also @ TechSpot: Microsoft officially announces Xbox One: here's what we know so far

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

HJT Log

Discussion in 'Virus and Malware Removal' started by circusboy01, Aug 14, 2011.

Page 2 of 5

Broni Malware Annihilator Posts: 39,313 +175

Go to FileDropper, click on green "Upload file" square and navigate to Combofix log location (C:\combofix.txt)

Broni, Aug 16, 2011

#21
circusboy01 TechSpot Enthusiast Posts: 666

Broni; In post #19 you showed me what to do to send you my log In post#21 you showed me how to do it.. I feel so dumb.. Uploading the log into file dropper I'm sure, is a simple process. But, even though you showed me how . I still can't do it.I don't have a clue. Unlike last time I'm not giving up.. I'm just stuck. This is probably a dumb question, and I don't know if I could do it
even if it was possible. Is there any way I could use Cut, or the snipping tool to cut the log so I could copy and past each half toTS?

circusboy01, Aug 18, 2011

#22
Broni Malware Annihilator Posts: 39,313 +175

Open Windows Explorer.
Click on drive "C".
Can you see combofix.txt file there?

Broni, Aug 18, 2011

#23
circusboy01 TechSpot Enthusiast Posts: 666

Broni I answered post 23 2 hrs, or more ago. Heres my answer again...Yes I did find combo fix in drive"C" But, there was no "txt"on the end. I have put combofix "txt" as an icon onmy desk. Log is gone again.I think from all the times my computer has restarted while up dates were being installed .So I will just do it tomorrow.No problem doesn't take that long.Let me know as soon as you need me to create it again I'll check here often

circusboy01, Aug 18, 2011

#24
Broni Malware Annihilator Posts: 39,313 +175

Yes I did find combo fix in drive"C" But, there was no "txt"on the end.

Double click on that file. Will it open in Notepad?

Broni, Aug 18, 2011

#25

circusboy01 TechSpot Enthusiast Posts: 666

Yes it opened up in notepad. Thanks for sticking with me. CB

circusboy01, Aug 19, 2011

#26

Broni Malware Annihilator Posts: 39,313 +175

Copy everything what's inside Notepad and paste it into your next reply.

