Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google redirect malware

Unread postby pgmigg » July 13th, 2011, 6:22 pm

Hello flashwaawoo,

Good job, thank you!

If you see that some logs are too long to include them to one post, you can post them separately. There are no limits to number of posts.
Please do not attach logs!

We can see some progress after initial ComboFix running. There are set of your next instructions which you should printout firstly, because you will not have Internet access during ComboFix execution:

Step 1.
ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    DirLook::
    C:\Users\Laptop\AppData\Local\{DCE6C8D1-FC3B-4B74-B613-891B0D6D2B5E}
    
    File::
    C:\Windows\System32\8EF8.tmp
    C:\Windows\System32\344A.tmp
    C:\Windows\System32\9AAA.tmp
    C:\Windows\System32\DBFC.tmp
    
    Folder::
    C:\Users\Laptop\AppData\Roaming\AVG
    C:\Program Files (x86)\Sophos
    C:\$AVG
    C:\ProgramData\avg9
    
    DDS::
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    BHO-X64:     URLRedirectionBHO - No File
    
    Driver::
    MEMSWEEP2
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
    Please copy/paste the ComboFix log file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of ComboFix log file.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Google redirect malware

Unread postby flashwaawoo » July 14th, 2011, 3:44 am

A. No problems with the instructions. I was a bit worried when conbofix finished because nothing worked after the reboot. I kept getting a registry error. I rebooted and it seems fine.
B.

