 222208 ----a-w- c:\windows\system32\msls31.dll

2012-02-29 17:14 . 2012-02-29 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-29 17:14 . 2012-02-29 17:14 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-02-29 17:14 . 2012-02-29 17:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-02-29 17:14 . 2012-02-29 17:14 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-29 17:14 . 2012-02-29 17:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-02-29 17:14 . 2012-02-29 17:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-02-29 17:14 . 2012-02-29 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-29 17:14 . 2012-02-29 17:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-29 17:14 . 2012-02-29 17:14 12288 ----a-w- c:\windows\system32\mshta.exe

2012-02-29 17:14 . 2012-02-29 17:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-02-29 17:14 . 2012-02-29 17:14 114176 ----a-w- c:\windows\system32\admparse.dll

2012-02-29 17:14 . 2012-02-29 17:14 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-29 17:14 . 2012-02-29 17:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-02-29 17:14 . 2012-02-29 17:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2006-05-03 15:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 16:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 18:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-21_18.16.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-05-21 19:19 29664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2012-02-29 17:08 . 2012-05-21 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-02-29 17:08 . 2012-05-21 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-02-29 17:08 . 2012-05-21 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-02-29 17:08 . 2012-05-21 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-21 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-21 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-05-21 19:09 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-05-19 02:34 . 2012-05-21 19:19 4454 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-558802021-4168072929-2660782545-1002_UserData.bin

- 2012-05-21 17:26 . 2012-05-21 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-21 17:26 . 2012-05-21 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-21 17:26 . 2012-05-21 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-21 17:26 . 2012-05-21 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2012-05-21 19:09 617460 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-21 19:09 104702 c:\windows\system32\perfc009.dat

+ 2010-11-21 03:27 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe

- 2010-11-21 03:27 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe

+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe

+ 2012-05-21 19:09 . 2012-05-21 19:09 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe

+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe

+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe

+ 2012-05-21 19:09 . 2012-05-21 19:09 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe

+ 2010-06-08 19:46 . 2010-06-08 19:46 402800 c:\windows\Downloaded Program Files\JuniperExt.exe

+ 2012-03-26 23:21 . 2012-03-26 23:21 7622656 c:\windows\Installer\5eb6f6.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2010-06-04 193064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

c:\users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-19 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 136176]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 02:47]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Lodge\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-17 317248]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:4c,de,b9,b8,7b,37,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,6b,8e,85,64,30,60,46,9e,c6,d5,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-21 15:54:01

ComboFix-quarantined-files.txt 2012-05-21 19:54

ComboFix2.txt 2012-05-21 19:08

ComboFix3.txt 2012-05-21 18:17

.

Pre-Run: 600,822,910,976 bytes free

Post-Run: 600,535,736,320 bytes free

.

- - End Of File - - 1ABC45CE36D9E088251354BD0840971D

Link to post
Share on other sites

I don't see it in the ComboFix log, try OTL.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thank you again, Mr C. Ran OTL, and here is the OTL log. Extras log will be posted in this message, below this:

OTL:

----------------------

OTL logfile created on: 5/21/2012 4:33:09 PM - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Lodge\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 79.52% Memory free

15.79 Gb Paging File | 14.01 Gb Available in Paging File | 88.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 684.96 Gb Total Space | 559.22 Gb Free Space | 81.64% Space Free | Partition Type: NTFS

Drive D: | 13.67 Gb Total Space | 6.26 Gb Free Space | 45.76% Space Free | Partition Type: NTFS

Computer Name: MININT-A5BLASO | User Name: Lodge | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 16:31:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lodge\Desktop\OTL.exe

PRC - [2012/05/04 14:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2010/10/01 18:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2010/06/10 23:56:14 | 000,320,880 | ---- | M] (Juniper Networks") -- C:\Users\Lodge\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe

PRC - [2010/06/08 18:46:20 | 000,529,776 | ---- | M] (Juniper Networks) -- C:\Users\Lodge\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe

PRC - [2010/06/04 15:47:44 | 000,193,064 | ---- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe

PRC - [2010/01/28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/21 09:47:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll

MOD - [2012/05/21 09:47:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll

MOD - [2012/05/21 09:47:23 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll

MOD - [2012/05/21 09:47:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll

MOD - [2012/05/19 12:46:31 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll

MOD - [2012/05/19 12:45:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012/05/19 12:42:59 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/19 12:42:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/19 12:42:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/19 12:42:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/19 12:42:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/19 12:41:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll

MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2010/02/12 14:53:46 | 000,058,880 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\MBMDebug.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/19 01:23:41 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/19 01:22:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010/01/28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/17 15:01:00 | 000,027,712 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/09/13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/09/13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/19 16:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/22 02:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/11/30 15:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/09/23 18:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/08/27 13:42:00 | 001,800,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)

DRV:64bit: - [2010/08/20 15:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/07/26 22:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E F2 58 72 8C 37 CD 01 [binary data]

IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search"

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012/05/18 22:16:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins

[2012/05/18 22:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Extensions

[2012/05/21 12:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions

[2012/05/21 12:35:34 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}

[2012/05/15 17:25:54 | 000,000,929 | ---- | M] () -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\searchplugins\conduit.xml

[2012/05/19 01:03:57 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\LODGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\47I18J1O.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll

CHR - Extension: WhiteSmoke US = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\2.3.9.0_0\

CHR - Extension: YouTube = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: StumbleUpon = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.5.7.1_0\

CHR - Extension: Hover Zoom = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.3_0\

CHR - Extension: Gmail = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/21 15:52:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKU\S-1-5-21-558802021-4168072929-2660782545-1002..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)

O4 - Startup: C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lodge\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.coxinc.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72239310-0BE3-4CF7-A7D4-AC222947244A}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 16:31:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lodge\Desktop\OTL.exe

[2012/05/21 16:00:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/21 15:54:03 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/05/21 15:27:01 | 000,000,000 | ---D | C] -- C:\Users\Lodge\2-Clark

[2012/05/21 15:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/05/21 15:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/05/21 15:08:52 | 000,000,000 | ---D | C] -- C:\8efce6287315c8de9a4a1357a35853

[2012/05/21 14:39:41 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks

[2012/05/21 14:39:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Juniper Networks

[2012/05/21 14:11:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/21 14:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/21 14:11:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/21 14:10:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/21 14:10:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/21 14:02:39 | 004,501,170 | R--- | C] (Swearware) -- C:\Users\Lodge\Desktop\ComboFix.exe

[2012/05/21 13:40:30 | 000,000,000 | ---D | C] -- C:\Users\Lodge\Desktop\RK_Quarantine

[2012/05/21 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/05/21 13:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Revo Uninstaller

[2012/05/21 12:44:19 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Malwarebytes

[2012/05/21 12:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

[2012/05/21 12:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/21 12:44:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/05/21 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes

[2012/05/21 12:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER Converter

[2012/05/21 12:36:29 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll

[2012/05/21 12:36:27 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2012/05/21 12:36:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2012/05/21 12:36:25 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2012/05/21 12:36:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2012/05/21 12:36:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2012/05/21 12:36:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2012/05/21 12:36:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2012/05/21 12:36:25 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2012/05/21 12:36:21 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2012/05/21 12:36:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2012/05/21 12:36:17 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2012/05/21 12:36:17 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2012/05/21 12:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPER

[2012/05/21 12:35:39 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\CRE

[2012/05/21 12:35:29 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Conduit

[2012/05/21 12:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNTERNET Turbo

[2012/05/21 12:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft

[2012/05/21 11:57:13 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Dropbox

[2012/05/21 11:50:48 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012/05/21 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Dropbox

[2012/05/21 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\RSA

[2012/05/21 11:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSA SecurID Token

[2012/05/21 11:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSA SecurID Token for Windows

[2012/05/21 11:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSA SecurID Token Common

[2012/05/21 10:31:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/05/20 16:43:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F7D319B6-E312-49A7-AA67-4737E676DD03}