Broni, Aug 19, 2011

#27
circusboy01 TechSpot Enthusiast Posts: 666

ComboFix 11-08-17.03 - Raymond Wayne Solema 08/17/2011 16:18:03.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2890 [GMT -7:00]
Running from: c:\users\Raymond Wayne Solema\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 23:30 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-08-17 23:30 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-08-17 23:30 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-17 23:30 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-17 23:30 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-17 23:23 . 2011-08-17 23:23 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-17 23:23 . 2011-08-17 23:23 -------- d-----w- c:\windows\system32\Wat
2011-08-17 23:20 . 2011-08-17 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 13:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-17 13:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-08-17 13:52 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-17 13:52 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-17 13:52 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-17 13:52 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-17 13:52 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-17 13:52 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-17 13:52 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-17 13:52 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-17 13:52 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-17 13:52 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-17 11:51 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-08-17 11:51 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-08-17 11:50 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-08-17 11:50 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-08-17 11:50 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-08-17 11:50 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-17 11:50 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-08-17 11:50 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-08-17 11:50 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-08-17 11:50 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-08-17 11:47 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-17 11:47 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-17 11:47 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-17 11:47 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 11:46 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-17 11:46 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-17 11:46 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-08-17 11:46 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-08-17 11:46 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-08-17 11:46 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-17 11:46 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-08-17 11:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-17 11:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-17 11:23 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll
2011-08-17 11:14 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-17 11:14 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-08-17 11:06 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-08-17 11:06 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-08-17 11:06 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-08-17 11:06 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-08-17 10:59 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-08-17 10:59 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-08-17 10:59 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-17 10:59 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-08-17 10:54 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-17 10:54 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-17 10:54 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-08-17 10:51 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-17 10:51 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-08-17 10:51 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-08-17 10:51 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-08-17 10:51 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-17 10:51 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-08-17 10:51 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-17 10:44 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-08-17 10:44 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-08-17 10:41 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-17 10:41 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-08-17 10:41 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-08-17 10:41 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-08-17 10:41 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-08-17 10:41 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-08-17 10:41 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-08-17 10:41 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-08-17 10:41 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-08-17 10:40 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 10:40 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-17 10:30 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-17 10:30 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-17 10:30 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-17 10:08 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D4F1B7B-FA8D-4A95-96CB-951FDE9EC979}\mpengine.dll
2011-08-17 02:43 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-08-17 02:43 . 2010-01-11 02:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2011-08-17 02:43 . 2011-08-17 02:47 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-08-17 02:00 . 2011-08-17 13:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-08-17 02:00 . 2011-08-17 02:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-16 23:07 . 2011-08-16 23:07 -------- d-----w- c:\program files\Google
2011-08-16 23:04 . 2011-08-16 23:04 -------- d-----w- c:\program files\CCleaner
2011-08-16 23:04 . 2011-08-16 23:04 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-16 14:50 . 2011-08-16 14:50 -------- d-----w- c:\programdata\Lenovo
2011-08-16 14:46 . 2011-08-16 14:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-16 14:46 . 2011-08-16 14:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-16 14:06 . 2011-08-16 14:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 14:06 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-16 14:06 . 2011-08-17 12:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-16 14:06 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 12:36 . 2011-08-16 23:07 -------- d-----w- c:\program files (x86)\Google
2011-08-16 12:35 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-16 12:35 . 2011-08-17 23:14 -------- d-----w- c:\programdata\AVAST Software
2011-08-16 12:35 . 2011-08-16 12:35 -------- d-----w- c:\program files\AVAST Software
2011-08-16 11:23 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-16 11:03 . 2011-08-16 11:03 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-08-16 10:40 . 2009-11-10 10:04 1827328 ----a-w- c:\windows\system32\drivers\athurx.sys
2011-08-16 10:40 . 2008-05-15 09:28 26624 ----a-w- c:\windows\system32\drivers\jswpslwfx.sys
2011-08-16 10:40 . 2007-01-20 01:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2011-08-16 10:40 . 2011-08-16 10:40 -------- d-----w- c:\program files (x86)\NETGEAR
2011-08-16 10:40 . 2011-08-16 10:40 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-17 10:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-17_23.05.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 22:34 . 2011-08-17 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-08-17 22:34 . 2011-08-17 23:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-08-17 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-17 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-17 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-17 23:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-17 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-17 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-26 01:56 . 2011-08-17 23:18 26098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-17 23:18 39472 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-16 10:45 . 2011-08-17 23:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 10:45 . 2011-08-17 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 10:45 . 2011-08-17 22:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-16 10:45 . 2011-08-17 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-16 10:45 . 2011-08-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-16 10:45 . 2011-08-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 11:09 . 2011-08-17 23:18 3084 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-289670154-1285097819-147057498-1001_UserData.bin
- 2011-08-17 23:04 . 2011-08-17 23:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-17 23:20 . 2011-08-17 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-17 23:20 . 2011-08-17 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-17 23:04 . 2011-08-17 23:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-08-17 22:57 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-17 23:11 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-17 23:11 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-17 22:57 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-08-17 23:03 244256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-17 23:20 244256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-8-16 4562944]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 12:36]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 12:36]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001Core.job
- c:\users\Raymond Wayne Solema\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 00:21]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001UA.job
- c:\users\Raymond Wayne Solema\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 00:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}"="c:\windows\test.bat" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-09 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-09 365080]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-08-17 16:23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 23:23
ComboFix2.txt 2011-08-17 11:31
ComboFix3.txt 2011-08-17 09:30
ComboFix4.txt 2011-08-17 03:38
.
Pre-Run: 950,262,956,032 bytes free
Post-Run: 950,165,843,968 bytes free
.
- - End Of File - - 24AD021C38A3299982F5DCB10126B604

circusboy01, Aug 20, 2011

#28
circusboy01 TechSpot Enthusiast Posts: 666

I went to the Antelope Valley Fair tonight and saw FogHat, and Blue Oyster Cult While watching the concert I thought to myself "I wonder if it will copy and paste now that it's in Notepad?"
Sure enough when I got home that's exactly what you wanted me to do. Still don't understand why it was too long to fit into TS before I put it in Notepad. But, fit just fine after I put it in Notepad.???
Hope you find an easy fix thanks CB

circusboy01, Aug 20, 2011

#29
Broni Malware Annihilator Posts: 39,313 +175

Blue Oyster Cult

Wow! That brings a lot of memories. Those guys have been around for a loooooong time