ComboFix 11-07-13.04 - Laptop 14/07/2011 19:17:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8106.5801 [GMT 12:00]
Running from: c:\users\Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Laptop\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\344A.tmp"
"c:\windows\System32\8EF8.tmp"
"c:\windows\System32\9AAA.tmp"
"c:\windows\System32\DBFC.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\$avg\$VAULT\V_00000010.fil
c:\$avg\$VAULT\vvfolder.idx
c:\program files (x86)\Sophos
c:\programdata\avg9
c:\programdata\avg9\AvgAm\avgam.lck
c:\programdata\avg9\Cfg\changecfgreg.cfg
c:\programdata\avg9\Cfg\csl.cfg
c:\programdata\avg9\Cfg\krnl.cfg
c:\programdata\avg9\Cfg\mail.cfg
c:\programdata\avg9\Cfg\malrep.cfg
c:\programdata\avg9\Cfg\scan.cfg
c:\programdata\avg9\Cfg\sched.cfg
c:\programdata\avg9\Cfg\update.cfg
c:\programdata\avg9\Cfg\user.cfg
c:\programdata\avg9\CfgAll\falsealarm.cfg
c:\programdata\avg9\CfgAll\srmall.cfg
c:\programdata\avg9\CfgAll\updateall.cfg
c:\programdata\avg9\Log\avgam.log
c:\programdata\avg9\Log\avgam.log.lock
c:\programdata\avg9\Log\avgcfg.log
c:\programdata\avg9\Log\avgcfg.log.lock
c:\programdata\avg9\Log\avgchjw.log
c:\programdata\avg9\Log\avgchjw.log.1
c:\programdata\avg9\Log\avgchjw.log.lock
c:\programdata\avg9\Log\avgchjwsrv.log
c:\programdata\avg9\Log\avgchjwsrv.log.lock
c:\programdata\avg9\Log\avgcore.log
c:\programdata\avg9\Log\avgcore.log.1
c:\programdata\avg9\Log\avgcore.log.lock
c:\programdata\avg9\Log\avgcsl.log
c:\programdata\avg9\Log\avgcsl.log.lock
c:\programdata\avg9\Log\avgfrw.log
c:\programdata\avg9\Log\avgfrw.log.lock
c:\programdata\avg9\Log\avgldr.log
c:\programdata\avg9\Log\avgldr.log.lock
c:\programdata\avg9\Log\avglng.log
c:\programdata\avg9\Log\avglng.log.lock
c:\programdata\avg9\Log\avgns.log
c:\programdata\avg9\Log\avgns.log.1
c:\programdata\avg9\Log\avgns.log.lock
c:\programdata\avg9\Log\avgrs.log
c:\programdata\avg9\Log\avgrs.log.1
c:\programdata\avg9\Log\avgrs.log.10
c:\programdata\avg9\Log\avgrs.log.2
c:\programdata\avg9\Log\avgrs.log.3
c:\programdata\avg9\Log\avgrs.log.4
c:\programdata\avg9\Log\avgrs.log.5
c:\programdata\avg9\Log\avgrs.log.6
c:\programdata\avg9\Log\avgrs.log.7
c:\programdata\avg9\Log\avgrs.log.9
c:\programdata\avg9\Log\avgrs.log.lock
c:\programdata\avg9\Log\avgscan.log
c:\programdata\avg9\Log\avgscan.log.lock
c:\programdata\avg9\Log\avgsched.log
c:\programdata\avg9\Log\avgsched.log.1
c:\programdata\avg9\Log\avgsched.log.lock
c:\programdata\avg9\Log\avgsrm.log
c:\programdata\avg9\Log\avgsrm.log.lock
c:\programdata\avg9\Log\avgtdi.log
c:\programdata\avg9\Log\avgtdi.log.lock
c:\programdata\avg9\Log\avgui.log
c:\programdata\avg9\Log\avgui.log.lock
c:\programdata\avg9\Log\avgupd.log
c:\programdata\avg9\Log\avgupd.log.lock
c:\programdata\avg9\Log\avgwd.log
c:\programdata\avg9\Log\avgwd.log.1
c:\programdata\avg9\Log\avgwd.log.lock
c:\programdata\avg9\Log\avgwdsvc.log
c:\programdata\avg9\Log\avgwdsvc.log.lock
c:\programdata\avg9\Log\commonpriv.log
c:\programdata\avg9\Log\commonpriv.log.lock
c:\programdata\avg9\Log\fixcfg.log
c:\programdata\avg9\Log\fixcfg.log.lock
c:\programdata\avg9\Log\history.xml
c:\programdata\avg9\Log\vault.log
c:\programdata\avg9\Log\vault.log.lock
c:\programdata\avg9\scanlogs\I_00000001.log
c:\programdata\avg9\scanlogs\I_00000005.log
c:\programdata\avg9\scanlogs\I_00000006.log
c:\programdata\avg9\scanlogs\I_00000007.log
c:\programdata\avg9\scanlogs\I_00000008.log
c:\programdata\avg9\scanlogs\I_00000009.log
c:\programdata\avg9\scanlogs\I_00000010.log
c:\programdata\avg9\scanlogs\I_00000011.log
c:\programdata\avg9\scanlogs\I_00000012.log
c:\programdata\avg9\scanlogs\I_00000013.log
c:\programdata\avg9\scanlogs\I_00000014.log
c:\programdata\avg9\scanlogs\I_00000015.log
c:\programdata\avg9\scanlogs\I_00000016.log
c:\programdata\avg9\scanlogs\I_00000017.log
c:\programdata\avg9\scanlogs\I_00000018.log
c:\programdata\avg9\scanlogs\I_00000019.log
c:\programdata\avg9\scanlogs\I_00000020.log
c:\programdata\avg9\scanlogs\I_00000021.log
c:\programdata\avg9\scanlogs\I_00000022.log
c:\programdata\avg9\scanlogs\I_00000023.log
c:\programdata\avg9\scanlogs\I_00000024.log
c:\programdata\avg9\scanlogs\I_00000025.log
c:\programdata\avg9\scanlogs\I_00000026.log
c:\programdata\avg9\scanlogs\I_00000027.log
c:\programdata\avg9\scanlogs\I_00000028.log
c:\programdata\avg9\scanlogs\I_00000029.log
c:\programdata\avg9\scanlogs\I_00000030.log
c:\programdata\avg9\scanlogs\srm.idx
c:\programdata\avg9\Temp\029fde8f-249e-4455-b4ff-9c3ce8729593-1b74-oopp.tmp
c:\programdata\avg9\Temp\0820010e-4a22-42f3-818a-04c56a706b81-980-oopp.tmp
c:\programdata\avg9\Temp\1ebb7546-ca85-4f91-baff-a15b408548fa-b78-oopp.tmp
c:\programdata\avg9\Temp\3a79043b-fdb2-4419-b93d-b99dd5b5ee67-38c-oopp.tmp
c:\programdata\avg9\Temp\494076b7-b917-4fb2-82c8-cb73d451ee08-328-oopp.tmp
c:\programdata\avg9\Temp\55387736-f864-49db-8601-4bad373c326d-344-oopp.tmp
c:\programdata\avg9\Temp\582d4e7e-e0d8-4bd1-9185-7ec7fe11e0ca-bb4-oopp.tmp
c:\programdata\avg9\Temp\66f209bf-1e2c-4ba5-82fd-4b52dd0909af-1ab0-oopp.tmp
c:\programdata\avg9\Temp\68f6ca42-ade3-4187-8fe8-f92245f7c51d-338-oopp.tmp
c:\programdata\avg9\Temp\6d781478-52a2-4902-bc11-7c2902c9b0b8-af4-oopp.tmp
c:\programdata\avg9\Temp\706f8247-6e42-4718-8908-48c30ea27c60-b8c-oopp.tmp
c:\programdata\avg9\Temp\74e15090-18da-4724-8073-760681bd6ce6-33c-oopp.tmp
c:\programdata\avg9\Temp\7c481ab1-b772-4c4a-a0e0-cda915041301-a08-oopp.tmp
c:\programdata\avg9\Temp\81def88b-dbc4-4064-9027-3dd530abc838-3a8-oopp.tmp
c:\programdata\avg9\Temp\8e3acb0c-6241-4e38-9732-ed07c692864c-ce4-oopp.tmp
c:\programdata\avg9\Temp\9064ac7d-42b8-439b-8b30-96556f8e9a2f-390-oopp.tmp
c:\programdata\avg9\Temp\93c50105-3b83-4252-88c9-8a281f74b65e-30c-oopp.tmp
c:\programdata\avg9\Temp\9e666456-ec5b-4a55-bdbf-38be8c718202-af4-oopp.tmp
c:\programdata\avg9\Temp\a29ce1e7-0705-4e05-a7ed-8c8ba7f654cd-328-oopp.tmp
c:\programdata\avg9\Temp\c2026dd7-08d3-4b89-8a47-807626143d18-964-oopp.tmp
c:\programdata\avg9\Temp\cd28600c-7d7f-4a06-8ba1-633eb7dcb194-3ac-oopp.tmp
c:\programdata\avg9\Temp\ef800c1c-7e94-401a-ae47-f04aefd8c574-cb8-oopp.tmp
c:\programdata\avg9\Temp\f67590ea-8995-4de1-bcf3-2964d21bb9e3-ae4-oopp.tmp
c:\programdata\avg9\Temp\f6dd04e8-63f2-40e4-b2fc-74b719e55d4c-ac8-oopp.tmp
c:\programdata\avg9\Temp\fd3ab907-6a49-4869-9e65-4b947b789a59-3cc-oopp.tmp
c:\programdata\avg9\Temp\fed3384a-800e-44b4-9edd-d7b6e3722db2-39c-oopp.tmp
c:\programdata\avg9\Temp\file9514.tmp
c:\programdata\avg9\update\backup\avgatend.stp