[2012/05/20 16:42:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}

[2012/05/20 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs

[2012/05/20 16:39:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}

[2012/05/20 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs

[2012/05/20 16:39:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}

[2012/05/20 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs

[2012/05/20 16:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs

[2012/05/20 16:38:59 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\PackageAware

[2012/05/20 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse

[2012/05/20 11:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

[2012/05/20 00:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/05/19 22:31:34 | 000,000,000 | ---D | C] -- C:\Users\Lodge\Documents\Adobe

[2012/05/19 22:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2012/05/19 20:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady

[2012/05/19 12:35:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2012/05/19 12:35:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2012/05/19 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Diagnostics

[2012/05/19 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\WMCore

[2012/05/19 12:11:01 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\WirelessManager

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404

[2012/05/19 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401

[2012/05/19 12:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics

[2012/05/19 11:47:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012/05/19 11:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless

[2012/05/19 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell

[2012/05/19 11:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting

[2012/05/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netwaiting

[2012/05/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\BVRP Software

[2012/05/19 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Dell

[2012/05/19 10:52:36 | 000,000,000 | ---D | C] -- C:\Users\Lodge\Documents\Drivers

[2012/05/19 10:52:13 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc

[2012/05/19 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Deployment

[2012/05/19 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Apps

[2012/05/19 02:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/05/19 02:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012/05/19 02:23:25 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Roxio Burn

[2012/05/19 01:25:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012/05/19 01:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player

[2012/05/19 01:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2012/05/19 01:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012/05/19 01:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4

[2012/05/19 01:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2012/05/19 01:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/05/19 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Adobe

[2012/05/19 01:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2012/05/19 00:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer

[2012/05/19 00:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies

[2012/05/19 00:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon

[2012/05/19 00:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon Transfer

[2012/05/19 00:35:25 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Nikon

[2012/05/19 00:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Machines

[2012/05/19 00:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon

[2012/05/19 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Nikon

[2012/05/19 00:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture NX 2

[2012/05/19 00:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Capture NX 2

[2012/05/19 00:30:49 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Macrovision

[2012/05/19 00:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15

[2012/05/19 00:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp

[2012/05/18 22:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/18 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Google

[2012/05/18 22:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/05/18 22:47:56 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/05/18 22:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/05/18 22:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avast

[2012/05/18 22:16:18 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Mozilla

[2012/05/18 22:16:18 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Mozilla

[2012/05/18 22:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/18 22:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/18 22:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox

[2012/05/18 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Macromedia

[2012/05/18 21:00:35 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Adobe

[2012/05/18 20:50:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2012/05/18 20:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/05/18 17:55:06 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Roxio

[2012/05/18 17:54:49 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/05/18 17:54:49 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Searches

[2012/05/18 17:54:49 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/05/18 17:54:49 | 000,000,000 | -H-D | C] -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/05/18 17:54:35 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Identities

[2012/05/18 17:54:31 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Contacts

[2012/05/18 17:54:29 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\VirtualStore

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\AppData\Local\Temporary Internet Files

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Templates

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Start Menu

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\SendTo

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Recent

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\PrintHood

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\NetHood

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Documents\My Videos

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Documents\My Pictures

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Documents\My Music

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\My Documents

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Local Settings

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\AppData\Local\History

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Cookies

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\Application Data

[2012/05/18 17:54:23 | 000,000,000 | -HSD | C] -- C:\Users\Lodge\AppData\Local\Application Data

[2012/05/18 17:54:22 | 000,000,000 | --SD | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Videos

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Saved Games

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Pictures

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Music

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Links

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Favorites

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Downloads

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Documents

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\Desktop

[2012/05/18 17:54:22 | 000,000,000 | R--D | C] -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/05/18 17:54:22 | 000,000,000 | -H-D | C] -- C:\Users\Lodge\AppData

[2012/05/18 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Temp

[2012/05/18 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Local\Microsoft

[2012/05/18 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\Lodge\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2012/05/21 16:31:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lodge\Desktop\OTL.exe

