Infected computer hiding programs

[freefaller345]

This post is in following A post in 09 that describes on how to fix when this virus comes along that hides programs.

 

The post was

I'm Infected - What do I do now?

by AdvancedSetup

 

Log DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16766
Run by Business at 22:50:05 on 2009-07-02
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2133 [GMT -7:00]
.
AV: Webroot Internet Security Essentials *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot Internet Security Essentials *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
FW: Webroot Internet Security Essentials *Disabled* {6B1A9CB4-465E-94AA-C8FA-DF5405F1CFE5}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\PROGRA~2\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: LivingPlay: {D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} - C:\Program Files (x86)\LivingPlay Games\lplaytl.dll
BHO: WebrootBHO Class: {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files (x86)\Webroot\Security\Current\plugins\browserextension\WebrootBHO.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Webroot Browser Helper Object: {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files (x86)\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\14.0.835.186\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Webroot Toolbar: {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [egoNuSIECuXAXgI] "C:\ProgramData\egoNuSIECuXAXgI.exe"
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex
mRun: [TUSBSleepChargeSrv] "C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
mRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [innoSetupRegFile.0000000001] "C:\windows\is-NKO8C.exe" /REG
mRunOnce: [innoSetupRegFile.0000000002] "C:\windows\is-UBSEL.exe" /REG
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}




TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\45865602245616E6562797 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\6427565674F43484F475966496 : DHCPNameServer = 10.0.249.1 208.67.222.222
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\7657563747 : DHCPNameServer = 159.121.31.50 159.121.107.80 159.121.107.82
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\C696E6B6379737 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\E4F60756 : DHCPNameServer = 192.168.0.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\14.0.835.186\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [ThpSrv] "C:\windows\System32\thpsrv" /logon
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-5-26 55280]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-5-26 482384]
R1 pwipf6;Privacyware Filter Driver;C:\windows\System32\drivers\pwipf6.sys [2011-3-22 109864]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-5-26 60416]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-5-26 81408]
R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2010-5-26 55808]
R2 SSFMONM;SSFMONM;C:\windows\System32\drivers\ssfmonm.sys [2011-3-22 56408]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-26 2314240]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-3-22 3997912]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-19 3381184]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-5-26 9216]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-5-26 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-26 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-5-26 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-5-26 946688]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-26 13336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-24 1038088]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-26 51576]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-6-24 1255736]
.
=============== Created Last 30 ================
.
2011-09-19 22:57:09 685056 ----a-w- C:\windows\is-UBSEL.exe
2011-09-19 22:56:52 685056 ----a-w- C:\windows\is-NKO8C.exe
2011-09-01 18:46:04 -------- d-----w- C:\Users\Business\AppData\Local\Apple Computer
2011-09-01 18:45:49 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-09-01 18:45:49 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-09-01 18:45:49 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-09-01 18:44:11 -------- d-----w- C:\Program Files\iPod
2011-09-01 18:44:07 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-09-01 18:44:07 -------- d-----w- C:\Program Files\iTunes
2011-09-01 18:44:07 -------- d-----w- C:\Program Files (x86)\iTunes
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-01 18:41:37 -------- d-----w- C:\Users\Business\AppData\Local\Apple
2011-09-01 18:40:46 -------- d-----w- C:\Program Files\Bonjour
2011-09-01 18:40:46 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-23 04:29:41 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-23 04:27:11 -------- d-----w- C:\Program Files (x86)\LivingPlay Games
2011-07-23 04:26:47 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-07-12 18:34:00 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-07-06 01:37:00 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2011-06-27 23:23:43 35892 ----a-w- C:\windows\SysWow64\SER9PL.sys
2011-06-27 23:23:43 26719 ----a-w- C:\windows\SysWow64\SERSPL.VXD
2011-06-25 21:27:55 -------- d-----w- C:\Users\Business\AppData\Local\Mozilla
2011-06-25 05:48:00 -------- d-----w- C:\windows\System32\EventProviders
2011-06-25 05:47:43 -------- d-----w- C:\09ee5e7638705d7b0f26
2011-05-30 18:26:22 -------- d-----w- C:\Users\Business\AppData\Local\ElevatedDiagnostics
2011-05-29 21:44:34 -------- d-----w- C:\Users\Business\AppData\Roaming\webroot
2011-05-29 20:45:20 -------- d-----w- C:\Program Files (x86)\Microsoft Easy Assist
2011-05-29 20:44:53 -------- d-----w- C:\ProgramData\Applications
2011-05-26 20:57:12 -------- d-----w- C:\windows\SysWow64\Adobe
2011-05-25 22:33:02 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-05-17 11:28:40 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-05-17 11:28:40 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-05-14 04:11:54 641536 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-13 03:34:25 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-05-13 03:34:23 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-05-13 03:34:23 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-05-10 15:06:08 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-05-10 15:06:08 4517664 ----a-w- C:\windows\System32\usbaaplrc.dll
2011-04-27 03:36:49 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-04-27 03:36:49 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-04-27 03:36:47 31232 ----a-w- C:\windows\SysWow64\prevhost.exe
2011-04-27 03:36:47 31232 ----a-w- C:\windows\System32\prevhost.exe
2011-04-19 11:47:04 670032 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-19 11:09:28 855376 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-14 06:23:45 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-5\Microsoft.MediaCenter.Sports.UI.dll
2011-04-12 19:28:57 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-04-12 19:28:49 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-12 19:28:48 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-04-12 19:28:48 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-12 19:28:48 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-03-22 23:30:39 -------- d-----w- C:\Users\Business\AppData\Local\Webroot
2011-03-22 23:20:34 56408 ----a-w- C:\windows\System32\drivers\ssfmonm.sys
2011-03-22 23:20:34 136224 ----a-w- C:\windows\System32\drivers\ssidrv.sys
2011-03-22 23:20:19 109864 ----a-w- C:\windows\System32\drivers\pwipf6.sys
2011-03-22 23:20:08 -------- d-----w- C:\Users\Business\AppData\Local\lptmp7659
2011-03-22 23:18:40 -------- dc----w- C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
2011-03-22 23:17:46 -------- d-----w- C:\Program Files (x86)\Webroot
2011-03-22 23:16:55 -------- d-----w- C:\ProgramData\Webroot
2011-03-11 21:01:43 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-03-11 21:01:23 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-03-11 21:01:23 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-03-08 23:20:02 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-03-08 23:20:02 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-03-08 23:20:01 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-03-08 23:20:01 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-03-08 23:20:01 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-03-08 23:20:00 723968 ----a-w- C:\windows\System32\EncDec.dll
2011-03-08 23:19:59 961024 ----a-w- C:\windows\System32\CPFilters.dll
2011-03-08 23:19:59 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2011-03-08 23:19:59 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-03-08 23:19:59 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2011-03-08 23:19:59 1118720 ----a-w- C:\windows\System32\sbe.dll
2011-03-08 23:19:58 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2011-03-08 23:19:58 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2011-03-08 23:19:57 3138048 ----a-w- C:\windows\System32\mstscax.dll
2011-03-08 23:19:56 2690560 ----a-w- C:\windows\SysWow64\mstscax.dll
2011-03-08 23:19:56 1097216 ----a-w- C:\windows\System32\mstsc.exe
2011-03-08 23:19:56 1034240 ----a-w- C:\windows\SysWow64\mstsc.exe
2011-02-25 03:46:10 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-02-25 03:46:10 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-02-20 04:27:05 714752 ----a-w- C:\windows\System32\kerberos.dll
2011-02-20 04:27:05 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-02-20 04:27:00 2003968 ----a-w- C:\windows\System32\msxml6.dll
2011-02-17 02:00:38 17370496 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2011-01-14 18:47:44 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-01-14 18:47:44 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
2011-01-14 18:47:44 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-14 18:47:43 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-14 18:47:43 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-14 18:47:43 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-14 18:47:43 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-14 18:47:43 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-14 18:47:43 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-14 18:47:43 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 03:45:22 -------- d-----w- C:\Users\Business\AppData\Local\Best Buy pc app
2011-01-12 03:45:10 -------- d-----w- C:\Users\Business\AppData\Local\Deployment
2011-01-12 03:45:10 -------- d-----w- C:\Users\Business\AppData\Local\Apps
2011-01-12 03:45:07 -------- d-----w- C:\ProgramData\Best Buy pc app
2011-01-12 03:44:58 -------- dc----w- C:\ProgramData\{490DF262-AAC9-4596-9027-145286488424}
2010-12-20 18:10:40 -------- d-----w- C:\Program Files (x86)\Nikon
2010-12-20 18:10:40 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2010-12-16 02:34:10 -------- d-----w- C:\windows\en
2010-12-16 02:31:19 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2010-12-16 02:31:19 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2010-12-16 02:31:18 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2010-12-16 02:31:18 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2010-12-16 02:31:05 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49d6cd521cb9cc911\DSETUP.dll
2010-12-16 02:31:05 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49d6cd521cb9cc911\DXSETUP.exe
2010-12-16 02:31:05 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49d6cd521cb9cc911\dsetup32.dll
2010-12-16 02:31:04 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e19f961cb9cc910\DSETUP.dll
2010-12-16 02:31:04 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e19f961cb9cc910\DXSETUP.exe
2010-12-16 02:31:04 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e19f961cb9cc910\dsetup32.dll
2010-12-16 02:30:31 -------- d-----w- C:\Users\Business\AppData\Local\Windows Live
2010-12-16 02:30:00 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2010-12-16 02:30:00 206848 ----a-w- C:\windows\System32\mfps.dll
2010-12-16 02:30:00 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2010-12-16 02:30:00 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2010-12-16 02:30:00 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2010-12-16 02:29:59 4068864 ----a-w- C:\windows\System32\mf.dll
2010-12-16 02:29:59 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2010-12-09 06:29:33 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-09 06:29:33 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-11 20:13:57 552960 ----a-w- C:\windows\System32\msdri.dll
2010-11-11 20:13:54 288256 ----a-w- C:\windows\System32\MSNP.ax
2010-11-11 20:13:54 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
2010-11-11 20:13:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-11-11 20:13:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-11-11 20:13:40 2085376 ----a-w- C:\windows\System32\ole32.dll
2010-11-11 20:13:39 1413632 ----a-w- C:\windows\SysWow64\ole32.dll
2010-11-11 20:13:36 483840 ----a-w- C:\windows\System32\StructuredQuery.dll
2010-11-11 20:13:36 363520 ----a-w- C:\windows\SysWow64\StructuredQuery.dll
2010-11-11 20:12:22 148992 ----a-w- C:\windows\System32\t2embed.dll
2010-11-11 20:12:22 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2010-11-11 20:12:12 954752 ----a-w- C:\windows\SysWow64\mfc40.dll
2010-11-11 20:12:11 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll
2010-11-11 20:10:40 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2010-11-11 20:10:40 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2010-11-11 20:10:36 340992 ----a-w- C:\windows\System32\schannel.dll
2010-11-11 20:10:36 224256 ----a-w- C:\windows\SysWow64\schannel.dll
2010-11-11 20:10:33 633856 ----a-w- C:\windows\System32\comctl32.dll
2010-11-11 20:10:33 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2010-11-10 09:54:18 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2010-11-10 09:28:46 301936 ----a-w- C:\windows\WLXPGSS.SCR
2010-10-29 14:52:15 761856 ----a-w- C:\windows\SysWow64\xvidcore.dll
2010-10-29 14:52:15 180224 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2010-10-29 14:52:08 122880 ----a-r- C:\Users\Business\AppData\Roaming\Microsoft\Installer\{34C7E079-2B62-478F-88B2-E3EDACDE5078}\NewShortcut3_1.exe
2010-10-29 14:52:08 122880 ----a-r- C:\Users\Business\AppData\Roaming\Microsoft\Installer\{34C7E079-2B62-478F-88B2-E3EDACDE5078}\NewShortcut1.exe
2010-10-29 14:52:06 -------- d-----w- C:\Program Files (x86)\AVerVision
2010-10-20 03:25:07 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-20 03:25:07 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-20 03:25:06 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2010-10-20 03:25:06 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2010-10-20 03:24:45 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2010-10-20 03:24:45 236032 ----a-w- C:\windows\System32\srvsvc.dll
2010-10-02 19:27:01 243712 ----a-w- C:\windows\System32\drivers\ks.sys
2010-10-02 19:27:01 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2010-09-21 22:54:04 529280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 22:51:18 55704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 22:51:18 1129880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 22:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL
2010-09-21 22:49:00 419712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 22:49:00 290176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 22:49:00 2286976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2010-09-21 22:49:00 222592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2010-09-21 22:49:00 170880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2010-09-21 22:47:38 1558016 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 22:13:50 1564072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 22:08:38 439168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 22:06:02 853912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 22:06:02 57752 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 22:03:14 332160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 22:03:14 237952 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 22:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2010-09-21 22:03:14 145280 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2010-09-18 20:35:53 558592 ----a-w- C:\windows\System32\spoolsv.exe
2010-09-12 03:10:12 204259 ----a-w- C:\InformationalData.tmp
2010-09-12 03:10:12 12385 ----a-w- C:\DetectionData.tmp
2010-09-11 19:07:40 -------- d-----w- C:\Users\Business\AppData\Local\PackageAware
2010-08-31 04:08:42 861184 ----a-w- C:\windows\System32\oleaut32.dll
2010-08-31 04:08:42 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2010-08-31 04:08:28 52224 ----a-w- C:\windows\System32\rtutils.dll
2010-08-31 04:08:28 37376 ----a-w- C:\windows\SysWow64\rtutils.dll
2010-08-19 21:38:19 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2010-08-19 21:37:41 82944 ----a-w- C:\windows\SysWow64\iccvid.dll
2010-07-29 07:23:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-07-27 04:39:43 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-07-27 04:39:16 -------- d-----w- C:\Program Files (x86)\MSSOAP