Combofix log looks good now.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Broni, Aug 20, 2011

#30
circusboy01 TechSpot Enthusiast Posts: 666

Both Blue Oyster Cult and Foghat have been around 40 years
Will start doing the download now. Lets hope I don't mess it up CB

circusboy01, Aug 20, 2011

#31
circusboy01 TechSpot Enthusiast Posts: 666

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-20 12:04:02
-----------------------------
12:04:02.974 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:02.974 Number of processors: 2 586 0x170A
12:04:02.975 ComputerName: COMPZILLA-IV UserName:
12:04:05.686 Initialize success
12:04:05.978 AVAST engine defs: 11082000
12:04:20.842 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:04:20.846 Disk 0 Vendor: ST31000528AS CC68 Size: 953869MB BusType: 11
12:04:22.861 Disk 0 MBR read successfully
12:04:22.865 Disk 0 MBR scan
12:04:22.870 Disk 0 Windows 7 default MBR code
12:04:22.875 Service scanning
12:04:24.929 Modules scanning
12:04:24.934 Disk 0 trace - called modules:
12:04:24.955 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:04:24.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c45060]
12:04:24.966 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa8004aed4f0]
12:04:24.973 5 ACPI.sys[fffff88000faf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004759680]
12:04:26.174 AVAST engine scan C:\windows
12:04:27.972 AVAST engine scan C:\windows\system32
12:05:22.191 AVAST engine scan C:\windows\system32\drivers
12:05:29.101 AVAST engine scan C:\Users\Raymond Wayne Solema
12:05:57.331 AVAST engine scan C:\ProgramData
12:06:07.456 Scan finished successfully
12:06:57.258 Disk 0 MBR has been saved successfully to "C:\Users\Raymond Wayne Solema\Documents\MBR.dat"
12:06:57.258 The log file has been saved successfully to "C:\Users\Raymond Wayne Solema\Documents\aswMBR.txt"

That was too easy and the log looks too short. What did I do Wrong?:haha:

circusboy01, Aug 20, 2011

#32
Broni Malware Annihilator Posts: 39,313 +175
You did fine

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Aug 20, 2011

#33
circusboy01 TechSpot Enthusiast Posts: 666

OTL logfile created on: 8/20/2011 5:37:03 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Raymond Wayne Solema\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 76.48% Memory free
7.93 Gb Paging File | 6.47 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 881.41 Gb Free Space | 97.25% Space Free | Partition Type: NTFS