c:\programdata\avg9\update\backup\avgatupd.stp
c:\programdata\avg9\update\backup\avginet.dll
c:\programdata\avg9\update\backup\avgiproxy.exe
c:\programdata\avg9\update\backup\avgldx64.sys
c:\programdata\avg9\update\backup\avgmfx64.sys
c:\programdata\avg9\update\backup\avgrkx64.sys
c:\programdata\avg9\update\backup\avgtdia.sys
c:\programdata\avg9\update\backup\avgupd.dll
c:\programdata\avg9\update\backup\avgupd.exe
c:\programdata\avg9\update\backup\cty.cty
c:\programdata\avg9\update\backup\incavi.avm
c:\programdata\avg9\update\prepare\temp\cty.cty
c:\users\Laptop\AppData\Roaming\AVG
c:\users\Laptop\AppData\Roaming\AVG\Integrator\DiskDoctor.log
c:\users\Laptop\AppData\Roaming\AVG\PC Tuneup 2011\User Reports\Integrator_report.html
c:\users\Laptop\AppData\Roaming\AVG\PC Tuneup 2011\User Reports\Integrator_report.xml
c:\users\Laptop\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110701214624743.rsc
c:\users\Laptop\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110701214628714.rsc
c:\users\Laptop\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110701220206665.rsc
c:\users\Laptop\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110701220206906.rsc
c:\users\Laptop\AppData\Roaming\AVG\Track Eraser\TrackEraser.igl
c:\windows\System32\344A.tmp
c:\windows\System32\8EF8.tmp
c:\windows\System32\9AAA.tmp
c:\windows\System32\DBFC.tmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 07:29 . 2011-07-14 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 07:13 . 2011-07-14 07:13 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-13 10:42 . 2011-07-13 10:42 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-07-13 08:10 . 2011-06-06 22:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{716F3CA4-7763-4220-821D-C62A5AA1B614}\mpengine.dll
2011-07-10 10:53 . 2003-03-21 01:45 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
2011-07-10 10:53 . 2011-07-10 10:53 -------- d-----w- c:\program files (x86)\HotPotatoes6
2011-07-08 21:21 . 2011-07-11 08:43 -------- d-----w- C:\MGADiagToolOutput
2011-07-08 21:20 . 2011-07-08 21:20 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-07-07 10:48 . 2011-07-07 10:48 -------- d-----w- c:\program files (x86)\ZD Soft
2011-07-07 10:32 . 2011-07-07 10:32 -------- d-----w- c:\program files (x86)\ESCV
2011-07-07 10:31 . 2011-07-07 10:31 -------- d-----w- c:\windows\Downloaded Installations
2011-07-07 07:42 . 2011-07-07 07:42 -------- d-----w- c:\program files (x86)\TechSmith
2011-07-05 21:27 . 2011-07-05 21:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-05 07:38 . 2011-07-05 07:38 -------- d-----w- c:\program files\COMODO
2011-07-05 07:37 . 2011-07-05 07:37 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-03 11:38 . 2011-07-03 11:38 -------- d-----w- C:\My backups
2011-07-03 11:33 . 2011-07-03 21:13 -------- d-----w- c:\windows\SysWow64\NV
2011-07-03 11:33 . 2011-07-03 21:13 -------- d-----w- c:\windows\system32\NV
2011-07-03 11:29 . 2011-07-14 07:11 -------- d-----w- c:\users\UpdatusUser
2011-07-03 11:27 . 2011-05-21 06:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-07-03 11:26 . 2011-07-03 11:26 -------- d-----w- C:\NVIDIA
2011-07-03 09:34 . 2011-06-06 22:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-03 02:44 . 2011-07-03 02:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-03 02:30 . 2011-07-03 02:30 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4FCC5B9-D92F-43CC-8506-AD927009A334}\gapaengine.dll
2011-07-02 07:17 . 2011-07-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-02 07:17 . 2011-07-02 07:17 -------- d-----w- c:\programdata\!SASCORE
2011-07-02 07:17 . 2011-07-02 08:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-02 00:33 . 2011-07-02 01:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-07-02 00:33 . 2011-07-02 01:38 -------- d-----w- c:\program files (x86)\StarCraft II
2011-07-02 00:33 . 2011-07-02 00:47 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-07-02 00:03 . 2011-07-02 00:03 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-07-02 00:03 . 2011-07-02 00:03 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-02 00:03 . 2011-07-02 00:03 -------- d-----w- c:\programdata\Apple
2011-07-01 09:53 . 2011-07-01 09:53 -------- d-----w- c:\program files (x86)\TweetDeck
2011-07-01 09:53 . 2011-07-01 09:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-07-01 08:21 . 2011-07-01 08:21 -------- d-----w- c:\programdata\Malwarebytes
2011-07-01 08:21 . 2011-05-28 21:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-01 08:21 . 2011-07-01 08:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-01 08:21 . 2011-05-28 21:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 07:44 . 2011-07-12 20:42 -------- d-----w- c:\programdata\MFAData
2011-07-01 07:39 . 2011-07-01 07:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-01 07:39 . 2011-07-01 07:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-26 04:15 . 2011-06-26 04:15 2784600 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-06-26 03:44 . 2011-06-26 03:52 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-26 03:44 . 2011-06-26 03:56 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2011-06-26 02:54 . 2011-06-26 02:56 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-06-26 01:24 . 2011-06-26 01:24 -------- d-----w- c:\program files\Dameon
2011-06-26 01:00 . 2011-06-26 01:02 -------- d-----w- c:\programdata\PCDr
2011-06-26 00:37 . 2011-06-26 00:37 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-06-26 00:29 . 2011-06-26 03:35 867064 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-26 00:25 . 2011-06-26 00:25 -------- d-----w- c:\program files (x86)\PowerISO
2011-06-26 00:25 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-26 00:15 . 2009-02-24 06:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-06-26 00:08 . 2011-06-26 00:20 -------- d-----w- c:\program files (x86)\MagicISO
2011-06-26 00:03 . 2011-06-26 00:03 -------- d-----w- c:\programdata\farstone
2011-06-26 00:00 . 2000-06-25 19:43 254224 ----a-w- c:\windows\SysWow64\drmclien.dll
2011-06-25 23:58 . 2006-12-19 07:45 81920 ----a-w- c:\windows\VPLAY801.EXE
2011-06-25 23:58 . 2007-08-15 09:32 81424 ----a-w- c:\windows\system32\drivers\FVXSCSI.SYS
2011-06-25 23:58 . 2007-03-02 01:48 21784 ----a-w- c:\windows\system32\drivers\FCDABUS.SYS
2011-06-25 23:57 . 2007-04-09 20:05 32768 ------w- c:\windows\SysWow64\inVHDDrvExe.exe
2011-06-25 23:57 . 2007-03-02 01:48 36864 ------w- c:\windows\SysWow64\unVHDDrvExe.exe
