Browser Hijack - Quick-Quote-Insurance

Posted 7/14/2011 8:23 PM
#91918
User avatar

wezzer Member

Date Joined Nov 2016
Total Posts: 2
Hi Everyone, <br/> <br/>Would love some help on this one. I recently have a browser hijcak which boots Firefox or any browser into a homepage saying Quick-Quote-Insurance. <br/>I've noticed a folder gets created in c:Programs called Microsoft, nothing in it when you open it but it seems to have something which takes 386 KB and 4 files (not showing). <br/>It also installs a run svhost file when I check with HiJackthis which seems to piont to this odd folder. I've added the HiJackthis report. HJ does 'fix' this for a short time, usually 2 boots and then it all comes back with the browser change at the top of the report. <br/> <br/>Hope someone can help with this please, been stuck with it for a while now. <br/> <br/> <br/>Thanks, Rob <br/> <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 21:22:10, on 14/07/2011 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>c:\program files\idt\wdm\stacsv.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\WINDOWS\system32\FsUsbExService.Exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\NLSSRV32.EXE <br/>C:\Program Files\Norton Ghost\Agent\VProSvc.exe <br/>C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe <br/>C:\Program Files\Ralink\Common\RaRegistry.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe <br/>C:\WINDOWS\system32\SearchIndexer.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\WINDOWS\system32\NWTRAY.EXE <br/>C:\Program Files\IDT\WDM\sttray.exe <br/>C:\WINDOWS\system32\hkcmd.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe <br/>H:\Anarchy Online\ItemAssistant.exe <br/>H:\Anarchy Online\client.exe <br/>C:\WINDOWS\system32\NOTEPAD.EXE <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Mozilla Firefox\plugin-container.exe <br/>C:\Program Files\Java\jre6\bin\java.exe <br/>C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quick-quote-insurance.com <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quick-quote-insurance.com <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe <br/>O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE <br/>O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [svhost] "C:\Program Files\Microsoft\svhost.exe" <br/>O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') <br/>O4 - Startup: Windows Update.lnk = C:\Program Files\WindowsUpdate\WindowsUpdate.exe <br/>O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\home\Application Data\FlashGetBHO\GetAllUrl.htm <br/>O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\home\Application Data\FlashGetBHO\GetUrl.htm <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll <br/>O15 - Trusted Zone: http://software.kuaiche.com <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275572525109 <br/>O16 - DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} (ePenClientSpec.ucEPenClientspec) - http://downloads.exam2score.com/ePenClientSpec.ocx <br/>O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <br/>O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe <br/>O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe <br/>O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe <br/>O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE <br/>O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe <br/>O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/>O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe <br/>O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\stacsv.exe <br/>O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe <br/>O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe <br/>O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe <br/> <br/>-- <br/>End of file - 7957 bytes
Posted 7/15/2011 6:01 AM
#91919
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Run Hijackthis again and checkmark these entries and click "Fix checked" button. <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quick-quote-insurance.com <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quick-quote-insurance.com <br/>O4 - HKLM\..\Run: [svhost] "C:\Program Files\Microsoft\svhost.exe" <br/>O4 - Startup: Windows Update.lnk = C:\Program Files\WindowsUpdate\WindowsUpdate.exe <br/> <br/>Hijackthis doesn't delete files so you would need to manually delete some files/folders, or just run another scanner like MalwareBytes or ComboFix. <br/> <br/>Malwarebytes <br/>http://www.malwarebytes.org/mbam-download.php <br/> <br/>Also good to run RogueKiller before running MalwareBytes so rogue processes are killed. <br/>RogueKiller: <br/>http://www.geekstogo.com/forum/files/file/413-roguekiller/ <br/>For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe <br/> <br/> <br/>If the problem persists, download ComboFix by sUBs: <br/>http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/>STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. <br/>Double click combofix.exe & follow the prompts. <br/>When finished, it will produce a log. Please save that log and attach it in your next reply. <br/>Note: <br/>Do not mouse-click combofix's window while it is running. That may cause it to stall. <br/> <br/>ComboFix tutorial: <br/>http://www.bleepingcomputer.com/combofix/how-to-use-combofix <br/> <br/> <br/>Show us the logfiles.
* You may pm me if you're still waiting for my follow-up post.
Posted 7/24/2011 7:37 AM
#91971
User avatar