Computer Name: COMPZILLA-IV | User Name: Raymond Wayne Solema | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 17:35:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Raymond Wayne Solema\Downloads\OTL.exe
PRC - [2011/08/16 17:21:09 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Raymond Wayne Solema\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/08/11 22:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/31 23:17:30 | 000,253,952 | ---- | M] (KEDMI Scientific Computing) -- C:\Program Files (x86)\tinySpell\tinyspell.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/07/29 12:44:20 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/17 22:05:31 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/11 22:57:30 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 05:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/04 04:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 04:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 04:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 04:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 04:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/10 03:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 19:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 13:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:17:30 | 000,011,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spio.sys -- (SuperIO)
DRV:64bit: - [2009/05/22 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20110818
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z128&install_date=20110818"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raymond Wayne Solema\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raymond Wayne Solema\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/17 18:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 21:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/17 21:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Extensions
[2011/08/17 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Firefox\Profiles\0w0vavf9.default\extensions
[2011/08/17 22:26:02 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Firefox\Profiles\0w0vavf9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/17 22:26:01 | 000,001,945 | ---- | M] () -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Firefox\Profiles\0w0vavf9.default\searchplugins\bing-zugo.xml
[2011/08/17 21:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/08/17 16:21:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe (KEDMI Scientific Computing)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 03:00:13 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2011/08/20 02:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tinySpell
[2011/08/20 02:18:24 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\tinySpell
[2011/08/20 02:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tinySpell
[2011/08/20 01:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2011/08/20 00:54:51 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\WinPatrol
[2011/08/20 00:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/08/20 00:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/08/20 00:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2011/08/19 03:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/08/19 01:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/08/18 23:34:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/08/18 23:33:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/08/18 23:30:41 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2011/08/18 23:30:17 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2011/08/18 03:42:32 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Adobe
[2011/08/17 23:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 21:49:04 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla
[2011/08/17 21:49:04 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Mozilla
[2011/08/17 21:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/17 18:17:15 | 000,022,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/08/17 18:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/17 18:17:14 | 000,288,088 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/08/17 18:17:13 | 000,031,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/08/17 18:17:12 | 000,600,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/08/17 18:17:12 | 000,045,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/08/17 18:17:11 | 000,064,856 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/08/17 18:17:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/08/17 18:17:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/08/17 16:32:43 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\Desktop\Just stuff I might need
[2011/08/17 16:23:54 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/08/17 16:23:12 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/08/17 16:23:12 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/08/17 16:21:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/16 20:09:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/08/16 20:09:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/08/16 20:09:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/08/16 20:09:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/08/16 20:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 19:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/08/16 19:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/08/16 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/16 19:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/16 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/16 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Google
[2011/08/16 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/16 16:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/16 07:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2011/08/16 07:47:51 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/16 07:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/16 07:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/16 07:06:16 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Malwarebytes
[2011/08/16 07:06:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/16 07:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 07:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/16 07:06:01 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/08/16 07:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/16 05:36:01 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Google
[2011/08/16 05:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/16 05:35:56 | 000,253,888 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/08/16 05:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/16 05:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/16 04:48:23 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft Games
[2011/08/16 04:20:10 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Diagnostics
[2011/08/16 04:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/08/16 04:03:19 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/08/16 03:54:38 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Macromedia
[2011/08/16 03:46:39 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Adobe
[2011/08/16 03:40:46 | 001,827,328 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athurx.sys
[2011/08/16 03:40:46 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\jswpslwfx.sys
[2011/08/16 03:40:46 | 000,025,312 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\drivers\SCMNdisP.sys
[2011/08/16 03:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Smart Wizard
[2011/08/16 03:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2011/08/16 03:40:32 | 000,000,000 | ---D | C] -- C:\temp
[2011/08/16 03:40:29 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\InstallShield
[2011/08/16 03:36:40 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Deployment
[2011/08/16 03:36:40 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Apps
[2011/08/16 03:36:31 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Searches
[2011/08/16 03:36:31 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/16 03:36:31 | 000,000,000 | -H-D | C] -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/16 03:36:24 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Identities
[2011/08/16 03:36:22 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Contacts
[2011/08/16 03:36:22 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\VirtualStore
[2011/08/16 03:36:18 | 000,000,000 | --SD | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Videos
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Saved Games
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Pictures
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Music
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Links
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Favorites
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Downloads
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Documents
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Desktop
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Temporary Internet Files
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Templates
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Start Menu
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\SendTo
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Recent
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\PrintHood
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\NetHood
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Documents\My Videos
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Documents\My Pictures
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Documents\My Music
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\My Documents
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Local Settings
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\History
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Cookies
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Application Data
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Application Data
[2011/08/16 03:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Raymond Wayne Solema\AppData
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Temp
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Media Center Programs
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/08/16 03:35:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/08/20 17:26:01 | 000,000,968 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001UA.job