2011-06-25 02:13 . 2011-06-25 02:13 -------- d--h--w- c:\programdata\Common Files
2011-06-25 00:15 . 2011-06-25 00:15 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-06-25 00:07 . 2011-06-19 20:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0759AC3A-AEFC-4FC4-8AF2-5B1B709BE266}\mpengine.dll
2011-06-24 13:27 . 2011-06-24 13:27 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-24 13:27 . 2011-06-24 13:27 -------- d-----w- c:\windows\system32\Wat
2011-06-24 12:46 . 2011-06-24 12:46 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-06-24 12:46 . 2011-06-24 12:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-06-24 12:45 . 2011-06-24 12:45 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-06-24 10:24 . 2011-06-24 10:24 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-06-24 10:23 . 2011-07-05 21:31 -------- d-----w- c:\programdata\Microsoft Help
2011-06-24 10:23 . 2011-06-24 10:23 -------- d-----r- C:\MSOCache
2011-06-24 09:33 . 2011-01-03 08:38 177128 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-06-24 09:33 . 2011-01-03 08:38 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-06-24 09:33 . 2011-01-03 08:38 157160 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-06-24 09:33 . 2011-01-03 08:38 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-06-24 09:33 . 2011-01-03 08:38 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-06-24 09:33 . 2011-01-03 08:38 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-06-24 09:33 . 2011-01-03 08:38 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-06-24 09:33 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-06-24 09:33 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-06-24 09:33 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-06-24 09:32 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-06-24 09:32 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-06-24 09:32 . 2010-12-21 05:55 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-06-24 09:32 . 2010-12-21 05:55 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-06-24 09:32 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-06-24 09:32 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-06-24 09:32 . 2010-12-21 05:55 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-06-24 09:32 . 2011-06-06 23:13 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-06-24 09:32 . 2011-06-24 09:32 -------- d-----w- c:\program files (x86)\MarkAny
2011-06-24 09:32 . 2011-06-06 23:13 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-06-24 09:32 . 2011-06-24 09:32 -------- d-----w- c:\program files (x86)\Samsung
2011-06-24 09:32 . 2011-06-24 09:32 -------- d-----w- c:\programdata\Samsung
2011-06-24 09:17 . 2011-06-24 09:17 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-06-24 09:17 . 2011-06-24 09:17 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-06-24 09:16 . 2011-07-05 07:32 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2011-06-24 07:48 . 2011-06-24 07:48 -------- d-----w- c:\program files (x86)\Common Files\doubleTwist
2011-06-24 07:48 . 2008-12-17 07:22 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-06-24 07:48 . 2011-06-24 07:48 -------- d-----w- c:\program files (x86)\ffdshow
2011-06-24 07:48 . 2008-12-11 01:26 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2011-06-24 07:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-24 07:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-24 07:44 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-24 07:44 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-06-24 07:41 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-06-24 07:38 . 2011-06-24 07:48 -------- d-----w- c:\program files (x86)\doubleTwist 2.0
2011-06-24 07:38 . 2011-06-24 07:58 -------- d-----w- c:\program files (x86)\gPadServer
2011-06-24 07:09 . 2011-06-24 07:12 -------- d-----w- c:\programdata\WinZip
2011-06-24 07:07 . 2011-06-25 00:10 -------- d-----w- c:\program files (x86)\Google
2011-06-24 07:04 . 2011-06-24 07:04 -------- d-----w- c:\program files (x86)\VideoLAN
2011-06-24 06:58 . 2011-06-26 04:00 -------- d-----w- c:\programdata\Creative
2011-06-24 06:54 . 2011-06-24 06:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:46 . 2011-06-24 06:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-24 06:44 . 2011-07-07 07:43 -------- d-----w- c:\users\Laptop
2011-06-24 06:26 . 2011-06-24 06:26 -------- d-----w- C:\FIND_EULA_PATH
2011-06-24 06:26 . 2011-06-24 06:26 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2011-06-24 06:23 . 2011-06-24 06:23 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 03:41 . 2011-06-11 03:41 800256 ----a-w- c:\windows\system32\usp10.dll
2011-06-11 03:41 . 2011-06-11 03:41 7680 ----a-w- c:\windows\system32\KBDINTAM.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7680 ----a-w- c:\windows\system32\KBDINMAL.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7680 ----a-w- c:\windows\system32\KBDINDEV.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7680 ----a-w- c:\windows\system32\KBDINBEN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINTAM.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINORI.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINMAR.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINMAL.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINKAN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINHIN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINDEV.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\SysWow64\KBDINBEN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINTEL.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINPUN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINORI.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINMAR.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINKAN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINHIN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINGUJ.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINEN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINBE2.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINBE1.DLL
2011-06-11 03:41 . 2011-06-11 03:41 7168 ----a-w- c:\windows\system32\KBDINASA.DLL
2011-06-11 03:41 . 2011-06-11 03:41 6656 ----a-w- c:\windows\SysWow64\KBDINTEL.DLL
2011-06-11 03:41 . 2011-06-11 03:41 6656 ----a-w- c:\windows\SysWow64\KBDINPUN.DLL
2011-06-11 03:41 . 2011-06-11 03:41 6656 ----a-w- c:\windows\SysWow64\KBDINGUJ.DLL