2010-07-27 04:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2010-07-27 03:55:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-07-27 03:55:39 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-27 03:55:29 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-27 03:55:26 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-22 16:58:54 119160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL
2010-07-11 23:47:40 453456 ----a-w- C:\windows\SysWow64\d3dx10_41.dll
2010-07-11 23:47:40 1846632 ----a-w- C:\windows\SysWow64\D3DCompiler_41.dll
2010-07-10 01:47:15 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-07-10 01:47:01 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-10 01:46:42 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-10 01:46:37 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-02 12:09:58 -------- d-----w- C:\Users\Business\AppData\Local\Diagnostics
2010-06-24 22:39:23 -------- d-----w- C:\windows\SysWow64\spool
2010-06-24 22:35:07 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2010-06-24 22:35:01 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-06-24 22:14:36 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2010-06-24 22:14:36 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2010-06-24 22:14:36 48960 ----a-w- C:\windows\System32\netfxperf.dll
2010-06-24 22:14:36 444752 ----a-w- C:\windows\System32\mscoree.dll
2010-06-24 22:14:36 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2010-06-24 22:14:36 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2010-06-24 22:14:36 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2010-06-24 22:14:36 1942856 ----a-w- C:\windows\System32\dfshim.dll
2010-06-24 22:14:36 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2010-06-24 22:14:36 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2010-06-24 19:33:56 241984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
2010-06-24 19:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-06-24 16:29:46 -------- d-----w- C:\windows\SysWow64\Wat
2010-06-24 16:29:46 -------- d-----w- C:\windows\System32\Wat
2010-06-21 20:11:40 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-06-21 19:51:05 -------- d-----w- C:\Users\Business\AppData\Local\Adobe
2010-06-21 19:44:28 -------- d-----w- C:\Users\Business\AppData\Local\Google
2010-06-21 00:11:18 -------- d-----w- C:\Users\Business\AppData\Local\Microsoft Games
2010-06-21 00:02:56 -------- d-----w- C:\Users\Business\AppData\Local\Microsoft Help
2010-06-21 00:01:28 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-06-20 23:41:43 -------- d-----w- C:\Users\Business\AppData\Local\TOSHIBA_Corporation
2010-06-20 23:41:35 -------- d-----w- C:\Users\Business\AppData\Local\Best_Buy®
2010-06-20 23:38:08 -------- d-----w- C:\Users\Business\AppData\Roaming\Intel Corporation
2010-06-20 23:36:36 -------- d-----w- C:\Users\Business\AppData\Local\Toshiba
2010-06-20 23:35:25 -------- d-----w- C:\Users\Business\AppData\Local\VirtualStore
2010-06-20 23:35:23 220672 ----a-w- C:\windows\System32\wintrust.dll
2010-06-20 23:35:23 172032 ----a-w- C:\windows\SysWow64\wintrust.dll
2010-06-20 23:35:22 139264 ----a-w- C:\windows\System32\cabview.dll
2010-06-20 23:35:22 132608 ----a-w- C:\windows\SysWow64\cabview.dll
2010-06-20 23:34:54 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2010-06-20 23:34:23 -------- d-----w- C:\Users\Business\AppData\Roaming\WinBatch
2010-05-26 19:55:35 -------- d-----w- C:\windows\msdownld.tmp
2010-05-26 19:54:26 -------- d-----w- C:\ProgramData\Norton
2010-05-26 19:53:54 -------- d-----w- C:\ProgramData\NortonInstaller
2010-05-26 19:53:34 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2010-05-26 19:53:25 -------- d-----w- C:\ProgramData\Uninstall
2010-05-26 19:53:17 55280 ------w- C:\windows\System32\drivers\PxHlpa64.sys
2010-05-26 19:53:17 10224 ------w- C:\windows\System32\drivers\cdralw2k.sys
2010-05-26 19:53:17 10224 ------w- C:\windows\System32\drivers\cdr4_xp.sys
2010-05-26 19:53:16 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2010-05-26 19:53:16 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-05-26 19:53:11 -------- d-----w- C:\Program Files (x86)\Roxio
2010-05-26 19:51:49 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared
2010-05-26 19:51:46 482384 ----a-w- C:\windows\System32\drivers\tos_sps64.sys
2010-05-26 19:51:45 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2010-05-26 19:51:13 -------- d-----w- C:\Program Files\Dolby
2010-05-26 19:46:39 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2010-05-26 19:42:49 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2010-05-26 19:42:49 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2010-05-26 19:41:29 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2010-05-26 19:41:29 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2010-05-26 19:41:28 9216 ----a-w- C:\windows\System32\drivers\FwLnk.sys
2010-05-26 19:41:28 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-05-26 19:41:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-05-26 19:41:28 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-05-26 19:41:28 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-05-26 19:41:28 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-05-26 19:41:28 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-05-26 19:41:28 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-05-26 19:40:07 946688 ----a-w- C:\windows\System32\drivers\rtl8192se.sys
2010-05-26 19:40:06 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2010-05-26 19:39:24 -------- d-----w- C:\Program Files\Synaptics
2010-05-26 19:39:00 90112 ----a-w- C:\windows\System32\snymsico.dll
2010-05-26 19:39:00 81408 ----a-w- C:\windows\System32\drivers\risdpe64.sys
2010-05-26 19:39:00 60416 ----a-w- C:\windows\System32\drivers\rimspe64.sys
2010-05-26 19:39:00 55808 ----a-w- C:\windows\System32\drivers\rixdpe64.sys
2010-05-26 19:39:00 196608 ----a-w- C:\windows\System32\RiSDIcon.dll
2010-05-26 19:39:00 188416 ----a-w- C:\windows\System32\RiMMCIcon.dll
2010-05-26 19:39:00 172032 ----a-w- C:\windows\System32\rixdicon.dll
2010-05-26 19:39:00 -------- d-----w- C:\windows\SysWow64\sda
2010-05-26 19:38:26 97792 ----a-w- C:\windows\System32\RTNUninst64.dll
2010-05-26 19:38:26 67584 ----a-w- C:\windows\System32\RtNicProp64.dll
2010-05-26 19:38:26 236544 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2010-05-26 19:32:41 537112 ----a-w- C:\windows\System32\drivers\iaStor.sys
2010-05-26 19:27:47 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2010-05-26 19:27:43 -------- d-----w- C:\Intel
2010-05-26 19:27:42 56344 ----a-w- C:\windows\System32\drivers\HECIx64.sys
2010-05-26 19:25:59 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2010-03-18 21:27:14 827744 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2010-03-18 20:16:28 771424 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2009-12-12 22:02:27 -------- d-----w- C:\windows\Panther
2009-12-12 22:02:14 -------- d-sh--w- C:\Boot
2009-12-12 06:34:38 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2009-12-12 06:34:38 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2009-12-12 06:34:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2009-12-12 06:31:53 -------- d-----w- C:\windows\PCHEALTH
2009-12-12 06:29:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2009-12-12 06:28:01 -------- d-----w- C:\ProgramData\Partner
2009-12-12 06:24:50 40960 ----a-w- C:\windows\SysWow64\ToscmddN.dll
2009-12-12 06:24:50 102400 ----a-w- C:\windows\SysWow64\Tossps.scr
2009-12-12 06:24:49 77824 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2009-12-12 06:24:49 69632 ----a-w- C:\windows\SysWow64\TosOlkN.dll
2009-12-12 06:24:49 32768 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2009-12-12 06:24:49 24576 ----a-w- C:\windows\SysWow64\TosusrpN.dll
2009-12-12 06:24:49 225280 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2009-12-12 06:24:49 176128 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2009-12-12 06:24:48 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2009-12-12 06:24:34 140632 ----a-w- C:\windows\System32\TODDSrv.exe
2009-12-12 06:24:06 -------- d-----w- C:\Program Files (x86)\TOSHIBA
2009-12-12 06:22:41 -------- d-----w- C:\windows\Downloaded Installations
2009-12-12 06:22:35 -------- d-----w- C:\Program Files\TOSHIBA
2009-12-12 06:22:28 410984 ----a-w- C:\windows\SysWow64\deploytk.dll
2009-12-12 06:19:42 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2009-12-12 06:19:33 -------- d-----w- C:\Program Files\PlayReady
2009-12-12 06:19:29 -------- d-sh--w- C:\windows\Installer
2009-12-12 06:19:15 311808 ----a-w- C:\windows\System32\msv1_0.dll
2009-12-12 06:19:15 257024 ----a-w- C:\windows\SysWow64\msv1_0.dll
2009-12-12 06:19:06 46592 ----a-w- C:\windows\System32\msasn1.dll
2009-12-12 06:19:06 34816 ----a-w- C:\windows\SysWow64\msasn1.dll
2009-12-12 06:18:34 1975296 ----a-w- C:\windows\System32\CertEnroll.dll
2009-12-12 06:18:34 1320960 ----a-w- C:\windows\SysWow64\CertEnroll.dll
2009-11-14 00:45:54 166424 ----a-w- C:\windows\System32\igfxtray.exe
2009-11-14 00:45:52 510488 ----a-w- C:\windows\System32\igfxsrvc.exe
2009-11-14 00:45:50 408600 ----a-w- C:\windows\System32\igfxpers.exe
2009-11-14 00:45:48 222744 ----a-w- C:\windows\System32\igfxext.exe
2009-11-14 00:45:46 390168 ----a-w- C:\windows\System32\hkcmd.exe
2009-11-14 00:45:44 3125784 ----a-w- C:\windows\System32\GfxUI.exe
2009-11-14 00:45:40 152600 ----a-w- C:\windows\System32\difx64.exe
2009-10-30 18:27:46 91136 ----a-w- C:\windows\System32\igfxCoIn_v1986.dll
2009-10-30 18:23:16 7770048 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2009-10-30 18:23:10 5956608 ----a-w- C:\windows\System32\igdumd64.dll
2009-10-30 18:21:18 870544 ----a-w- C:\windows\SysWow64\igkrng575.bin
2009-10-30 18:21:18 870544 ----a-w- C:\windows\System32\igkrng575.bin
2009-10-30 18:21:18 50028 ----a-w- C:\windows\SysWow64\igfcg575m.bin
2009-10-30 18:21:18 50028 ----a-w- C:\windows\System32\igfcg575m.bin
2009-10-30 18:21:18 127896 ----a-w- C:\windows\SysWow64\igcompkrng575.bin
2009-10-30 18:21:18 127896 ----a-w- C:\windows\System32\igcompkrng575.bin
2009-10-30 18:15:00 4489216 ----a-w- C:\windows\SysWow64\igdumd32.dll
2009-10-30 18:06:22 550912 ----a-w- C:\windows\SysWow64\igdumdx32.dll
2009-10-30 18:02:02 4088320 ----a-w- C:\windows\System32\igd10umd64.dll
2009-10-30 17:56:20 3888640 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2009-10-30 17:49:46 5507584 ----a-w- C:\windows\System32\ig4dev64.dll
2009-10-30 17:49:12 8129024 ----a-w- C:\windows\System32\ig4icd64.dll
2009-10-30 17:37:52 4069888 ----a-w- C:\windows\SysWow64\ig4dev32.dll
2009-10-30 17:37:34 6060032 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2009-10-30 17:26:06 286208 ----a-w- C:\windows\System32\igfxrsky.lrc
2009-10-30 17:26:04 285696 ----a-w- C:\windows\System32\igfxrtrk.lrc
2009-10-30 17:26:04 285696 ----a-w- C:\windows\System32\igfxrslv.lrc
2009-10-30 17:26:04 285184 ----a-w- C:\windows\System32\igfxrtha.lrc
2009-10-30 17:26:02 286720 ----a-w- C:\windows\System32\igfxresn.lrc
2009-10-30 17:26:02 285696 ----a-w- C:\windows\System32\igfxrsve.lrc
2009-10-30 17:26:00 286208 ----a-w- C:\windows\System32\igfxrrus.lrc
2009-10-30 17:26:00 286208 ----a-w- C:\windows\System32\igfxrptg.lrc
2009-10-30 17:26:00 285696 ----a-w- C:\windows\System32\igfxrptb.lrc
2009-10-30 17:22:36 126976 ----a-w- C:\windows\System32\igfxcpl.cpl
2009-10-30 17:22:04 376832 ----a-w- C:\windows\System32\igfxTMM.dll
2009-10-30 17:22:04 246272 ----a-w- C:\windows\System32\igfxpph.dll
2009-10-30 17:21:58 27648 ----a-w- C:\windows\System32\igfxexps.dll
2009-10-30 17:21:28 61440 ----a-w- C:\windows\System32\igfxsrvc.dll
2009-10-30 17:20:44 108544 ----a-w- C:\windows\System32\hccutils.dll
2009-10-30 17:20:32 118784 ----a-w- C:\windows\System32\gfxSrvc.dll
2009-10-30 17:20:30 4096 ----a-w- C:\windows\System32\IGFXDEVLib.dll
2009-10-30 17:20:30 268800 ----a-w- C:\windows\System32\igfxdev.dll
2009-10-30 17:19:56 285184 ----a-w- C:\windows\System32\igfxrenu.lrc
2009-10-30 17:19:48 9014784 ----a-w- C:\windows\System32\igfxress.dll
2009-10-30 17:19:48 142336 ----a-w- C:\windows\System32\igfxdo.dll
2009-10-30 17:15:08 59392 ----a-w- C:\windows\SysWow64\oemdspif.dll
2009-10-30 17:13:36 226304 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2009-10-30 17:06:24 208896 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2009-10-30 17:06:24 208896 ----a-w- C:\windows\System32\iglhsip32.dll
2009-10-30 17:06:24 147456 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2009-10-30 17:06:24 147456 ----a-w- C:\windows\System32\iglhcp32.dll
2009-10-30 13:56:34 244736 ----a-w- C:\windows\System32\drivers\IntcDAud.sys
2009-10-30 13:56:14 14848 ----a-w- C:\windows\System32\IntcDAuC.dll
2009-10-26 19:39:44 151936 ----a-w- C:\windows\System32\drivers\Impcd.sys
2009-10-21 16:30:36 531520 ----a-w- C:\windows\System32\ThpSrv.exe
2009-10-16 03:11:26 307760 ----a-w- C:\windows\System32\drivers\SynTP.sys
2009-10-16 03:09:06 107816 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
2009-10-16 03:09:04 205608 ----a-w- C:\windows\System32\SynTPAPI.dll
2009-10-16 03:09:04 147752 ----a-w- C:\windows\System32\SynTPCo4.dll
2009-10-16 03:09:00 263464 ----a-w- C:\windows\System32\SynCtrl.dll
2009-10-16 03:09:00 206120 ----a-w- C:\windows\SysWow64\SynCtrl.dll
2009-10-16 03:08:58 396584 ----a-w- C:\windows\System32\SynCOM.dll
2009-10-16 03:08:58 173352 ----a-w- C:\windows\SysWow64\SynCOM.dll
2009-10-10 06:10:46 2594632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL
2009-09-23 12:19:20 6540136 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\OSETUP.DLL
2009-08-18 06:33:52 1193832 ----a-w- C:\windows\SysWow64\FM20.DLL
2009-08-07 16:49:36 1721576 ----a-w- C:\windows\System32\WdfCoInstaller01009.dll
2009-07-31 04:22:04 27784 ----a-w- C:\windows\System32\drivers\tdcmdpst.sys
2009-07-21 07:05:40 1348432 ----a-w- C:\windows\SysWow64\msxml4.dll
2009-07-14 22:31:18 26840 ----a-w- C:\windows\System32\drivers\TVALZ_O.SYS
2009-07-14 07:45:58 -------- d-----w- C:\Program Files\Windows Journal
2009-07-14 07:45:02 -------- d-----w- C:\windows\ShellNew
2009-07-14 07:45:02 -------- d-----w- C:\windows\ehome
2009-07-14 05:35:51 6144 ----a-w- C:\windows\System32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2009-07-14 05:32:38 -------- d-----w- C:\windows\twain_32
2009-07-14 05:12:52 -------- d-----w- C:\windows\System32\wbem\Performance
2009-07-14 05:08:56 -------- d-sh--we C:\Documents and Settings
2009-07-14 05:08:52 -------- d-----w- C:\windows\System32\wbem\MOF\good
2009-07-14 05:08:52 -------- d-----w- C:\windows\System32\wbem\MOF\bad
2009-07-14 04:53:24 -------- d-----w- C:\windows\System32\wbem\MOF
2009-07-14 04:45:50 -------- d---a-w- C:\windows\Setup
2009-07-14 04:45:47 -------- d-----w- C:\windows\ServiceProfiles
2009-07-14 04:45:42 -------- d-s---w- C:\windows\System32\Microsoft
.
==================== Find3M  ====================
.
2011-03-11 06:23:13 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-19 06:36:13 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 05:32:08 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-05 12:41:43 556928 ----a-w- C:\windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\windows\System32\winresume.exe
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-10-27 05:16:01 1739176 ----a-w- C:\windows\System32\ntdll.dll
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:40:22 1293120 ----a-w- C:\windows\SysWow64\ntdll.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll
2010-06-26 05:31:36 1863680 ----a-w- C:\windows\System32\ExplorerFrame.dll
2010-06-26 05:14:29 1495040 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2010-03-05 07:52:51 84992 ----a-w- C:\windows\System32\asycfilt.dll
2010-03-05 07:42:42 67584 ----a-w- C:\windows\SysWow64\asycfilt.dll
.
============= FINISH: 22:54:13.51 ===============
 