[2012/05/21 16:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/21 16:07:23 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/21 16:07:23 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/21 16:00:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/21 15:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/21 15:59:49 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/21 15:52:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/21 15:09:07 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/21 15:09:07 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/21 15:09:07 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/21 15:02:56 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/21 14:02:53 | 004,501,170 | R--- | M] (Swearware) -- C:\Users\Lodge\Desktop\ComboFix.exe

[2012/05/21 14:01:14 | 000,001,371 | ---- | M] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/21 13:22:16 | 000,001,104 | ---- | M] () -- C:\Users\Lodge\Desktop\Revo Uninstaller.lnk

[2012/05/21 12:44:16 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/21 11:57:13 | 000,001,053 | ---- | M] () -- C:\Users\Lodge\Desktop\Dropbox.lnk

[2012/05/21 11:50:55 | 000,001,063 | ---- | M] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/05/21 10:32:10 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/05/21 09:45:05 | 003,069,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/20 17:15:45 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT

[2012/05/20 17:00:18 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/20 11:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2012/05/19 11:46:07 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Dell Mobile Broadband Manager.lnk

[2012/05/19 00:46:21 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk

[2012/05/19 00:45:56 | 000,000,268 | RH-- | M] () -- C:\Users\Lodge\AppData\Roaming\Metadata Importer

[2012/05/19 00:45:56 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT

[2012/05/19 00:45:56 | 000,000,012 | RH-- | M] () -- C:\ProgramData\PPD Plugins

[2012/05/19 00:35:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Synth Basics

[2012/05/19 00:35:22 | 000,000,268 | RH-- | M] () -- C:\Users\Lodge\AppData\Roaming\Super Strings

[2012/05/19 00:34:27 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Capture NX 2.lnk

[2012/05/18 22:51:43 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/05/18 22:51:43 | 000,002,245 | ---- | M] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/05/18 22:47:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/05/18 22:16:15 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/18 18:52:48 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012/05/18 18:52:48 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/05/21 15:09:09 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/21 15:09:07 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/21 15:02:56 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/05/21 14:11:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/21 14:11:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/21 14:11:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/21 14:11:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/21 14:11:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/21 13:22:16 | 000,001,104 | ---- | C] () -- C:\Users\Lodge\Desktop\Revo Uninstaller.lnk

[2012/05/21 12:44:16 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/21 12:36:25 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2012/05/21 12:36:25 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2012/05/21 12:36:25 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2012/05/21 12:36:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2012/05/21 12:36:21 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2012/05/21 12:36:19 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2012/05/21 12:36:17 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2012/05/21 12:36:17 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2012/05/21 12:36:17 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2012/05/21 12:36:17 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2012/05/21 11:57:13 | 000,001,053 | ---- | C] () -- C:\Users\Lodge\Desktop\Dropbox.lnk

[2012/05/21 11:50:55 | 000,001,063 | ---- | C] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/05/21 10:32:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/05/21 10:32:10 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/05/20 11:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2012/05/19 11:46:07 | 000,002,316 | ---- | C] () -- C:\Users\Public\Desktop\Dell Mobile Broadband Manager.lnk

[2012/05/19 01:28:21 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk

[2012/05/19 00:46:21 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk

[2012/05/19 00:45:56 | 000,000,268 | RH-- | C] () -- C:\Users\Lodge\AppData\Roaming\Metadata Importer

[2012/05/19 00:45:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2012/05/19 00:45:56 | 000,000,012 | RH-- | C] () -- C:\ProgramData\PPD Plugins

[2012/05/19 00:35:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Basics

[2012/05/19 00:35:22 | 000,000,268 | RH-- | C] () -- C:\Users\Lodge\AppData\Roaming\Super Strings

[2012/05/19 00:34:27 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Capture NX 2.lnk

[2012/05/19 00:30:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT

[2012/05/18 22:51:43 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/05/18 22:51:43 | 000,002,245 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/05/18 22:48:01 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/18 22:47:59 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/18 22:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/05/18 22:16:15 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/05/18 22:16:15 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/18 20:42:31 | 000,001,371 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/18 17:54:53 | 000,001,415 | ---- | C] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/05/18 17:54:50 | 000,001,449 | ---- | C] () -- C:\Users\Lodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/05/18 17:54:22 | 000,000,290 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/05/18 17:54:22 | 000,000,272 | ---- | C] () -- C:\Users\Lodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/02/29 14:36:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/02/29 14:36:31 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/02/29 14:36:31 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/02/29 14:36:30 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/02/29 14:36:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_6B071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_5B011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_3B011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_1C011461_61.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin

[2012/02/29 14:36:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin

[2012/02/29 14:36:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin

[2012/02/29 14:36:17 | 000,000,436 | ---- | C] () -- C:\Windows\11317231_1C0F1461_41.bin

[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin

[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin

[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin

[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin

[2012/02/29 14:36:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin

[2012/02/29 14:36:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin

[2012/02/29 14:36:17 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_0B001461_aa.bin

[2012/02/29 14:36:17 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

[2012/02/29 13:23:03 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2012/02/29 13:09:40 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

========== LOP Check ==========

[2012/05/21 16:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\Dropbox

[2012/05/21 14:50:30 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\Juniper Networks

[2012/05/19 00:35:25 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\Nikon

[2012/05/19 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\WirelessManager

[2012/05/19 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lodge\AppData\Roaming\WMCore

[2009/07/14 01:08:49 | 000,008,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

----------------------------------------------------------------------------

Extras:

OTL Extras logfile created on: 5/21/2012 4:33:09 PM - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Lodge\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 79.52% Memory free

15.79 Gb Paging File | 14.01 Gb Available in Paging File | 88.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 684.96 Gb Total Space | 559.22 Gb Free Space | 81.64% Space Free | Partition Type: NTFS

Drive D: | 13.67 Gb Total Space | 6.26 Gb Free Space | 45.76% Space Free | Partition Type: NTFS

Computer Name: MININT-A5BLASO | User Name: Lodge | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0CA732AE-895E-4BAE-8DCB-B01A9D150D6F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{17402CA8-6336-4794-95E8-3ECBFDA181C1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2883D20D-3C26-4F02-95F9-0CC356BC2E01}" = rport=138 | protocol=17 | dir=out | app=system |

"{2BE28BA0-882A-4C0E-B6F6-25C1FF783892}" = rport=137 | protocol=17 | dir=out | app=system |

"{2E517438-4FC8-4AF8-B643-D81D8AEF5CBC}" = lport=445 | protocol=6 | dir=in | app=system |

"{42212447-7DD3-4871-AC1D-828C790917F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{453F7CB3-8042-43C1-95D8-FE24B79569AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{587CC405-8495-4D4F-8654-AC34FD7BABB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5E2CC08E-835C-4BE9-9809-9521A8C4AC38}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{78788B0B-156B-4383-8C37-53CC8A6543F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{82CEC8B2-0734-4C18-8CBA-FC9A8266B879}" = lport=10243 | protocol=6 | dir=in | app=system |

"{837CC0D7-EB17-435F-9FE6-EDD123E17390}" = rport=10243 | protocol=6 | dir=out | app=system |

"{842716A2-30C6-41A4-A406-7A11555E48D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8CC22EFD-7EC9-48CB-A260-51895E159DCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{A81A1D92-33BA-411D-B1F7-5E61F0D16AA1}" = lport=138 | protocol=17 | dir=in | app=system |

"{CFE118D5-986F-4457-A3A4-310CE079ADDD}" = rport=139 | protocol=6 | dir=out | app=system |

"{DE9D9663-7DC5-4ECC-B8B6-06EBD320CC6C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E189AE71-9636-4CBF-9071-38E10C25BE75}" = rport=445 | protocol=6 | dir=out | app=system |

"{E61D5925-17CD-43BC-86D2-8362B29143E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EC9BCBDF-5DEB-4154-9929-38F906C1E37D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F3FEA592-3F6D-4E86-A3FE-398DACA94B90}" = lport=137 | protocol=17 | dir=in | app=system |

"{F60E466C-5F1B-489F-82EC-790DDE9A5011}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F9E1F9BA-C6CB-4CDF-914C-CB78A0349755}" = lport=139 | protocol=6 | dir=in | app=system |