2011-06-11 03:41 . 2011-06-11 03:41 6656 ----a-w- c:\windows\SysWow64\KBDINBE2.DLL
2011-06-11 03:41 . 2011-06-11 03:41 6656 ----a-w- c:\windows\SysWow64\KBDINBE1.DLL
2011-06-11 03:41 . 2011-06-11 03:41 6656 ----a-w- c:\windows\SysWow64\KBDINASA.DLL
2011-06-11 03:41 . 2011-06-11 03:41 626176 ----a-w- c:\windows\SysWow64\usp10.dll
2011-06-11 03:41 . 2011-06-11 03:41 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-06-11 03:41 . 2011-06-11 03:41 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-06-11 03:41 . 2011-06-11 03:41 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2011-06-11 03:41 . 2011-06-11 03:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-06-11 03:41 . 2011-06-11 03:41 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-06-11 03:41 . 2011-06-11 03:41 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-06-11 03:41 . 2011-06-11 03:41 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-06-11 03:41 . 2011-06-11 03:41 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-06-11 03:41 . 2011-06-11 03:41 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-06-11 03:41 . 2011-06-11 03:41 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-11 03:41 . 2011-06-11 03:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-11 03:41 . 2011-06-11 03:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-06-11 03:41 . 2011-06-11 03:41 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-06-11 03:41 . 2011-06-11 03:41 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-06-11 03:41 . 2011-06-11 03:41 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-06-11 03:41 . 2011-06-11 03:41 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-06-11 03:41 . 2011-06-11 03:41 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-06-11 03:41 . 2011-06-11 03:41 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-06-11 03:41 . 2011-06-11 03:41 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-06-11 03:41 . 2011-06-11 03:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-06-11 03:29 . 2011-06-11 03:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-11 03:29 . 2011-06-11 03:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-11 03:29 . 2011-06-11 03:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-11 03:29 . 2011-06-11 03:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-11 03:29 . 2011-06-11 03:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-11 03:29 . 2011-06-11 03:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-11 03:29 . 2011-06-11 03:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-11 03:29 . 2011-06-11 03:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-11 03:29 . 2011-06-11 03:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-11 03:29 . 2011-06-11 03:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-11 03:29 . 2011-06-11 03:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-11 03:29 . 2011-06-11 03:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-11 03:29 . 2011-06-11 03:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-11 03:29 . 2011-06-11 03:29 448512 ----a-w- c:\windows\system32\html.iec
2011-06-11 03:29 . 2011-06-11 03:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-11 03:29 . 2011-06-11 03:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-11 03:29 . 2011-06-11 03:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-11 03:29 . 2011-06-11 03:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-11 03:29 . 2011-06-11 03:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-11 03:29 . 2011-06-11 03:29 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-11 03:29 . 2011-06-11 03:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-11 03:29 . 2011-06-11 03:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-11 03:29 . 2011-06-11 03:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-11 03:29 . 2011-06-11 03:29 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-11 03:29 . 2011-06-11 03:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-11 03:29 . 2011-06-11 03:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-11 03:29 . 2011-06-11 03:29 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-11 03:29 . 2011-06-11 03:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-11 03:29 . 2011-06-11 03:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-11 03:29 . 2011-06-11 03:29 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-11 03:29 . 2011-06-11 03:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-11 03:29 . 2011-06-11 03:29 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-11 03:29 . 2011-06-11 03:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-11 03:29 . 2011-06-11 03:29 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-11 03:29 . 2011-06-11 03:29 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-11 03:29 . 2011-06-11 03:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-11 03:29 . 2011-06-11 03:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-11 03:29 . 2011-06-11 03:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-11 01:53 . 2011-06-11 01:53 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-06 23:13 . 2011-06-06 23:13 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-06-06 23:13 . 2011-06-06 23:13 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-06-06 23:13 . 2011-06-06 23:13 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-06-06 23:13 . 2011-06-06 23:13 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-06-06 23:13 . 2011-06-06 23:13 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-06-06 23:13 . 2011-06-06 23:13 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-06-06 23:13 . 2011-06-06 23:13 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-06-06 23:13 . 2011-06-06 23:13 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-06-06 23:13 . 2011-06-06 23:13 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-06-06 23:13 . 2011-06-06 23:13 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Laptop\AppData\Local\{DCE6C8D1-FC3B-4B74-B613-891B0D6D2B5E} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-13_07.47.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-13 23:16 . 2009-07-14 01:14 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-07-13 07:25 . 2011-06-03 05:57 25600 c:\windows\SysWOW64\setup16.exe
- 2009-07-13 23:15 . 2009-07-14 01:16 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-07-13 07:25 . 2011-06-03 06:00 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-07-13 07:25 . 2011-03-11 05:31 74240 c:\windows\SysWOW64\fsutil.exe