wezzer Member

Date Joined Nov 2016
Total Posts: 2
Hi There, <br/> <br/>Just wanted to say I did what you suggested and it's worked brilliantly! I think the Combofix did the trick but Rogue also did a couple of things. This was a tenacious hijack and it's lovely it's gone, thanks for your help.
Posted 7/24/2011 1:25 PM
#91972
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Hi wezzer, <br/> <br/>Glad to know that the issue has been resolved. <br/> <br/>For future reference, we would like to see the logs specially the ComboFix log. ComboFix will not automatically remove bad files in its first run and that's when we use its script function to remove what's left. <br/> <br/>To uninstall Combofix: <br/>Go to Start > Run and 'copy and paste' next command in the field: <br/> <br/> <br/>ComboFix /Uninstall <br/> <br/> <br/>Thank you for using BullGuard forum, :)
* You may pm me if you're still waiting for my follow-up post.
Posted 7/31/2011 12:12 AM
#92022
User avatar

Kurtis1991 Member

Date Joined Nov 2016
Total Posts: 2
I just got this today, and I'm almost certain it was after a apparent windowsupdate... <br/>I've followed most of what the moderator has instructed, such as the "fix" in Hijackthis of the quickquoteinsurance selection but it still shows but I am not sure if Combofix worked properly due to Norton Internet security being able to close down completely through my knowledge. <br/> <br/>I'm going to do the same as Wezzer and post the HiJackthis results to hopefully see if someone can aid me as this a really annoying. <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 01:09:00, on 31/07/2011 <br/>Platform: Windows 7 SP1 (WinNT 6.00.3505) <br/>MSIE: Internet Explorer v8.00 (8.00.7601.17514) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Users\Kurtis\Local Settings\Apps\F.lux\flux.exe <br/>C:\Users\Kurtis\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe <br/>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe <br/>C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe <br/>C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe <br/>C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\windows\SysWOW64\rundll32.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Users\Kurtis\AppData\Local\Google\Chrome\Application\chrome.exe <br/>C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) <br/>O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll <br/>O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll <br/>O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll <br/>O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll <br/>O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL <br/>O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray <br/>O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun <br/>O4 - HKCU\..\Run: [F.lux] "C:\Users\Kurtis\Local Settings\Apps\F.lux\flux.exe" /noshow <br/>O4 - HKUS\S-1-5-21-1968023967-1474757317-2303316530-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-21-1968023967-1474757317-2303316530-1000\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-21-1968023967-1474757317-2303316530-1000\..\Run: [] (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-21-1968023967-1474757317-2303316530-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') <br/>O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user') <br/>O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') <br/>O4 - Startup: CurseClientStartup.ccip <br/>O4 - Startup: Dropbox.lnk = Kurtis\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kurtis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm <br/>O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O15 - Trusted Zone: *.line6.net <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL <br/>O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe <br/>O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe <br/>O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe <br/>O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe <br/>O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) <br/>O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) <br/>O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) <br/>O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) <br/>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe <br/>O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe <br/>O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing) <br/>O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe <br/>O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing) <br/>O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe <br/>O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe <br/>O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe <br/>O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe <br/>O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/> <br/>-- <br/>End of file - 13544 bytes <br/> <br/> <br/>Thanks, Kurtis
Posted 7/31/2011 12:39 AM
#92023
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
It would've been better if you started your own thread, but anyway when running ComboFix you need to turn off Norton's realtime shield so it won't interfere combofix scan. have you also tried uninstalling the updates that you think had caused it. <br/>Have you already run comboFix? Can you post the log here? <br/> <br/>If your System Restore is enabled, have you tried using that first and see then scan the system afterwards. <br/> <br/>If you run combofix please post back the log. <br/> <br/>You can also try TDSSKiller if the problem persists. <br/>TDSSKiller: <br/>http://support.kaspersky.com/viruses/solutions?qid=208280684
* You may pm me if you're still waiting for my follow-up post.
Posted 7/31/2011 2:30 AM
#92024
User avatar