"{FE66AE34-BED9-4FBC-A05D-115D40042479}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00A5F275-8046-4B98-96EB-1FEC8EA60A23}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{205FD176-2B36-41C7-82F6-9BEA9CBCE602}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{21EDBF26-AF36-4F6C-86FC-802502377997}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{34ADB4A9-0B2F-40DC-B1EE-A789E68EFD28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3559B40F-29B6-47CB-8038-5FEBA0F2B90B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3954226C-EDEE-4AD1-869B-80F4A2F156B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3D6EEE59-65FB-4D0A-827D-15205E48C45B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4656444A-9524-4EF6-A543-7B9A8294F5F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{501DBC82-71A9-41CF-8693-92B9EC75818F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5655A8C7-F300-49BB-8F50-A18E89CFAA03}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{5BD89F7E-25FE-4229-A608-45F90CB51CC5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{5EA7416F-1E39-43CE-9B58-53ECAF7EAC23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{659139B7-45D6-4B59-A1E2-3FB2F8767A0F}" = protocol=6 | dir=out | app=system |

"{6EEC5880-CAEF-42A4-87B2-81720104E76D}" = protocol=17 | dir=in | app=c:\users\lodge\appdata\roaming\dropbox\bin\dropbox.exe |

"{764A9315-2BB0-4EFE-9F46-8408E598998A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{77C03D14-225B-4546-9253-9D21900DD482}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{816EF729-C45A-44C9-9D30-3DEB67DD704A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{86E6AEB1-AE81-42D3-8F9E-3402113673B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8F69D31E-086B-4BC0-9BC0-5EEF8093E772}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{9161D0D4-0ADF-40EA-BFC2-FC53E24C1C6B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{94506B96-C1CB-439A-B902-5280989E0126}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{C15E7F22-25B8-4046-ABAC-5B967CCAFF2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CE0B9DF1-B5D3-40E9-8F79-89935D06C6F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D31DCAB0-31BB-4BEA-B045-77E6E70B0CC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{DB0E1B9E-4DB8-4930-8C71-3D5BB1310588}" = protocol=6 | dir=in | app=c:\users\lodge\appdata\roaming\dropbox\bin\dropbox.exe |

"{DB72511E-E124-41C3-BEE6-D0D44C30DBAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E7B7F93F-A488-485C-9B95-22558371EF1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F6A59772-3A0F-4FAF-9CFF-3FD8A3CFC9D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DC8F0C18-E6B0-4722-A4AB-D134473091C2}" = Topaz DeJpeg 4 (64-bit)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader

"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{4800D75D-4697-4D6B-9B3B-0BF36245B95C}" = RSA SecurID Token for Windows Desktops

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers

"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4

"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection

"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Capture NX 2" = Capture NX 2

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Dell Webcam Central" = Dell Webcam Central

"Google Chrome" = Google Chrome

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Revo Uninstaller" = Revo Uninstaller 1.93

"Topaz Adjust 5" = Topaz Adjust 5

"Topaz Adjust 5 (64-bit)" = Topaz Adjust 5 (64-bit)

"Topaz DeJpeg 4" = Topaz DeJpeg 4

"Topaz DeJpeg 4 (64-bit)" = Topaz DeJpeg 4 (64-bit)

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-558802021-4168072929-2660782545-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"bd4d3a0508d364f5" = Dell Driver Download Manager

"Dropbox" = Dropbox

"Juniper_Setup_Client" = Juniper Networks Setup Client

"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/19/2012 12:45:26 AM | Computer Name = MININT-A5BLASO | Source = Windows Installer 3.1 | ID = 921877

Description =

Error - 5/19/2012 3:35:41 AM | Computer Name = MININT-A5BLASO | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 5/19/2012 3:36:02 AM | Computer Name = MININT-A5BLASO | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/19/2012 11:47:38 AM | Computer Name = MININT-A5BLASO | Source = MsiInstaller | ID = 1013

Description =

Error - 5/19/2012 12:10:38 PM | Computer Name = MININT-A5BLASO | Source = WinMgmt | ID = 10