 

Log Attach:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2010 4:33:35 PM
System Uptime: 7/2/2009 8:13:34 PM (2 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | CPU | 1727/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 406.081 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 7/2/2009 10:40:54 PM - Windows Update
RP99: 6/24/2011 10:49:02 PM - Windows 7 Service Pack 1
RP100: 6/27/2011 3:54:44 PM - Restore Operation
RP101: 6/27/2011 4:23:14 PM - Installed PL-2303 USB-to-Serial
RP102: 9/1/2011 11:43:02 AM - Installed iTunes
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
AVerVision Software
Best Buy pc app
Bonjour
Compatibility Pack for the 2007 Office system
Connect
D3DX10
Dolby Control Center
Google Chrome
Google Chrome Frame
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 6 Update 14
Junk Mail filter update
kuler
LivingPlay
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NEF Codec
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
PL-2303 USB-to-Serial
PlayReady PC Runtime amd64
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller  Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RealUpgrade 1.1
RICOH R5U230 Media Driver ver.2.06.03.02
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
StartNow Toolbar
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VideoLAN VLC media player 0.8.6f
Webroot Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/1/2011 11:53:20 AM, Error: Service Control Manager [7034]  - The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
6/27/2011 3:56:54 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.
6/25/2011 11:18:20 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR5.
6/25/2011 11:16:44 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.

6/24/2011 11:27:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
6/20/2011 1:19:29 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/5/2011 12:34:10 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
5/30/2011 11:30:17 AM, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/30/2011 11:30:17 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer TAMIMJAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}. The master browser is stopping or an election is being forced.
5/30/2011 1:53:36 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer TARP2034 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}. The master browser is stopping or an election is being forced.
5/23/2011 10:46:53 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD} because another computer on the network has the same name.  The server could not start.
5/2/2011 12:49:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ehRecvr service.
4/29/2011 3:32:55 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer NOTEBOOK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}. The master browser is stopping or an election is being forced.
4/17/2011 10:17:38 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
4/13/2011 11:31:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/13/2011 11:31:18 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/12/2011 7:32:44 PM, Error: Schannel [36887]  - The following fatal alert was received: 47.
3/9/2011 12:15:49 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 10.60.1.84 with the system having network hardware address 60-33-4B-55-10-F5. Network operations on this system may be disrupted as a result.
3/8/2011 12:14:39 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2011 12:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2011 12:06:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2011 12:06:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2011 12:06:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2011 12:06:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2011 12:06:30 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

 

 

 

Any help would be appreciated- Working on restoring an old computer of mine and this is the only thing wrong with the computer.

 

Thanks.

attach.txt

dds.txt

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[freefaller345]

 

 

Below is the report from RK, thanks for your fast response.

 

 

 

 

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Business [Admin rights]

Mode : Scan -- Date : 07/02/2009 23:33:27

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : egoNuSIECuXAXgI ("C:\ProgramData\egoNuSIECuXAXgI.exe" [x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1421534910-2390365103-2924931255-1001\[...]\Run : egoNuSIECuXAXgI ("C:\ProgramData\egoNuSIECuXAXgI.exe" [x]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\windows\is-NKO8C.exe" /REG [-]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : InnoSetupRegFile.0000000002 ("C:\windows\is-UBSEL.exe" /REG [-]) -> FOUND

[HJ POL] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND

[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[WALLPAPER] HKCU\[...]\Desktop : Wallpaper () -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 2 ¤¤¤

[Default][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[Default User][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] b5507210a52889c2c7446b54eadae934

[bSP] 243743416e46f951508ec056ff5df4eb : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_07022009_233327.txt >>

 

 

Thanks

 

 

[MrCharlie]

The logs from DDS are old logs, why are you posting them?? MrC

[freefaller345]

That last log was from the Rougue Program you said to use. The DDS and Attach logs that were posted earlier are of of the post I found earlier today- it was old, from 09- but this computer hasnt been used since 2011 either. DO i need to get a differet log program?

 

Mind I have no real idea what all these programs are or what i'm doing- learning as we go.

[MrCharlie]

RogueKiller is OK.

 

Run new DDS scan:

 

 please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

 

MrC

 

[freefaller345]

OK, ran that post from head to finsih and here are the new DDS and Attach reports:

 

DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16766
Run by Business at 0:58:09 on 2009-07-03
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2185 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] "C:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe" -update activex
mRun: [TUSBSleepChargeSrv] "C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
mRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}




TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\45865602245616E6562797 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\6427565674F43484F475966496 : DHCPNameServer = 10.0.249.1 208.67.222.222
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\7657563747 : DHCPNameServer = 159.121.31.50 159.121.107.80 159.121.107.82
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\C696E6B6379737 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}\E4F60756 : DHCPNameServer = 192.168.0.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [ThpSrv] "C:\windows\System32\thpsrv" /logon
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-5-26 55280]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-5-26 482384]
R0 WRkrn;WRkrn;C:\windows\System32\drivers\WRkrn.sys [2009-7-3 114184]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2009-7-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-7-3 701512]
R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-5-26 60416]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-5-26 81408]
R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2010-5-26 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-26 2314240]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2009-7-3 742408]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-5-26 9216]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-5-26 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2009-7-3 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-26 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-5-26 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-5-26 946688]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
RUnknown SSFMONM;SSFMONM; [x]
S?Unknown pwipf6;pwipf6; [x]
S0 LDbZirqL;LDbZirqL;C:\windows\System32\drivers\LDbZirqL.sys [2009-7-3 114184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-26 13336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-24 1038088]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-26 51576]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-6-24 1255736]
SUnknown WebrootSpySweeperService;WebrootSpySweeperService; [x]
SUnknown WRConsumerService;WRConsumerService; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-09-19 22:57:09 685056 ----a-w- C:\windows\isRS-001.tmp
2011-09-01 18:46:04 -------- d-----w- C:\Users\Business\AppData\Local\Apple Computer
2011-09-01 18:45:49 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-09-01 18:45:49 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-09-01 18:45:49 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-09-01 18:44:11 -------- d-----w- C:\Program Files\iPod
2011-09-01 18:44:07 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-09-01 18:44:07 -------- d-----w- C:\Program Files\iTunes
2011-09-01 18:44:07 -------- d-----w- C:\Program Files (x86)\iTunes
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-01 18:42:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-01 18:41:37 -------- d-----w- C:\Users\Business\AppData\Local\Apple
2011-09-01 18:40:46 -------- d-----w- C:\Program Files\Bonjour
2011-09-01 18:40:46 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-23 04:29:41 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-23 04:27:11 -------- d-----w- C:\Program Files (x86)\LivingPlay Games
2011-07-23 04:26:47 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-07-12 18:34:00 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
2011-07-06 01:37:00 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2011-06-27 23:23:43 35892 ----a-w- C:\windows\SysWow64\SER9PL.sys
2011-06-27 23:23:43 26719 ----a-w- C:\windows\SysWow64\SERSPL.VXD
2011-06-25 21:27:55 -------- d-----w- C:\Users\Business\AppData\Local\Mozilla
2011-06-25 05:48:00 -------- d-----w- C:\windows\System32\EventProviders
2011-06-25 05:47:43 -------- d-----w- C:\09ee5e7638705d7b0f26
2011-05-30 18:26:22 -------- d-----w- C:\Users\Business\AppData\Local\ElevatedDiagnostics
2011-05-29 21:44:34 -------- d-----w- C:\Users\Business\AppData\Roaming\webroot
2011-05-29 20:45:20 -------- d-----w- C:\Program Files (x86)\Microsoft Easy Assist
2011-05-29 20:44:53 -------- d-----w- C:\ProgramData\Applications
2011-05-26 20:57:12 -------- d-----w- C:\windows\SysWow64\Adobe
2011-05-25 22:33:02 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-05-17 11:28:40 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-05-17 11:28:40 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-05-14 04:11:54 641536 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-13 03:34:25 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-05-13 03:34:23 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-05-13 03:34:23 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-05-10 15:06:08 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2011-05-10 15:06:08 4517664 ----a-w- C:\windows\System32\usbaaplrc.dll
2011-04-27 03:36:49 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-04-27 03:36:49 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-04-27 03:36:47 31232 ----a-w- C:\windows\SysWow64\prevhost.exe
2011-04-27 03:36:47 31232 ----a-w- C:\windows\System32\prevhost.exe
2011-04-19 11:47:04 670032 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-19 11:09:28 855376 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-14 06:23:45 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-5\Microsoft.MediaCenter.Sports.UI.dll
2011-04-12 19:28:57 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-04-12 19:28:49 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-12 19:28:48 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-04-12 19:28:48 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-12 19:28:48 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-03-22 23:30:39 -------- d-----w- C:\Users\Business\AppData\Local\Webroot
2011-03-22 23:20:08 -------- d-----w- C:\Users\Business\AppData\Local\lptmp7659
2011-03-22 23:17:46 -------- d-----w- C:\Program Files (x86)\Webroot
2011-03-11 21:01:43 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-03-11 21:01:23 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-03-11 21:01:23 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-03-08 23:20:02 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-03-08 23:20:02 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-03-08 23:20:01 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-03-08 23:20:01 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-03-08 23:20:01 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-03-08 23:20:00 723968 ----a-w- C:\windows\System32\EncDec.dll
2011-03-08 23:19:59 961024 ----a-w- C:\windows\System32\CPFilters.dll
2011-03-08 23:19:59 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2011-03-08 23:19:59 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-03-08 23:19:59 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2011-03-08 23:19:59 1118720 ----a-w- C:\windows\System32\sbe.dll
2011-03-08 23:19:58 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2011-03-08 23:19:58 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2011-03-08 23:19:57 3138048 ----a-w- C:\windows\System32\mstscax.dll
2011-03-08 23:19:56 2690560 ----a-w- C:\windows\SysWow64\mstscax.dll
2011-03-08 23:19:56 1097216 ----a-w- C:\windows\System32\mstsc.exe
2011-03-08 23:19:56 1034240 ----a-w- C:\windows\SysWow64\mstsc.exe
2011-02-25 03:46:10 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-02-25 03:46:10 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-02-20 04:27:05 714752 ----a-w- C:\windows\System32\kerberos.dll
2011-02-20 04:27:05 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-02-20 04:27:00 2003968 ----a-w- C:\windows\System32\msxml6.dll
2011-02-17 02:00:38 17370496 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2011-01-14 18:47:44 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-01-14 18:47:44 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
2011-01-14 18:47:44 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-14 18:47:43 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-14 18:47:43 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-14 18:47:43 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-14 18:47:43 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-14 18:47:43 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-14 18:47:43 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-14 18:47:43 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 03:45:22 -------- d-----w- C:\Users\Business\AppData\Local\Best Buy pc app
2011-01-12 03:45:10 -------- d-----w- C:\Users\Business\AppData\Local\Deployment
2011-01-12 03:45:10 -------- d-----w- C:\Users\Business\AppData\Local\Apps
2011-01-12 03:45:07 -------- d-----w- C:\ProgramData\Best Buy pc app
2011-01-12 03:44:58 -------- dc----w- C:\ProgramData\{490DF262-AAC9-4596-9027-145286488424}
2010-12-20 18:10:40 -------- d-----w- C:\Program Files (x86)\Nikon
2010-12-20 18:10:40 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2010-12-16 02:34:10 -------- d-----w- C:\windows\en
2010-12-16 02:31:19 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2010-12-16 02:31:19 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2010-12-16 02:31:18 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2010-12-16 02:31:18 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2010-12-16 02:31:05 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49d6cd521cb9cc911\DSETUP.dll
2010-12-16 02:31:05 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49d6cd521cb9cc911\DXSETUP.exe
2010-12-16 02:31:05 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49d6cd521cb9cc911\dsetup32.dll
2010-12-16 02:31:04 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e19f961cb9cc910\DSETUP.dll
2010-12-16 02:31:04 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e19f961cb9cc910\DXSETUP.exe
2010-12-16 02:31:04 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e19f961cb9cc910\dsetup32.dll
2010-12-16 02:30:31 -------- d-----w- C:\Users\Business\AppData\Local\Windows Live
2010-12-16 02:30:00 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2010-12-16 02:30:00 206848 ----a-w- C:\windows\System32\mfps.dll
2010-12-16 02:30:00 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2010-12-16 02:30:00 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2010-12-16 02:30:00 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2010-12-16 02:29:59 4068864 ----a-w- C:\windows\System32\mf.dll
2010-12-16 02:29:59 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2010-12-09 06:29:33 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-09 06:29:33 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-11 20:13:57 552960 ----a-w- C:\windows\System32\msdri.dll
2010-11-11 20:13:54 288256 ----a-w- C:\windows\System32\MSNP.ax
2010-11-11 20:13:54 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
2010-11-11 20:13:40 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-11-11 20:13:40 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-11-11 20:13:40 2085376 ----a-w- C:\windows\System32\ole32.dll
2010-11-11 20:13:39 1413632 ----a-w- C:\windows\SysWow64\ole32.dll
2010-11-11 20:13:36 483840 ----a-w- C:\windows\System32\StructuredQuery.dll
2010-11-11 20:13:36 363520 ----a-w- C:\windows\SysWow64\StructuredQuery.dll
2010-11-11 20:12:22 148992 ----a-w- C:\windows\System32\t2embed.dll
2010-11-11 20:12:22 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2010-11-11 20:12:12 954752 ----a-w- C:\windows\SysWow64\mfc40.dll
2010-11-11 20:12:11 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll
2010-11-11 20:10:40 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2010-11-11 20:10:40 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2010-11-11 20:10:36 340992 ----a-w- C:\windows\System32\schannel.dll
2010-11-11 20:10:36 224256 ----a-w- C:\windows\SysWow64\schannel.dll
2010-11-11 20:10:33 633856 ----a-w- C:\windows\System32\comctl32.dll
2010-11-11 20:10:33 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2010-11-10 09:54:18 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2010-11-10 09:28:46 301936 ----a-w- C:\windows\WLXPGSS.SCR
2010-10-29 14:52:15 761856 ----a-w- C:\windows\SysWow64\xvidcore.dll
2010-10-29 14:52:15 180224 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2010-10-29 14:52:08 122880 ----a-r- C:\Users\Business\AppData\Roaming\Microsoft\Installer\{34C7E079-2B62-478F-88B2-E3EDACDE5078}\NewShortcut3_1.exe
2010-10-29 14:52:08 122880 ----a-r- C:\Users\Business\AppData\Roaming\Microsoft\Installer\{34C7E079-2B62-478F-88B2-E3EDACDE5078}\NewShortcut1.exe
2010-10-29 14:52:06 -------- d-----w- C:\Program Files (x86)\AVerVision
2010-10-20 03:25:07 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-20 03:25:07 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-20 03:25:06 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2010-10-20 03:25:06 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2010-10-20 03:24:45 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2010-10-20 03:24:45 236032 ----a-w- C:\windows\System32\srvsvc.dll
2010-10-02 19:27:01 243712 ----a-w- C:\windows\System32\drivers\ks.sys
2010-10-02 19:27:01 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2010-09-21 22:54:04 529280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 22:51:18 55704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 22:51:18 1129880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 22:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL
2010-09-21 22:49:00 419712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 22:49:00 290176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 22:49:00 2286976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2010-09-21 22:49:00 222592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2010-09-21 22:49:00 170880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2010-09-21 22:47:38 1558016 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 22:13:50 1564072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 22:08:38 439168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 22:06:02 853912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 22:06:02 57752 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 22:03:14 332160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 22:03:14 237952 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 22:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2010-09-21 22:03:14 145280 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2010-09-18 20:35:53 558592 ----a-w- C:\windows\System32\spoolsv.exe
2010-09-12 03:10:12 204259 ----a-w- C:\InformationalData.tmp
2010-09-12 03:10:12 12385 ----a-w- C:\DetectionData.tmp
2010-09-11 19:07:40 -------- d-----w- C:\Users\Business\AppData\Local\PackageAware
2010-08-31 04:08:42 861184 ----a-w- C:\windows\System32\oleaut32.dll
2010-08-31 04:08:42 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2010-08-31 04:08:28 52224 ----a-w- C:\windows\System32\rtutils.dll
2010-08-31 04:08:28 37376 ----a-w- C:\windows\SysWow64\rtutils.dll
2010-08-19 21:38:19 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2010-08-19 21:37:41 82944 ----a-w- C:\windows\SysWow64\iccvid.dll
2010-07-29 07:23:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-07-27 04:39:43 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-07-27 04:39:16 -------- d-----w- C:\Program Files (x86)\MSSOAP