+ 2011-07-13 07:25 . 2011-06-03 06:57 13312 c:\windows\system32\wow64cpu.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 13312 c:\windows\system32\wow64cpu.dll
+ 2010-11-21 03:09 . 2011-07-14 07:11 47984 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-13 07:30 42606 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-14 07:11 42606 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-24 06:46 . 2011-07-14 07:11 10022 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2372956138-338855233-1135559829-1002_UserData.bin
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
+ 2011-07-13 07:25 . 2011-06-03 06:57 16384 c:\windows\system32\ntvdm64.dll
+ 2011-07-13 07:25 . 2011-03-11 06:30 96768 c:\windows\system32\fsutil.exe
+ 2009-07-14 05:30 . 2011-07-14 07:06 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-13 07:20 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 07:25 . 2011-03-11 04:37 91648 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS
+ 2011-07-13 07:25 . 2011-03-25 03:29 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 52736 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
+ 2011-07-13 07:25 . 2011-03-25 03:24 99328 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_744be53d7151cd00\usbccgp.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
+ 2011-07-13 07:25 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthenum.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_5c3d0d1e97e99e10\amdxata.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2011-07-13 07:25 . 2011-03-11 04:37 91648 c:\windows\system32\drivers\USBSTOR.SYS
- 2010-11-21 03:23 . 2010-11-21 03:23 91648 c:\windows\system32\drivers\USBSTOR.SYS
- 2009-07-14 00:06 . 2009-07-14 00:06 25600 c:\windows\system32\drivers\usbohci.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 25600 c:\windows\system32\drivers\usbohci.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 52736 c:\windows\system32\drivers\usbehci.sys
- 2011-06-11 03:41 . 2011-06-11 03:41 99328 c:\windows\system32\drivers\usbccgp.sys
+ 2011-07-13 07:25 . 2011-03-25 03:24 99328 c:\windows\system32\drivers\usbccgp.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 80384 c:\windows\system32\drivers\BTHUSB.SYS
+ 2011-07-13 07:25 . 2011-04-28 03:54 80384 c:\windows\system32\drivers\BTHUSB.SYS
- 2010-11-21 03:23 . 2010-11-21 03:23 27008 c:\windows\system32\drivers\amdxata.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 27008 c:\windows\system32\drivers\amdxata.sys
+ 2009-07-14 04:46 . 2011-07-14 07:12 87144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-14 07:13 . 2011-07-14 07:13 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2011-07-14 07:13 . 2011-07-14 07:13 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2011-07-13 07:25 . 2011-06-03 05:57 44032 c:\windows\AppPatch\acwow64.dll
- 2009-07-13 23:15 . 2009-07-14 01:14 44032 c:\windows\AppPatch\acwow64.dll
+ 2011-07-13 07:25 . 2011-06-03 05:56 5120 c:\windows\SysWOW64\wow32.dll
- 2009-07-13 23:15 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wow32.dll
- 2009-07-13 23:15 . 2009-07-13 23:15 2048 c:\windows\SysWOW64\user.exe
+ 2011-07-13 07:25 . 2011-06-03 03:53 2048 c:\windows\SysWOW64\user.exe
- 2009-07-13 23:16 . 2009-07-13 23:16 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-07-13 07:25 . 2011-06-03 03:53 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-07-13 07:25 . 2011-06-03 03:48 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 03:48 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 03:48 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 03:48 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-03-25 03:28 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
- 2009-07-14 00:06 . 2009-07-14 00:06 7936 c:\windows\system32\drivers\usbd.sys
+ 2011-07-13 07:25 . 2011-03-25 03:28 7936 c:\windows\system32\drivers\usbd.sys
+ 2011-07-13 07:25 . 2011-06-03 06:44 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-13 07:25 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2011-07-13 07:29 . 2011-07-13 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-14 07:30 . 2011-07-14 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-14 07:30 . 2011-07-14 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-13 07:29 . 2011-07-13 07:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-13 07:25 . 2011-06-03 05:56 272384 c:\windows\SysWOW64\KernelBase.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 837632 c:\windows\SysWOW64\kernel32.dll
+ 2011-07-13 07:25 . 2011-05-14 06:22 837632 c:\windows\SysWOW64\kernel32.dll
+ 2011-07-13 07:25 . 2011-06-03 06:57 362496 c:\windows\system32\wow64win.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 243200 c:\windows\system32\wow64.dll
+ 2011-07-13 07:25 . 2011-06-03 06:57 243200 c:\windows\system32\wow64.dll
+ 2011-07-13 07:25 . 2011-06-03 06:57 214528 c:\windows\system32\winsrv.dll
+ 2011-06-24 23:41 . 2011-07-13 09:21 266030 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-07-13 07:36 666400 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-14 07:15 666400 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-14 07:15 126004 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-13 07:36 126004 c:\windows\system32\perfc009.dat
+ 2011-07-13 07:25 . 2011-06-03 06:56 421888 c:\windows\system32\KernelBase.dll
- 2009-07-14 04:45 . 2011-07-01 23:12 460056 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-07-14 07:08 460056 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-07-13 07:20 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-14 07:06 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-13 07:20 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-07-14 07:06 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-07-13 07:25 . 2011-03-25 03:29 325120 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
+ 2011-07-13 07:25 . 2011-03-25 03:24 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_744be53d7151cd00\usbhub.sys
+ 2011-07-13 07:25 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
+ 2010-11-21 03:23 . 2010-11-21 03:23 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\fsquirt.exe
+ 2011-07-13 07:25 . 2011-04-28 03:55 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthport.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_5c3d0d1e97e99e10\amdsata.sys