[2011/08/20 17:26:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001Core.job
[2011/08/20 16:48:03 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 16:48:00 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 16:26:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/20 12:06:57 | 000,000,512 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Documents\MBR.dat
[2011/08/20 11:39:17 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 11:39:17 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 11:36:24 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/20 11:36:24 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/20 11:36:24 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/20 11:31:48 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/20 02:52:20 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\LVT.lnk
[2011/08/20 02:19:32 | 000,002,263 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Internet Explorer (64-bit).lnk
[2011/08/20 02:18:25 | 000,001,019 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\tinySpell.lnk
[2011/08/20 01:50:25 | 000,000,363 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Control Panel - Shortcut.lnk
[2011/08/20 01:45:30 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/08/20 01:45:30 | 000,001,304 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/08/20 01:07:57 | 000,000,136 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Spider Solitaire - Shortcut.lnk
[2011/08/20 01:06:46 | 000,000,068 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\You Tube.URL
[2011/08/20 00:54:44 | 000,002,181 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\WinPatrol Explorer.lnk
[2011/08/19 14:36:00 | 000,000,107 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Verizon MyVerizon 2.0 My Overview.URL
[2011/08/19 03:21:17 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Install Microsoft IntelliPoint.lnk
[2011/08/19 00:08:10 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/08/18 17:12:09 | 000,000,083 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\capital -one.URL
[2011/08/18 16:28:04 | 000,000,066 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\consumer cellular.URL
[2011/08/18 05:26:36 | 000,001,437 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/18 05:12:21 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2011/08/18 05:12:21 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2011/08/18 03:43:30 | 000,000,268 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Wells Fargo*Account Summary.URL
[2011/08/18 00:47:07 | 000,013,157 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Uninstall a program - Shortcut.lnk
[2011/08/17 23:40:24 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/17 22:30:35 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/17 21:48:59 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 19:30:48 | 000,000,144 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\G-Mail (1).url
[2011/08/17 19:29:22 | 000,000,135 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Yahoo Mail.url
[2011/08/17 18:17:15 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/17 18:17:11 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/08/17 17:33:48 | 000,001,223 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 16:38:43 | 000,001,258 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Spybot - Search & Destroy.lnk
[2011/08/17 16:26:29 | 000,001,021 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\SpywareBlaster.lnk
[2011/08/17 16:21:52 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/08/17 15:17:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/08/17 04:28:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20110817-064726.backup
[2011/08/17 02:00:56 | 000,013,477 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\ComboFix - Shortcut.lnk
[2011/08/17 00:53:59 | 000,000,123 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\TechSpot OpenBoards.url
[2011/08/16 17:50:27 | 000,002,405 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Google Chrome.lnk
[2011/08/16 06:26:46 | 000,001,034 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 06:26:46 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 04:48:11 | 000,000,622 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Solitaire - Shortcut.lnk
[2011/08/16 04:03:19 | 000,001,264 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Revo Uninstaller.lnk
[2011/08/16 03:36:39 | 000,002,131 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Lenovo Rescue System.lnk
[2011/08/16 03:36:00 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/08/16 03:36:00 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/08/20 12:06:57 | 000,000,512 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Documents\MBR.dat
[2011/08/20 02:18:25 | 000,001,019 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\tinySpell.lnk
[2011/08/20 01:50:25 | 000,000,363 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Control Panel - Shortcut.lnk
[2011/08/20 01:45:30 | 000,002,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/08/20 01:45:30 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/08/20 01:45:30 | 000,001,304 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/08/20 01:07:57 | 000,000,136 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Spider Solitaire - Shortcut.lnk
[2011/08/20 01:06:46 | 000,000,068 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\You Tube.URL
[2011/08/20 00:54:44 | 000,002,181 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\WinPatrol Explorer.lnk
[2011/08/19 14:36:00 | 000,000,107 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Verizon MyVerizon 2.0 My Overview.URL
[2011/08/19 03:21:17 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Install Microsoft IntelliPoint.lnk
[2011/08/18 23:31:34 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2011/08/18 23:29:56 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2011/08/18 23:29:40 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2011/08/18 23:29:40 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2011/08/18 23:29:14 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2011/08/18 17:12:09 | 000,000,083 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\capital -one.URL
[2011/08/18 16:28:04 | 000,000,066 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\consumer cellular.URL
[2011/08/18 05:26:35 | 000,001,409 | ---- | C] () -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/08/18 05:12:21 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2011/08/18 05:12:21 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/08/18 03:42:00 | 000,000,268 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Wells Fargo*Account Summary.URL
[2011/08/18 00:47:07 | 000,013,157 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Uninstall a program - Shortcut.lnk
[2011/08/17 23:40:24 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/17 22:30:35 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/17 21:48:59 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/17 21:48:59 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 19:28:27 | 000,000,135 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Yahoo Mail.url
[2011/08/17 19:07:36 | 000,000,144 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\G-Mail (1).url
[2011/08/17 18:17:15 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/17 16:26:29 | 000,001,021 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\SpywareBlaster.lnk
[2011/08/17 15:17:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/08/17 06:28:31 | 000,001,258 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Spybot - Search & Destroy.lnk
[2011/08/17 05:31:26 | 000,001,223 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 02:00:56 | 000,013,477 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\ComboFix - Shortcut.lnk
[2011/08/16 21:18:00 | 000,000,123 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\TechSpot OpenBoards.url
[2011/08/16 20:09:13 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/16 20:09:13 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/16 20:09:13 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/16 20:09:13 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/16 20:09:13 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/16 17:50:27 | 000,002,405 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Google Chrome.lnk
[2011/08/16 17:21:10 | 000,000,968 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001UA.job
[2011/08/16 17:21:10 | 000,000,916 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001Core.job
[2011/08/16 05:36:05 | 000,000,926 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 05:36:04 | 000,000,922 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 05:35:56 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2011/08/16 04:48:11 | 000,000,622 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Solitaire - Shortcut.lnk
[2011/08/16 04:03:19 | 000,001,264 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Revo Uninstaller.lnk
[2011/08/16 03:40:43 | 000,001,034 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 03:40:43 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 03:38:16 | 000,001,437 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 03:36:35 | 000,002,263 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Internet Explorer (64-bit).lnk
[2011/08/16 03:36:32 | 000,001,443 | ---- | C] () -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/16 03:36:18 | 000,002,131 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Lenovo Rescue System.lnk
[2011/08/16 03:36:18 | 000,001,228 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Windows Explorer.lnk
[2011/08/16 03:36:18 | 000,000,290 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/16 03:36:18 | 000,000,272 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/16 03:32:11 | 3193,835,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010/12/30 01:22:13 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2010/12/28 20:53:12 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/12/28 20:53:12 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2009/07/26 14:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/25 20:51:16 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/20 02:18:27 | 000,000,000 | ---D | M] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\tinySpell
[2011/08/20 00:54:51 | 000,000,000 | ---D | M] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\WinPatrol
[2009/07/13 22:08:49 | 000,011,652 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