2010-07-27 04:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2010-07-27 03:55:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-07-27 03:55:39 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-27 03:55:29 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-27 03:55:26 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-22 16:58:54 119160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL
2010-07-11 23:47:40 453456 ----a-w- C:\windows\SysWow64\d3dx10_41.dll
2010-07-11 23:47:40 1846632 ----a-w- C:\windows\SysWow64\D3DCompiler_41.dll
2010-07-10 01:47:15 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-07-10 01:47:01 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-10 01:46:42 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-10 01:46:37 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-02 12:09:58 -------- d-----w- C:\Users\Business\AppData\Local\Diagnostics
2010-06-24 22:39:23 -------- d-----w- C:\windows\SysWow64\spool
2010-06-24 22:35:07 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2010-06-24 22:35:01 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2010-06-24 22:14:36 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2010-06-24 22:14:36 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2010-06-24 22:14:36 48960 ----a-w- C:\windows\System32\netfxperf.dll
2010-06-24 22:14:36 444752 ----a-w- C:\windows\System32\mscoree.dll
2010-06-24 22:14:36 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2010-06-24 22:14:36 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2010-06-24 22:14:36 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2010-06-24 22:14:36 1942856 ----a-w- C:\windows\System32\dfshim.dll
2010-06-24 22:14:36 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2010-06-24 22:14:36 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2010-06-24 19:33:56 241984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
2010-06-24 19:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-06-24 16:29:46 -------- d-----w- C:\windows\SysWow64\Wat
2010-06-24 16:29:46 -------- d-----w- C:\windows\System32\Wat
2010-06-21 20:11:40 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-06-21 19:51:05 -------- d-----w- C:\Users\Business\AppData\Local\Adobe
2010-06-21 19:44:28 -------- d-----w- C:\Users\Business\AppData\Local\Google
2010-06-21 00:11:18 -------- d-----w- C:\Users\Business\AppData\Local\Microsoft Games
2010-06-21 00:02:56 -------- d-----w- C:\Users\Business\AppData\Local\Microsoft Help
2010-06-21 00:01:28 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-06-20 23:41:43 -------- d-----w- C:\Users\Business\AppData\Local\TOSHIBA_Corporation
2010-06-20 23:41:35 -------- d-----w- C:\Users\Business\AppData\Local\Best_Buy®
2010-06-20 23:38:08 -------- d-----w- C:\Users\Business\AppData\Roaming\Intel Corporation
2010-06-20 23:36:36 -------- d-----w- C:\Users\Business\AppData\Local\Toshiba
2010-06-20 23:35:25 -------- d-----w- C:\Users\Business\AppData\Local\VirtualStore
2010-06-20 23:35:23 220672 ----a-w- C:\windows\System32\wintrust.dll
2010-06-20 23:35:23 172032 ----a-w- C:\windows\SysWow64\wintrust.dll
2010-06-20 23:35:22 139264 ----a-w- C:\windows\System32\cabview.dll
2010-06-20 23:35:22 132608 ----a-w- C:\windows\SysWow64\cabview.dll
2010-06-20 23:34:54 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2010-06-20 23:34:23 -------- d-----w- C:\Users\Business\AppData\Roaming\WinBatch
2010-05-26 19:55:35 -------- d-----w- C:\windows\msdownld.tmp
2010-05-26 19:54:26 -------- d-----w- C:\ProgramData\Norton
2010-05-26 19:53:54 -------- d-----w- C:\ProgramData\NortonInstaller
2010-05-26 19:53:34 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2010-05-26 19:53:25 -------- d-----w- C:\ProgramData\Uninstall
2010-05-26 19:53:17 55280 ------w- C:\windows\System32\drivers\PxHlpa64.sys
2010-05-26 19:53:17 10224 ------w- C:\windows\System32\drivers\cdralw2k.sys
2010-05-26 19:53:17 10224 ------w- C:\windows\System32\drivers\cdr4_xp.sys
2010-05-26 19:53:16 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2010-05-26 19:53:16 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-05-26 19:53:11 -------- d-----w- C:\Program Files (x86)\Roxio
2010-05-26 19:51:49 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared
2010-05-26 19:51:46 482384 ----a-w- C:\windows\System32\drivers\tos_sps64.sys
2010-05-26 19:51:45 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2010-05-26 19:51:13 -------- d-----w- C:\Program Files\Dolby
2010-05-26 19:46:39 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2010-05-26 19:42:49 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2010-05-26 19:42:49 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2010-05-26 19:41:29 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2010-05-26 19:41:29 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2010-05-26 19:41:28 9216 ----a-w- C:\windows\System32\drivers\FwLnk.sys
2010-05-26 19:41:28 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-05-26 19:41:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-05-26 19:41:28 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-05-26 19:41:28 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-05-26 19:41:28 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-05-26 19:41:28 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-05-26 19:41:28 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-05-26 19:40:07 946688 ----a-w- C:\windows\System32\drivers\rtl8192se.sys
2010-05-26 19:40:06 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2010-05-26 19:39:24 -------- d-----w- C:\Program Files\Synaptics
2010-05-26 19:39:00 90112 ----a-w- C:\windows\System32\snymsico.dll
2010-05-26 19:39:00 81408 ----a-w- C:\windows\System32\drivers\risdpe64.sys
2010-05-26 19:39:00 60416 ----a-w- C:\windows\System32\drivers\rimspe64.sys
2010-05-26 19:39:00 55808 ----a-w- C:\windows\System32\drivers\rixdpe64.sys
2010-05-26 19:39:00 196608 ----a-w- C:\windows\System32\RiSDIcon.dll
2010-05-26 19:39:00 188416 ----a-w- C:\windows\System32\RiMMCIcon.dll
2010-05-26 19:39:00 172032 ----a-w- C:\windows\System32\rixdicon.dll
2010-05-26 19:39:00 -------- d-----w- C:\windows\SysWow64\sda
2010-05-26 19:38:26 97792 ----a-w- C:\windows\System32\RTNUninst64.dll
2010-05-26 19:38:26 67584 ----a-w- C:\windows\System32\RtNicProp64.dll
2010-05-26 19:38:26 236544 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2010-05-26 19:32:41 537112 ----a-w- C:\windows\System32\drivers\iaStor.sys
2010-05-26 19:27:47 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2010-05-26 19:27:43 -------- d-----w- C:\Intel
2010-05-26 19:27:42 56344 ----a-w- C:\windows\System32\drivers\HECIx64.sys
2010-05-26 19:25:59 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2010-03-18 21:27:14 827744 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2010-03-18 20:16:28 771424 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2009-12-12 22:02:27 -------- d-----w- C:\windows\Panther
2009-12-12 22:02:14 -------- d-sh--w- C:\Boot
2009-12-12 06:34:38 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2009-12-12 06:34:38 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2009-12-12 06:34:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2009-12-12 06:31:53 -------- d-----w- C:\windows\PCHEALTH
2009-12-12 06:29:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2009-12-12 06:28:01 -------- d-----w- C:\ProgramData\Partner
2009-12-12 06:24:50 40960 ----a-w- C:\windows\SysWow64\ToscmddN.dll
2009-12-12 06:24:50 102400 ----a-w- C:\windows\SysWow64\Tossps.scr
2009-12-12 06:24:49 77824 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2009-12-12 06:24:49 69632 ----a-w- C:\windows\SysWow64\TosOlkN.dll
2009-12-12 06:24:49 32768 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2009-12-12 06:24:49 24576 ----a-w- C:\windows\SysWow64\TosusrpN.dll
2009-12-12 06:24:49 225280 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2009-12-12 06:24:49 176128 ----a-r- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2009-12-12 06:24:48 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2009-12-12 06:24:34 140632 ----a-w- C:\windows\System32\TODDSrv.exe
2009-12-12 06:24:06 -------- d-----w- C:\Program Files (x86)\TOSHIBA
2009-12-12 06:22:41 -------- d-----w- C:\windows\Downloaded Installations
2009-12-12 06:22:35 -------- d-----w- C:\Program Files\TOSHIBA
2009-12-12 06:22:28 410984 ----a-w- C:\windows\SysWow64\deploytk.dll
2009-12-12 06:19:42 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2009-12-12 06:19:33 -------- d-----w- C:\Program Files\PlayReady
2009-12-12 06:19:29 -------- d-sh--w- C:\windows\Installer
2009-12-12 06:19:15 311808 ----a-w- C:\windows\System32\msv1_0.dll
2009-12-12 06:19:15 257024 ----a-w- C:\windows\SysWow64\msv1_0.dll
2009-12-12 06:19:06 46592 ----a-w- C:\windows\System32\msasn1.dll
2009-12-12 06:19:06 34816 ----a-w- C:\windows\SysWow64\msasn1.dll
2009-12-12 06:18:34 1975296 ----a-w- C:\windows\System32\CertEnroll.dll
2009-12-12 06:18:34 1320960 ----a-w- C:\windows\SysWow64\CertEnroll.dll
2009-11-14 00:45:54 166424 ----a-w- C:\windows\System32\igfxtray.exe
2009-11-14 00:45:52 510488 ----a-w- C:\windows\System32\igfxsrvc.exe
2009-11-14 00:45:50 408600 ----a-w- C:\windows\System32\igfxpers.exe
2009-11-14 00:45:48 222744 ----a-w- C:\windows\System32\igfxext.exe
2009-11-14 00:45:46 390168 ----a-w- C:\windows\System32\hkcmd.exe
2009-11-14 00:45:44 3125784 ----a-w- C:\windows\System32\GfxUI.exe
2009-11-14 00:45:40 152600 ----a-w- C:\windows\System32\difx64.exe
2009-10-30 18:27:46 91136 ----a-w- C:\windows\System32\igfxCoIn_v1986.dll
2009-10-30 18:23:16 7770048 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2009-10-30 18:23:10 5956608 ----a-w- C:\windows\System32\igdumd64.dll
2009-10-30 18:21:18 870544 ----a-w- C:\windows\SysWow64\igkrng575.bin
2009-10-30 18:21:18 870544 ----a-w- C:\windows\System32\igkrng575.bin
2009-10-30 18:21:18 50028 ----a-w- C:\windows\SysWow64\igfcg575m.bin
2009-10-30 18:21:18 50028 ----a-w- C:\windows\System32\igfcg575m.bin
2009-10-30 18:21:18 127896 ----a-w- C:\windows\SysWow64\igcompkrng575.bin
2009-10-30 18:21:18 127896 ----a-w- C:\windows\System32\igcompkrng575.bin
2009-10-30 18:15:00 4489216 ----a-w- C:\windows\SysWow64\igdumd32.dll
2009-10-30 18:06:22 550912 ----a-w- C:\windows\SysWow64\igdumdx32.dll
2009-10-30 18:02:02 4088320 ----a-w- C:\windows\System32\igd10umd64.dll
2009-10-30 17:56:20 3888640 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2009-10-30 17:49:46 5507584 ----a-w- C:\windows\System32\ig4dev64.dll
2009-10-30 17:49:12 8129024 ----a-w- C:\windows\System32\ig4icd64.dll
2009-10-30 17:37:52 4069888 ----a-w- C:\windows\SysWow64\ig4dev32.dll
2009-10-30 17:37:34 6060032 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2009-10-30 17:26:06 286208 ----a-w- C:\windows\System32\igfxrsky.lrc
2009-10-30 17:26:04 285696 ----a-w- C:\windows\System32\igfxrtrk.lrc
2009-10-30 17:26:04 285696 ----a-w- C:\windows\System32\igfxrslv.lrc
2009-10-30 17:26:04 285184 ----a-w- C:\windows\System32\igfxrtha.lrc
2009-10-30 17:26:02 286720 ----a-w- C:\windows\System32\igfxresn.lrc
2009-10-30 17:26:02 285696 ----a-w- C:\windows\System32\igfxrsve.lrc
2009-10-30 17:26:00 286208 ----a-w- C:\windows\System32\igfxrrus.lrc
2009-10-30 17:26:00 286208 ----a-w- C:\windows\System32\igfxrptg.lrc
2009-10-30 17:26:00 285696 ----a-w- C:\windows\System32\igfxrptb.lrc
2009-10-30 17:22:36 126976 ----a-w- C:\windows\System32\igfxcpl.cpl
2009-10-30 17:22:04 376832 ----a-w- C:\windows\System32\igfxTMM.dll
2009-10-30 17:22:04 246272 ----a-w- C:\windows\System32\igfxpph.dll
2009-10-30 17:21:58 27648 ----a-w- C:\windows\System32\igfxexps.dll
2009-10-30 17:21:28 61440 ----a-w- C:\windows\System32\igfxsrvc.dll
2009-10-30 17:20:44 108544 ----a-w- C:\windows\System32\hccutils.dll
2009-10-30 17:20:32 118784 ----a-w- C:\windows\System32\gfxSrvc.dll
2009-10-30 17:20:30 4096 ----a-w- C:\windows\System32\IGFXDEVLib.dll
2009-10-30 17:20:30 268800 ----a-w- C:\windows\System32\igfxdev.dll
2009-10-30 17:19:56 285184 ----a-w- C:\windows\System32\igfxrenu.lrc
2009-10-30 17:19:48 9014784 ----a-w- C:\windows\System32\igfxress.dll
2009-10-30 17:19:48 142336 ----a-w- C:\windows\System32\igfxdo.dll
2009-10-30 17:15:08 59392 ----a-w- C:\windows\SysWow64\oemdspif.dll
2009-10-30 17:13:36 226304 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2009-10-30 17:06:24 208896 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2009-10-30 17:06:24 208896 ----a-w- C:\windows\System32\iglhsip32.dll
2009-10-30 17:06:24 147456 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2009-10-30 17:06:24 147456 ----a-w- C:\windows\System32\iglhcp32.dll
2009-10-30 13:56:34 244736 ----a-w- C:\windows\System32\drivers\IntcDAud.sys
2009-10-30 13:56:14 14848 ----a-w- C:\windows\System32\IntcDAuC.dll
2009-10-26 19:39:44 151936 ----a-w- C:\windows\System32\drivers\Impcd.sys
2009-10-21 16:30:36 531520 ----a-w- C:\windows\System32\ThpSrv.exe
2009-10-16 03:11:26 307760 ----a-w- C:\windows\System32\drivers\SynTP.sys
2009-10-16 03:09:06 107816 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
2009-10-16 03:09:04 205608 ----a-w- C:\windows\System32\SynTPAPI.dll
2009-10-16 03:09:04 147752 ----a-w- C:\windows\System32\SynTPCo4.dll
2009-10-16 03:09:00 263464 ----a-w- C:\windows\System32\SynCtrl.dll
2009-10-16 03:09:00 206120 ----a-w- C:\windows\SysWow64\SynCtrl.dll
2009-10-16 03:08:58 396584 ----a-w- C:\windows\System32\SynCOM.dll
2009-10-16 03:08:58 173352 ----a-w- C:\windows\SysWow64\SynCOM.dll
2009-10-10 06:10:46 2594632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL
2009-09-23 12:19:20 6540136 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\OSETUP.DLL
2009-08-18 06:33:52 1193832 ----a-w- C:\windows\SysWow64\FM20.DLL
2009-08-07 16:49:36 1721576 ----a-w- C:\windows\System32\WdfCoInstaller01009.dll
2009-07-31 04:22:04 27784 ----a-w- C:\windows\System32\drivers\tdcmdpst.sys
2009-07-21 07:05:40 1348432 ----a-w- C:\windows\SysWow64\msxml4.dll
2009-07-14 22:31:18 26840 ----a-w- C:\windows\System32\drivers\TVALZ_O.SYS
2009-07-14 07:45:58 -------- d-----w- C:\Program Files\Windows Journal
2009-07-14 07:45:02 -------- d-----w- C:\windows\ShellNew
2009-07-14 07:45:02 -------- d-----w- C:\windows\ehome
2009-07-14 05:35:51 6144 ----a-w- C:\windows\System32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2009-07-14 05:32:38 -------- d-----w- C:\windows\twain_32
2009-07-14 05:12:52 -------- d-----w- C:\windows\System32\wbem\Performance
2009-07-14 05:08:56 -------- d-sh--we C:\Documents and Settings
2009-07-14 05:08:52 -------- d-----w- C:\windows\System32\wbem\MOF\good
2009-07-14 05:08:52 -------- d-----w- C:\windows\System32\wbem\MOF\bad
2009-07-14 04:53:24 -------- d-----w- C:\windows\System32\wbem\MOF
2009-07-14 04:45:50 -------- d---a-w- C:\windows\Setup
2009-07-14 04:45:47 -------- d-----w- C:\windows\ServiceProfiles
2009-07-14 04:45:42 -------- d-s---w- C:\windows\System32\Microsoft
.
==================== Find3M  ====================
.
2013-04-04 21:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2011-03-11 06:23:13 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-02-19 06:36:13 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-02-19 05:32:08 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-02-05 12:41:43 556928 ----a-w- C:\windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\windows\System32\winresume.exe
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-10-27 05:16:01 1739176 ----a-w- C:\windows\System32\ntdll.dll
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:40:22 1293120 ----a-w- C:\windows\SysWow64\ntdll.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll
.
============= FINISH:  0:59:27.16 ===============
 