- 2009-07-14 05:31 . 2011-06-11 03:43 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-07-14 07:06 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2011-07-13 07:25 . 2011-03-25 03:29 325120 c:\windows\system32\drivers\usbport.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 325120 c:\windows\system32\drivers\usbport.sys
+ 2011-07-13 07:25 . 2011-03-25 03:24 343040 c:\windows\system32\drivers\usbhub.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 343040 c:\windows\system32\drivers\usbhub.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 189824 c:\windows\system32\drivers\storport.sys
- 2010-11-21 03:24 . 2010-11-21 03:24 189824 c:\windows\system32\drivers\storport.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 166272 c:\windows\system32\drivers\nvstor.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 166272 c:\windows\system32\drivers\nvstor.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 148352 c:\windows\system32\drivers\nvraid.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 148352 c:\windows\system32\drivers\nvraid.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 410496 c:\windows\system32\drivers\iaStorV.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 410496 c:\windows\system32\drivers\iaStorV.sys
+ 2011-07-13 07:25 . 2011-04-28 03:55 552960 c:\windows\system32\drivers\bthport.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 107904 c:\windows\system32\drivers\amdsata.sys
- 2010-11-21 03:23 . 2010-11-21 03:23 107904 c:\windows\system32\drivers\amdsata.sys
+ 2011-07-13 07:25 . 2011-06-03 06:53 338944 c:\windows\system32\conhost.exe
- 2009-07-14 05:01 . 2011-07-13 07:28 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-14 07:30 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-20 12:05 . 2009-07-20 12:05 1348432 c:\windows\SysWOW64\msxml4.dll
+ 2011-07-13 07:25 . 2011-03-11 05:33 1699328 c:\windows\SysWOW64\esent.dll
+ 2011-07-13 07:25 . 2011-06-11 03:07 3137536 c:\windows\system32\win32k.sys
+ 2009-07-14 02:34 . 2011-07-14 07:07 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-07-10 06:15 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-07-13 07:25 . 2011-05-14 07:20 1162752 c:\windows\system32\kernel32.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 2565632 c:\windows\system32\esent.dll
+ 2011-07-13 07:25 . 2011-03-11 06:33 2565632 c:\windows\system32\esent.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 1659776 c:\windows\system32\drivers\ntfs.sys
+ 2011-07-13 07:25 . 2011-03-11 06:41 1659776 c:\windows\system32\drivers\ntfs.sys
+ 2011-07-11 08:40 . 2011-07-14 07:11 4491982 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-07-11 08:40 . 2011-07-11 08:41 4491982 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-11 02:09 . 2011-07-14 07:30 1448192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-06-11 02:09 . 2011-07-13 07:28 1448192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-20 12:29 . 2009-07-20 12:29 6057984 c:\windows\Installer\42862.msi
+ 2008-09-30 09:07 . 2008-09-30 09:07 6042112 c:\windows\Installer\4285c.msi
+ 2011-07-14 07:17 . 2011-07-14 07:17 9863168 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2011-06-24 07:54 . 2011-07-13 11:02 50867144 c:\windows\system32\MRT.exe
+ 2011-06-24 09:19 . 2011-07-14 07:30 17784304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2372956138-338855233-1135559829-1002-8192.dat
- 2011-06-24 09:19 . 2011-07-13 07:28 17784304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2372956138-338855233-1135559829-1002-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-09 3373968]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-02 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-12-23 491650]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
gPadServer.lnk - c:\program files (x86)\gPadServer\gPadServer.exe [2011-6-24 167424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\volume{302c6c38-93dd-11e0-8059-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 reparse;reparse;c:\windows\system32\DRIVERS\cbreparse.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S0 bdisk;COMODO Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [x]
S0 CBUfs;CBUfs;c:\windows\system32\drivers\CBUFS.sys [x]
S0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\DRIVERS\cbvd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 COSService.exe;Comodo Online Storage Service;c:\program files\COMODO\COMODO BackUp\COSService.exe [2011-06-02 670000]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMODO BackUp\SynchronizationService.exe [2011-06-02 1557808]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [x]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [x]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\DRIVERS\vdbus.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 07:07]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 07:07]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2372956138-338855233-1135559829-1002Core.job
- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 07:07]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2372956138-338855233-1135559829-1002UA.job
- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 07:07]
.
2011-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2011-07-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveOverlayIcon]
@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"
[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]
2011-06-02 08:04 673072 ----a-w- c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.133.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF32253.cfxxe" [X]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-03-10 2364928]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-03-10 2351104]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-26 6611560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 326760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\cblbq9yv.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2372956138-338855233-1135559829-1002\Software\SecuROM\License information*]
"datasecu"=hex:45,a5,b1,de,da,c9,1c,a2,6d,cd,a6,bc,2a,61,86,69,01,fb,f4,ff,33,
01,13,90,e7,de,b7,79,90,ce,02,0a,3c,75,44,fb,b0,f0,54,b0,a6,f0,ed,66,0f,57,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-07-14 19:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 07:34
ComboFix2.txt 2011-07-13 07:53
.
Pre-Run: 472,761,786,368 bytes free
Post-Run: 472,499,449,856 bytes free
.
- - End Of File - - 087B16A0818CE01FDE29472838E88016