Kurtis1991 Member

Date Joined Nov 2016
Total Posts: 2
Sorry about that. <br/> <br/>I'll also try the system restore and the the Kaspersky link. <br/> <br/>Here is the Combofix log: <br/> <br/>ComboFix 11-07-31.01 - Kurtis 31/07/2011 3:03.2.8 - x64 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4027.1589 [GMT 1:00] <br/>Running from: c:\users\Kurtis\Desktop\ComboFix.exe <br/>AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} <br/>FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} <br/>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\users\Kurtis\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3650.dll <br/>c:\users\Kurtis\AppData\Local\Temp\swtlib-32\swt-win32-3650.dll <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-07-31 02:12 . 2011-07-31 02:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp <br/>2011-07-31 02:12 . 2011-07-31 02:12 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2011-07-31 00:22 . 2011-07-31 00:22 -------- d-----w- c:\users\Kurtis\AppData\Local\THQ <br/>2011-07-31 00:22 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll <br/>2011-07-31 00:22 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll <br/>2011-07-31 00:22 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll <br/>2011-07-31 00:22 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll <br/>2011-07-31 00:22 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll <br/>2011-07-30 23:38 . 2011-07-30 23:57 -------- d-----w- c:\users\Kurtis\AppData\Local\NPE <br/>2011-07-30 21:52 . 2011-07-30 21:52 388096 ----a-r- c:\users\Kurtis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe <br/>2011-07-30 21:52 . 2011-07-30 21:52 -------- d-----w- c:\program files (x86)\Trend Micro <br/>2011-07-30 15:19 . 2011-07-30 15:19 -------- d-----w- c:\users\Kurtis\AppData\Local\ElevatedDiagnostics <br/>2011-07-29 15:15 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll <br/>2011-07-29 15:13 . 2011-07-30 17:43 -------- d-----w- c:\program files (x86)\Microsoft <br/>2011-07-24 18:43 . 2011-07-24 19:34 -------- d-----w- c:\users\Kurtis\AppData\Roaming\Systweak <br/>2011-07-24 18:42 . 2011-07-07 12:26 18816 ----a-w- c:\windows\system32\roboot64.exe <br/>2011-07-22 17:22 . 2011-07-22 17:22 -------- d-----w- c:\users\Kurtis\AppData\Roaming\HPAppData <br/>2011-07-21 17:06 . 2011-07-21 17:07 -------- d-----w- c:\program files\iTunes <br/>2011-07-21 17:06 . 2011-07-21 17:06 -------- d-----w- c:\program files\iPod <br/>2011-07-21 17:04 . 2011-07-21 17:04 -------- d-----w- c:\program files\Bonjour <br/>2011-07-21 17:04 . 2011-07-21 17:04 -------- d-----w- c:\program files (x86)\Bonjour <br/>2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe <br/>2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll <br/>2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll <br/>2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll <br/>2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe <br/>2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll <br/>2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll <br/>2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll <br/>2011-07-06 17:08 . 2011-07-30 23:53 -------- d-----r- c:\users\Kurtis\Dropbox <br/>2011-07-06 17:06 . 2011-07-30 23:53 -------- d-----w- c:\users\Kurtis\AppData\Roaming\Dropbox <br/>2011-07-06 14:14 . 2011-07-06 14:14 -------- d-----w- c:\program files (x86)\Apple Software Update <br/>2011-07-02 21:55 . 2011-07-02 22:19 -------- d-----w- c:\program files (x86)\SpeedFan <br/>2011-07-01 19:42 . 2011-07-01 19:42 -------- d-----w- c:\program files (x86)\Common Files\Java <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2011-07-11 14:21 . 2010-12-11 11:30 6656 ----a-w- c:\windows\system32\bcmwlrc.dll <br/>2011-07-06 18:52 . 2010-12-26 18:54 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys <br/>2011-07-06 18:52 . 2010-12-26 18:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2011-06-16 11:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll <br/>2011-06-16 11:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll <br/>2011-06-03 05:57 . 2011-07-13 18:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll <br/>2011-05-28 16:25 . 2011-01-09 15:15 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS <br/>2011-05-28 03:30 . 2011-06-15 20:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb <br/>2011-05-28 02:53 . 2011-06-15 20:25 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb <br/>2011-05-24 11:42 . 2011-06-29 11:14 404480 ----a-w- c:\windows\system32\umpnpmgr.dll <br/>2011-05-24 10:40 . 2011-06-29 11:14 64512 ----a-w- c:\windows\SysWow64\devobj.dll <br/>2011-05-24 10:40 . 2011-06-29 11:14 44544 ----a-w- c:\windows\SysWow64\devrtl.dll <br/>2011-05-24 10:39 . 2011-06-29 11:14 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll <br/>2011-05-24 10:37 . 2011-06-29 11:14 252928 ----a-w- c:\windows\SysWow64\drvinst.exe <br/>2011-05-15 15:19 . 2011-05-15 15:19 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2011-05-10 07:06 . 2011-05-10 07:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys <br/>2011-05-10 07:06 . 2011-05-10 07:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll <br/>2011-05-04 05:25 . 2011-06-29 11:14 2315776 ----a-w- c:\windows\system32\tquery.dll <br/>2011-05-04 05:22 . 2011-06-29 11:14 2223616 ----a-w- c:\windows\system32\mssrch.dll <br/>2011-05-04 05:22 . 2011-06-29 11:14 778752 ----a-w- c:\windows\system32\mssvp.dll <br/>2011-05-04 05:22 . 2011-06-29 11:14 491520 ----a-w- c:\windows\system32\mssph.dll <br/>2011-05-04 05:22 . 2011-06-29 11:14 288256 ----a-w- c:\windows\system32\mssphtb.dll <br/>2011-05-04 05:22 . 