 

Attach:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2010 4:33:35 PM
System Uptime: 7/3/2009 12:30:40 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | CPU | 917/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 405.112 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 7/2/2009 10:40:54 PM - Windows Update
RP104: 7/3/2009 12:38:44 AM - Windows Update
RP99: 6/24/2011 10:49:02 PM - Windows 7 Service Pack 1
RP100: 6/27/2011 3:54:44 PM - Restore Operation
RP101: 6/27/2011 4:23:14 PM - Installed PL-2303 USB-to-Serial
RP102: 9/1/2011 11:43:02 AM - Installed iTunes
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
AVerVision Software
Best Buy pc app
Bonjour
Compatibility Pack for the 2007 Office system
Connect
D3DX10
Dolby Control Center
Google Chrome
Google Chrome Frame
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 6 Update 14
Junk Mail filter update
kuler
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NEF Codec
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
PL-2303 USB-to-Serial
PlayReady PC Runtime amd64
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller  Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RealUpgrade 1.1
RICOH R5U230 Media Driver ver.2.06.03.02
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
StartNow Toolbar
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VideoLAN VLC media player 0.8.6f
Webroot SecureAnywhere
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/3/2009 12:37:21 AM, Error: Service Control Manager [7034]  - The Webroot Client Service service terminated unexpectedly.  It has done this 1 time(s).
7/3/2009 12:34:40 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/3/2009 12:34:40 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/3/2009 12:32:11 AM, Error: Service Control Manager [7034]  - The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
6/27/2011 3:56:54 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.
6/25/2011 11:18:20 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR5.
6/25/2011 11:16:44 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.

6/24/2011 11:27:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
6/20/2011 1:19:29 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/5/2011 12:34:10 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
5/30/2011 11:30:17 AM, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/30/2011 11:30:17 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer TAMIMJAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}. The master browser is stopping or an election is being forced.
5/30/2011 1:53:36 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer TARP2034 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}. The master browser is stopping or an election is being forced.
5/23/2011 10:46:53 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD} because another computer on the network has the same name.  The server could not start.
5/2/2011 12:49:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ehRecvr service.
4/29/2011 3:32:55 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer NOTEBOOK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF9B2E0B-1FF7-43F3-84BA-17D6AB3846DD}. The master browser is stopping or an election is being forced.
4/17/2011 10:17:38 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
4/13/2011 11:31:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/13/2011 11:31:18 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/12/2011 7:32:44 PM, Error: Schannel [36887]  - The following fatal alert was received: 47.
3/9/2011 12:15:49 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 10.60.1.84 with the system having network hardware address 60-33-4B-55-10-F5. Network operations on this system may be disrupted as a result.
3/8/2011 12:14:39 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2011 12:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2011 12:06:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2011 12:06:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2011 12:06:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2011 12:06:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2011 12:06:30 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/8/2011 12:06:17 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/11/2011 9:59:40 AM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/7/2011 12:44:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IAStorDataMgrSvc service.
2/23/2011 3:31:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
11/8/2010 5:40:11 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
.
==== End Of File ===========================
 

[freefaller345]

The date is off on my computer thats why they look old. Changing it now.

[MrCharlie]

If the time doesn't hold, you may have a dead cmos battery

-------------------------------------

Next:

Download and run unhide:

http://www.bleepingcomputer.com/download/unhide/

-------------------------------------

Next:

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[RUN][sUSP PATH] HKCU\[...]\Run : egoNuSIECuXAXgI ("C:\ProgramData\egoNuSIECuXAXgI.exe" [x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1421534910-2390365103-2924931255-1001\[...]\Run : egoNuSIECuXAXgI ("C:\ProgramData\egoNuSIECuXAXgI.exe" [x]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\windows\is-NKO8C.exe" /REG [-]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : InnoSetupRegFile.0000000002 ("C:\windows\is-UBSEL.exe" /REG [-]) -> FOUND

[HJ POL] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND

Now click Delete on the right hand column under Options

-------------

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[freefaller345]

Thanks, I believe it all worked properly.

 

 

Mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.23.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Business :: BUSINESS-PC [administrator]

6/23/2013 2:28:36 PM
mbar-log-2013-06-23 (14-28-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 243628
Time elapsed: 1 hour(s), 37 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

System Log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

Java version: 1.6.0_14

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 4084039680, free: 1279463424

Downloaded database version: v2013.06.23.06
Initializing...
------------ Kernel report ------------
     06/23/2013 14:28:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\SYSTEM32\Drivers\SSIDRV.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\pwipf6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdpe64.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\SYSTEM32\Drivers\SSFMONM.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c04060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800494d050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004c03060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8004925460, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800494d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 31AC024B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 951877632

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 954951680  Numsec = 21821440
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_954951680_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

 

Thanks again for your help!!

[MrCharlie]

OK....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[freefaller345]

OK, ran this Combofix.....the log is listed below- however....now te computer won't let me open Internet Explorer at all. It pretends to pop up then closes. ???

 

 

Combo log:

 