Description =

Error - 5/19/2012 12:16:44 PM | Computer Name = MININT-A5BLASO | Source = MsiInstaller | ID = 11935

Description =

Error - 5/19/2012 12:17:38 PM | Computer Name = MININT-A5BLASO | Source = MsiInstaller | ID = 11935

Description =

Error - 5/19/2012 12:35:50 PM | Computer Name = MININT-A5BLASO | Source = Application Error | ID = 1000

Description = Faulting application name: mini_WMCore.exe, version: 0.0.0.0, time

stamp: 0x4b6195d7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x73496c9c Faulting process id: 0xa10 Faulting application

start time: 0x01cd35d9eaa49ebe Faulting application path: C:\Program Files (x86)\Dell\Dell

WWAN\WMCore\mini_WMCore.exe Faulting module path: unknown Report Id: b1385f58-a1d0-11e1-beff-88532e9936f7

Error - 5/19/2012 12:38:27 PM | Computer Name = MININT-A5BLASO | Source = WinMgmt | ID = 10

Description =

Error - 5/19/2012 8:28:57 PM | Computer Name = MININT-A5BLASO | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 5/19/2012 8:02:07 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 8:02:07 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/19/2012 8:12:57 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 8:12:57 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/19/2012 9:14:19 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 9:14:07 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/19/2012 10:14:52 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 10:14:41 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:43:34 AM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 11:43:16 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 5:24:40 PM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 5:24:24 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:47:42 AM | Computer Name = MININT-A5BLASO | Source = MCUpdate | ID = 0

Description = 9:47:42 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

[ System Events ]

Error - 5/19/2012 8:52:55 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:09 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:24 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:33 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:40 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:48 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:53:55 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:54:02 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:54:11 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2012 8:54:18 PM | Computer Name = MININT-A5BLASO | Source = cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke US Customized Web Search"
    [2012/05/21 12:35:34 | 000,000,000 | ---D | M] (WhiteSmoke US Community Toolbar) -- C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------------------------------

It's also listed in Chrome as an Extension:

CHR - Extension: WhiteSmoke US = C:\Users\Lodge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\2.3.9.0_0\

You should be able to disable it by copying this in to Google Chrome's address bar and hit Enter:

chrome:extensions

Also check Plugins the same way.

chrome:plugins

Let me know, MrC

Link to post
Share on other sites

Allrightie, sir, here you go. FYI: upon requested reboot--I no longer see the toolbar... Cautiously optimistic... (?)

OTL log

---------------------------------

All processes killed

========== OTL ==========

Prefs.js: "WhiteSmoke US Customized Web Search" removed from browser.search.defaultthis.engineName

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\searchplugin folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\components folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome folder moved successfully.

C:\Users\Lodge\AppData\Roaming\Mozilla\Firefox\Profiles\47i18j1o.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} folder moved successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lodge

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Lodge

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 47389496 bytes

->FireFox cache emptied: 117947547 bytes

->Google Chrome cache emptied: 68275765 bytes

->Flash cache emptied: 6152 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2336 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 223.00 mb

OTL by OldTimer - Version 3.2.43.1 log created on 05212012_172328

Files\Folders moved on Reboot...

C:\Users\Lodge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Yes, so far so good. No trace right now. If this indeed is fixed...I can't begin to thank you enough...such kindness to a stranger. Thank you.

Now, question: This came about with a download of super.exe (super converter.) I still need to access that program--but am now afraid if I activate it I'll reifect myself. Are you familiar with this issue enough to know if I should go ahead delete the program entirely -- or whether I'd be safe to kick it up now?

Link to post
Share on other sites

I'm not going to install it because it say the file is corrupt when I go to install it.

When you install it just watch out for any options to install the tool bar and read the privacy statement and any others listed.

We can always remove the tool bar again.

MrC

Link to post
Share on other sites

Hi Mr. C-- apologies, work kept me offsite until today. Yes, appears to have been fixed. I didn't reinstall the program--just too risky. (hopefully i have a clean install for it on a backup drive.) A million thanks for your help. Close it up! :)

Link to post
Share on other sites

Great...just be careful with that program.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.