circusboy01, Aug 20, 2011

#34
circusboy01 TechSpot Enthusiast Posts: 666

I guess I messed up.. This is the only scan L saw. Don't know which one it is. But, I'll try to find the other and send it along CB
Yes I really did mess up.I just now saw what the red type was for.
Going to start all over again. This time I'll slow down and read everything. So you'll probably get the log I sent again.

circusboy01, Aug 20, 2011

#35
Broni Malware Annihilator Posts: 39,313 +175

Please redo.

Also you didn't answer my question:

How is computer doing?

Broni, Aug 20, 2011

#36
circusboy01 TechSpot Enthusiast Posts: 666

This may be a little long. Please bare with me. Last night After I followed your instructions for creating the OLT scan log again, and it still only gave me one log. I sent you a lengthy reply. explaining, step by step just how I followed each one of your instructions. So, perhaps you could see where I might have made a mistake. I KNOW I typed it, and I could SWEAR I sent it. But. when I opened up my computer today it was gone. Where, and how???? Decided I didn't want to go to that much trouble again unless you asked me to.. So I decided to go to your post with the OTL link and try again. AS soon as I clicked on the OTL link a Avast warning popped up "Rootkit Blocked." Clicked on more details got.
URL: http://oldtimergeekstogo.com/OTL.exe
Process file://c:\programfiles{x86}mozilla files
Infection win32 rootkill-gen{RIK}
Avast moved threat to the chest. I'm going to send this,I hope it doesn't disappear like my last post. Then shut down my PC and only open it every so often to see if you've responded . CB

circusboy01, Aug 21, 2011

#37
Broni Malware Annihilator Posts: 39,313 +175

That's surely false positive.
Disable Avast for a time being and download OTL again.

Broni, Aug 21, 2011

#38
circusboy01 TechSpot Enthusiast Posts: 666

Going to my 65th birthday party will do OTL when I get back. Your sure it's a false positive. Right? You'll be able to help me get rid of it, if it's not. Right?
Am I getting false positives because my Avast settings are too high or anything like that?
If so. Can you help me adjust it? Thank you for being patient. CB

circusboy01, Aug 21, 2011

#39
Broni Malware Annihilator Posts: 39,313 +175

I inquired about OTL at Avast forum and one of the mods said to make sure your Avast is up to date as he downloaded the file and it didn't trigger any pop-up.
I use Avast as well and I downloaded OTL number of times and I didn't get any pop-ups either.

HAPPY BIRTHDAY!

Broni, Aug 21, 2011

#40

Page 2 of 5

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.

Similar Topics

HJT log
Jan 4, 2005
HJT Log
Feb 13, 2006
Hjt log
Dec 12, 2006
HJT log
Aug 3, 2006
HJT Log
Aug 2, 2007
HJT log
Sep 18, 2007
HJT log!!
Aug 17, 2007
HJT Log
Aug 28, 2007