ComboFix 13-06-24.01 - Business 06/24/2013  14:23:39.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2445 [GMT -7:00]
Running from: c:\users\Business\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-24 to 2013-06-24  )))))))))))))))))))))))))))))))
.
.
2013-06-24 21:34 . 2013-06-24 21:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-24 21:27 . 2013-06-24 21:27    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FDCCD14-2825-4335-9D00-52C8E6B37F90}\offreg.dll
2013-06-24 19:51 . 2012-07-26 04:55    785512    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-06-24 19:51 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-06-24 19:51 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-24 19:51 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-06-24 19:23 . 2013-06-24 19:23    --------    d-----w-    c:\windows\system32\SPReview
2013-06-24 19:14 . 2012-12-16 16:52    46080    ----a-w-    c:\windows\system32\atmlib.dll
2013-06-24 19:14 . 2012-12-16 14:40    367616    ----a-w-    c:\windows\system32\atmfd.dll
2013-06-24 19:14 . 2012-12-16 14:25    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-06-24 19:14 . 2012-12-16 14:25    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2013-06-24 19:13 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-06-24 19:13 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-06-24 19:13 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-06-24 19:13 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-06-24 19:13 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2013-06-24 19:13 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-06-24 19:13 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-06-24 19:06 . 2013-06-24 19:06    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-06-24 18:58 . 2012-03-01 06:54    22896    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-06-24 18:58 . 2012-03-01 06:40    80896    ----a-w-    c:\windows\system32\imagehlp.dll
2013-06-24 18:58 . 2012-03-01 05:45    158720    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-06-24 18:58 . 2012-03-01 06:45    220672    ----a-w-    c:\windows\system32\wintrust.dll
2013-06-24 18:58 . 2012-03-01 06:35    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-06-24 18:58 . 2012-03-01 05:49    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-06-24 18:58 . 2012-03-01 05:40    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-06-23 22:09 . 2012-11-09 05:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-06-23 22:09 . 2012-11-09 04:49    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-06-23 22:09 . 2013-03-01 03:32    3150848    ----a-w-    c:\windows\system32\win32k.sys
2013-06-23 22:07 . 2012-06-09 05:30    14165504    ----a-w-    c:\windows\system32\shell32.dll
2013-06-23 22:06 . 2012-06-02 05:25    1462784    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-23 22:06 . 2012-06-02 05:25    182272    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-23 22:06 . 2012-06-02 05:25    140288    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-23 22:06 . 2012-06-02 04:45    139264    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-23 22:06 . 2012-06-02 04:45    1157632    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-23 22:06 . 2012-06-02 04:45    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-23 21:37 . 2013-06-17 09:10    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FDCCD14-2825-4335-9D00-52C8E6B37F90}\mpengine.dll
2013-06-23 21:37 . 2011-11-19 15:07    77312    ----a-w-    c:\windows\system32\packager.dll
2013-06-23 21:37 . 2011-11-19 14:06    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2013-06-23 21:36 . 2012-02-15 06:27    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2013-06-23 21:36 . 2012-02-15 05:44    826368    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2013-06-23 21:36 . 2012-02-15 04:47    204800    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2013-06-23 21:36 . 2012-02-15 04:46    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-06-23 21:28 . 2013-06-23 23:05    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 23:18 . 2010-06-24 19:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-03 00:11 . 2010-06-24 22:16    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-02 09:06 . 2010-06-21 00:01    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 21:50 . 2009-07-03 07:13    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 22:06    764296    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-11 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2009-07-03 742408]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-11-18 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2009-07-03 07:41    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 20:04]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 20:04]
.
2013-06-24 c:\windows\Tasks\ReclaimerUpdateFiles_Business.job
- c:\users\Business\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23 23:18]
.
2013-06-24 c:\windows\Tasks\ReclaimerUpdateXML_Business.job
- c:\users\Business\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23 23:18]
.
2013-06-24 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Business.job
- c:\users\Business\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23 23:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2009-07-03 07:36    104360    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2009-07-03 07:36    104360    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2009-07-03 07:36    104360    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2009-07-03 07:36    104360    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-24  15:20:56
ComboFix-quarantined-files.txt  2013-06-24 22:20
ComboFix2.txt  2013-06-24 20:41
.
Pre-Run: 437,968,588,800 bytes free
Post-Run: 437,703,806,976 bytes free
.
- - End Of File - - B978995F8DDBE9773BCB24EADFCDB7AA
D41D8CD98F00B204E9800998ECF8427E
 

[MrCharlie]

Have you rebooted the computer?? MrC

[freefaller345]

Yes. I also completely got rid of webroot as some of it wouldnt turn off for the scan. so i ran the combo again and the report below is the result of that:

 

 

ComboFix 13-06-24.01 - Business 06/24/2013  15:41:37.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2080 [GMT -7:00]
Running from: c:\users\Business\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\WRusr.dll-4951580-1.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-24 to 2013-06-24  )))))))))))))))))))))))))))))))
.
.
2013-06-24 22:46 . 2013-06-24 22:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-24 21:27 . 2013-06-24 21:27    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FDCCD14-2825-4335-9D00-52C8E6B37F90}\offreg.dll
2013-06-24 19:51 . 2012-07-26 04:55    785512    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-06-24 19:51 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-06-24 19:51 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-24 19:51 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-06-24 19:23 . 2013-06-24 19:23    --------    d-----w-    c:\windows\system32\SPReview
2013-06-24 19:14 . 2012-12-16 16:52    46080    ----a-w-    c:\windows\system32\atmlib.dll
2013-06-24 19:14 . 2012-12-16 14:40    367616    ----a-w-    c:\windows\system32\atmfd.dll
2013-06-24 19:14 . 2012-12-16 14:25    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-06-24 19:14 . 2012-12-16 14:25    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2013-06-24 19:13 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-06-24 19:13 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-06-24 19:13 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-06-24 19:13 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-06-24 19:13 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2013-06-24 19:13 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-06-24 19:13 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-06-24 19:06 . 2013-06-24 19:06    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-06-24 18:58 . 2012-03-01 06:54    22896    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-06-24 18:58 . 2012-03-01 06:40    80896    ----a-w-    c:\windows\system32\imagehlp.dll
2013-06-24 18:58 . 2012-03-01 05:45    158720    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-06-24 18:58 . 2012-03-01 06:45    220672    ----a-w-    c:\windows\system32\wintrust.dll
2013-06-24 18:58 . 2012-03-01 06:35    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-06-24 18:58 . 2012-03-01 05:49    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-06-24 18:58 . 2012-03-01 05:40    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-06-23 22:09 . 2012-11-09 05:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-06-23 22:09 . 2012-11-09 04:49    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-06-23 22:09 . 2013-03-01 03:32    3150848    ----a-w-    c:\windows\system32\win32k.sys
2013-06-23 22:07 . 2012-06-09 05:30    14165504    ----a-w-    c:\windows\system32\shell32.dll
2013-06-23 22:06 . 2012-06-02 05:25    1462784    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-23 22:06 . 2012-06-02 05:25    182272    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-23 22:06 . 2012-06-02 05:25    140288    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-23 22:06 . 2012-06-02 04:45    139264    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-23 22:06 . 2012-06-02 04:45    1157632    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-23 22:06 . 2012-06-02 04:45    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-23 21:37 . 2013-06-17 09:10    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FDCCD14-2825-4335-9D00-52C8E6B37F90}\mpengine.dll
2013-06-23 21:37 . 2011-11-19 15:07    77312    ----a-w-    c:\windows\system32\packager.dll
2013-06-23 21:37 . 2011-11-19 14:06    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2013-06-23 21:36 . 2012-02-15 06:27    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2013-06-23 21:36 . 2012-02-15 05:44    826368    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2013-06-23 21:36 . 2012-02-15 04:47    204800    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2013-06-23 21:36 . 2012-02-15 04:46    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-06-23 21:28 . 2013-06-23 23:05    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 23:18 . 2010-06-24 19:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-03 00:11 . 2010-06-24 22:16    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-02 09:06 . 2010-06-21 00:01    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 21:50 . 2009-07-03 07:13    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 22:06    764296    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-03-11 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-11-18 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2009-07-03 07:41    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 20:04]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 20:04]
.
2013-06-24 c:\windows\Tasks\ReclaimerUpdateFiles_Business.job
- c:\users\Business\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23 23:18]
.
2013-06-24 c:\windows\Tasks\ReclaimerUpdateXML_Business.job
- c:\users\Business\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23 23:18]
.
2013-06-24 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Business.job
- c:\users\Business\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23 23:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-24  15:48:42
ComboFix-quarantined-files.txt  2013-06-24 22:48
ComboFix2.txt  2013-06-24 22:21
ComboFix3.txt  2013-06-24 20:41
.
Pre-Run: 437,577,318,400 bytes free
Post-Run: 437,516,984,320 bytes free
.
- - End Of File - - 8E8F7AE4F744A8609DF022ED54781F81
D41D8CD98F00B204E9800998ECF8427E
 

[MrCharlie]

OK...Next:

Please download AdwCleaner from here and save it on your Desktop.

 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

• Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
• Now click on the Search tab.
• Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[freefaller345]

Here is the adware log, don't see anything I particulary need- havent used this computer in a while:

 

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 20:39:15
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Business - BUSINESS-PC
# Boot Mode : Normal
# Running from : C:\Users\Business\Desktop\adwcleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Business\AppData\Local\PackageAware
Folder Found : C:\Users\Business\AppData\LocalLow\AskToolbar
Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1421534910-2390365103-2924931255-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4074 octets] - [24/06/2013 20:39:15]

########## EOF - C:\AdwCleaner[R1].txt - [4134 octets] ##########
 

[MrCharlie]

It's all adware......

Lots of adware found....lets clear it out.....

• Please re-run AdwCleaner
• Click on Delete button.
• Confirm each time with OK if asked.
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[freefaller345]

Adware:

 

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 23:40:54
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Business - BUSINESS-PC
# Boot Mode : Normal
# Running from : C:\Users\Business\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Business\AppData\Local\PackageAware
Folder Deleted : C:\Users\Business\AppData\LocalLow\AskToolbar
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Business\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4189 octets] - [24/06/2013 20:39:15]
AdwCleaner[s1].txt - [4059 octets] - [25/06/2013 23:40:54]

########## EOF - C:\AdwCleaner[s1].txt - [4119 octets] ##########
 

 

 

Checkup:

 

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 14  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 14.0.835.163  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 

 

 

Right now the Internet explorer is still not working on the other computer, so am using a flash drive to put all the logs online. No matter what I try the internet won't come up. Sorry it took me 2 days to respond.

[MrCharlie]

Reset IE and let me know:

 

http://www.mostiwant.com/blog/reset-internet-explorer-7-8-9-settings/

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Windows 7  x64 (UAC is enabled)  

Out of date service pack!! <---check Windows Update for this

 

-------------------------------------------------------

 

 Java™ 6 Update 14  <---please uninstall from add/remove programs and any other Java listed

 

 Java version out of Date! <-------Download and install the latest version from Here

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

 

------------------------------------------------------

 

 Adobe Flash Player 10 Flash Player out of Date! <---please check for an update, should be located in your control panel

 

--------------------------------------------------------

 

 Adobe Reader 9 Adobe Reader out of Date!  <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

 

----------------------------------------------------

 

Google Chrome 14.0.835.163 <-----OLD

Google Chrome 27.0.1453.116 <-----OK

 

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

A little clean up to do....

 

Please Uninstall ComboFix: (if you used it)

 

Press the Windows logo key + R to bring up the "run box"

 

Copy and paste next command in the field:

 

ComboFix /uninstall

 

Make sure there's a space between Combofix and /

 

 

Then hit enter.

This will uninstall Combofix, delete its related folders and files,  hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

 

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

 

---------------------------------

 

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

 

-------------------------------

 

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

 

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

 

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

 

-------------------------------

 

Any questions...please post back.

 

If you think I've helped you, please leave a comment > click on my  avatar picture > click Profile Feed.

 

Take a look at My Preventive Maintenance to avoid being infected again.

 

Good Luck and Thanks for using the forum,  MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!