2011-06-29 11:14 75264 ----a-w- c:\windows\system32\msscntrs.dll <br/>2011-05-04 05:19 . 2011-06-29 11:14 591872 ----a-w- c:\windows\system32\SearchIndexer.exe <br/>2011-05-04 05:19 . 2011-06-29 11:14 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe <br/>2011-05-04 05:19 . 2011-06-29 11:14 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe <br/>2011-05-04 04:34 . 2011-06-29 11:14 1549312 ----a-w- c:\windows\SysWow64\tquery.dll <br/>2011-05-04 04:32 . 2011-06-29 11:14 666624 ----a-w- c:\windows\SysWow64\mssvp.dll <br/>2011-05-04 04:32 . 2011-06-29 11:14 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll <br/>2011-05-04 04:32 . 2011-06-29 11:14 337408 ----a-w- c:\windows\SysWow64\mssph.dll <br/>2011-05-04 04:32 . 2011-06-29 11:14 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll <br/>2011-05-04 04:32 . 2011-06-29 11:14 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll <br/>2011-05-04 04:28 . 2011-06-29 11:14 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe <br/>2011-05-04 04:28 . 2011-06-29 11:14 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe <br/>2011-05-04 04:28 . 2011-06-29 11:14 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe <br/>2011-05-04 03:52 . 2011-01-24 17:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll <br/>2011-05-03 05:29 . 2011-06-15 20:24 976896 ----a-w- c:\windows\system32\inetcomm.dll <br/>2011-05-03 04:30 . 2011-06-15 20:24 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((( SnapShot@2011-07-30_15.23.46 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2010-05-05 16:37 . 2011-07-31 02:17 67826 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin <br/>+ 2009-07-14 05:10 . 2011-07-31 02:17 43866 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin <br/>+ 2010-12-11 13:23 . 2011-07-31 02:17 17238 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1968023967-1474757317-2303316530-1002_UserData.bin <br/>- 2010-12-11 13:20 . 2011-07-30 14:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>+ 2010-12-11 13:20 . 2011-07-30 23:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>- 2010-12-11 13:20 . 2011-07-30 14:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat <br/>+ 2010-12-11 13:20 . 2011-07-30 23:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat <br/>+ 2010-12-11 13:20 . 2011-07-30 23:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>- 2010-12-11 13:20 . 2011-07-30 14:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>- 2010-12-11 13:18 . 2011-07-30 15:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>+ 2010-12-11 13:18 . 2011-07-31 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat <br/>- 2010-12-11 13:18 . 2011-07-30 15:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>+ 2010-12-11 13:18 . 2011-07-31 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll <br/>+ 2010-12-11 16:10 . 2011-07-30 15:38 6210 c:\windows\system32\wdi\ERCQueuedResolutions.dat <br/>- 2011-07-30 15:22 . 2011-07-30 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat <br/>+ 2011-07-31 02:14 . 2011-07-31 02:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat <br/>+ 2011-07-31 02:14 . 2011-07-31 02:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat <br/>- 2011-07-30 15:22 . 2011-07-30 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat <br/>+ 2009-07-14 05:01 . 2011-07-31 02:13 353820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat <br/>- 2009-07-14 05:01 . 2011-07-30 14:19 353820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll <br/>- 2010-12-11 21:30 . 2011-07-18 02:08 3542832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1968023967-1474757317-2303316530-1002-8192.dat <br/>+ 2010-12-11 21:30 . 2011-07-31 02:13 3542832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1968023967-1474757317-2303316530-1002-8192.dat <br/>+ 2011-07-30 21:50 . 2011-07-30 21:50 1402880 c:\windows\Installer\cf9208.msi <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>+ 2011-07-31 00:21 . 2011-07-31 00:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>- 2011-06-30 23:52 . 2011-06-30 23:52 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll <br/>. <br/>-- Snapshot reset to current date -- <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 94208 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 94208 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 94208 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] <br/>"F.lux"="c:\users\Kurtis\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256] <br/>"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112] <br/>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] <br/>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] <br/>"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] <br/>. <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] <br/>. <br/>c:\users\Kurtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>CurseClientStartup.ccip [2011-6-26 0] <br/>Dropbox.lnk - c:\users\Kurtis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] <br/>. <br/>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 5 (0x5) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>"EnableLinkedConnections"= 1 (0x1) <br/>. <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] <br/>Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] <br/>@="" <br/>. <br/>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] <br/>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] <br/>R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x] <br/>R3 ALSysIO;ALSysIO;c:\users\Kurtis\AppData\Local\Temp\ALSysIO64.sys [x] <br/>R3 L6KB37;Service - Line 6 KB37;c:\windows\system32\Drivers\L6KB3764.sys [x] <br/>R3 L6PODLV;PODxt Live Service;c:\windows\system32\Drivers\L6PODLV64.sys [x] <br/>R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [x] <br/>R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [x] <br/>R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [x] <br/>R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [x] <br/>R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] <br/>R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] <br/>R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] <br/>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] <br/>S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] <br/>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x] <br/>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x] <br/>S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x] <br/>S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x] <br/>S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] <br/>S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096] <br/>S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110729.030\IDSvia64.sys [2011-07-07 488056] <br/>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x] <br/>S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x] <br/>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] <br/>S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] <br/>S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] <br/>S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440] <br/>S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720] <br/>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] <br/>S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008] <br/>S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200] <br/>S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368] <br/>S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] <br/>S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] <br/>S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] <br/>S3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [x] <br/>S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] <br/>S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x] <br/>S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x] <br/>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824] <br/>S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] <br/>S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] <br/>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] <br/>S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] <br/>S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] <br/>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] <br/>S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] <br/>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968023967-1474757317-2303316530-1002Core.job <br/>- c:\users\Kurtis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 13:37] <br/>. <br/>2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968023967-1474757317-2303316530-1002UA.job <br/>- c:\users\Kurtis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 13:37] <br/>. <br/>. <br/>--------- x86-64 ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 97792 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 97792 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 97792 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] <br/>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-02-18 05:12 97792 ----a-w- c:\users\Kurtis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200] <br/>"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU] <br/>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560] <br/>"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032] <br/>"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] <br/>"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] <br/>"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 <br/>IE: Free YouTube to MP3 Converter - c:\users\Kurtis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm <br/>Trusted Zone: line6.net <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>Toolbar-Locked - (no file) <br/>. <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] <br/>"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] <br/>@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.10" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker3" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] <br/>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, <br/> 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>c:\program files (x86)\Bonjour\mDNSResponder.exe <br/>c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe <br/>c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe <br/>c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe <br/>c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2011-07-31 03:22:48 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2011-07-31 02:22 <br/>ComboFix2.txt 2011-07-30 15:30 <br/>. <br/>Pre-Run: 125,848,784,896 bytes free <br/>Post-Run: 125,551,075,328 bytes free <br/>. <br/>- - End Of File - - CA9E482812E5BC45D84A05BA453B5F81
Posted 3/19/2013 9:15 PM
#95262
User avatar

Advanced member

Here is a guide that you can follow to remove any toolbars, add-ons, extensions, from your browser and computer: <br/>http://www.bullguard.com/support/tech-guides/how-to-remove-browser-toolbars.aspx <br/> <br/>And this is how you can reset the internet options (these govern the way your browsers connect to the internet): <br/>http://support.microsoft.com/kb/923737
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 5:02 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.