C.
No change.

NB - I tried to post the log for the AVG remover from the last post, but it was too long to be posted to the forum.

Thanks
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 14th, 2011, 5:54 pm

Hello flashwaawoo,

It looks like your computer is much healthy now but let to continue a little bit more.
Please don't worry about log for the AVG remover and forget about it now... :)

Step 1.
Kaspersky Online Scanner.
Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the Advantages - Requirements and Limitations then press the Accept button.
    It will start downloading and installing the latest scanner and virus definitions files. You will be prompted to install an application from Kaspersky. Click Run. It takes time, please be patient, let it finish...
  2. Once the files have been downloaded, please click on the Settings button.
    In the Scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE button, if you made any changes.
  3. Now under the Scan section on the left:
      Select My Computer
    The program will start scanning your system. This takes a while, be patient, let it run.
    Once the scan is complete, it will display the results. Click on View Scan Report .
  4. You will see a list of infected items there. Click on Save Report As... .
  5. Save this report to your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  6. Copy and paste the saved scan results file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of scan results from Kaspersky Online Scanner.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 14th, 2011, 7:44 pm

Kaspersky didn't work. I kept getting an effor about interrupted internet. This is false, our internet never went down over that time.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 14th, 2011, 8:50 pm

Hello flashwaawoo,

It happend sometimes but don't worry - we will use another tool...

Step 1.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.


Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby flashwaawoo » July 15th, 2011, 1:38 am

A. No problems
B. ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
C. I think it is running faster.
flashwaawoo
Active Member
 
Posts: 12
Joined: July 1st, 2011, 5:21 am

Re: Google redirect malware

Unread postby pgmigg » July 15th, 2011, 5:59 pm

Hello flashwaawoo,

Your latest set of logs appear to be clean and hopefully I can say 'All Clean'! :cheers:
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
TFC (Temp File Cleaner)
  1. Please download TFC.exe...by Old Timer. Save it to your desktop.
    Print these instructions. Save any unsaved work. TFC will close ALL open programs including your browser!
  2. Double click on TFC.exe to run it.
    TFC will begin cleaning up the "temp" files. It may take only a few seconds or it could be several minutes, depending on the amount of temp files found.
  3. If prompted to reboot, please click Yes.

! Important ! If TFC prompts you to reboot, please do so immediately, before proceeding to any other steps or other use of your computer.

Step 2.
Uninstall ComboFix
  1. Click on Start -> All programs -> Accessories -> Run.
  2. Copy and paste the value below, into the open text entry box:
    ComboFix /Uninstall
    Image
  3. Click OK.
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Step 3.
OTL-Cleanup
If you already have this on your desktop, please ignore the download instructions.
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe and select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Step 4.
Create a new, clean System Restore Point
  1. Click Start, Right Click on Computer, and select Properties.
  2. In the left pane, click System Protection -> Create.
  3. Give this restore point a descriptive name and click Create.
  4. Click Apply and OK.

Step 5.
Deleting all but the most recent System Restore Points
  1. Click Start and type cleanmgr.exe in the opened box. Then press Enter.
  2. Select the drive-letter from the list (usually System (C:)) and click OK.
  3. Click the More Options tab.
  4. Click the Clean up… button under System Restore and Shadow Copies.
  5. Click on Delete button at the opened question window and then click OK.
  6. Click on Delete Files button at the next opened question window to confirm that action.

Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
What is Windows Update?
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this installed already, run scans weekly (at least)... make sure you check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)

Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect malware

Unread postby Cypher » July 19th, 2011, 4:52 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 507 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware