[RESOLVED] Could someone please let me know if I have a rootkit on PC?
Page 1 of 3 123 LastLast
Results 1 to 15 of 31

Thread: [RESOLVED] Could someone please let me know if I have a rootkit on PC?

  1. #1
    Join Date
    Jun 2011
    Posts
    14

    Resolved [RESOLVED] Could someone please let me know if I have a rootkit on PC?

    Hello, I did a scan with Avira. It found 4 hidden files. I am not having any problems with my computer, but here is what GMER and Malwarebytes and Avira found:
    Malwarebytes:
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6817

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    6/9/2011 3:53:09 AM
    mbam-log-2011-06-09 (03-53-09).txt

    Scan type: Quick scan
    Objects scanned: 166713
    Time elapsed: 2 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER:
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-09 03:59:59
    Windows 6.1.7601 Service Pack 1
    Running: 0zzru3c7.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002bb8
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002bb8@0002761463a9 0x9C 0xA5 0xC0 0xF9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc00318b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc00318b@0002762683ae 0xAC 0x78 0x0B 0xE3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4a42
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4a42@0002762bbcd7 0x50 0x17 0xA7 0xC1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc002bb8 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc002bb8@0002761463a9 0x9C 0xA5 0xC0 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc00318b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc00318b@0002762683ae 0xAC 0x78 0x0B 0xE3 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4a42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4a42@0002762bbcd7 0x50 0x17 0xA7 0xC1 ...

    ---- EOF - GMER 1.0.15 ----


    And here is Aviras scan results, which started me thinking I might have a rootkit:
    Start of the scan: Wednesday, June 08, 2011 16:52

    Starting search for hidden objects.
    C:\Program Files\Common Files\Microsoft Shared\Windows Live
    C:\Program Files\Common Files\Microsoft Shared\Windows Live
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Applets\SysTray\BattMeter\Flyout\381b42 22-f694-41f0-9685-ff5bb260df2e
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Applets\SysTray\BattMeter\Flyout\8c5e7f da-e8bf-4a96-9a85-a6e23a8c635c
    [NOTE] The registry entry is invisible.
    c:\program files (x86)\microsoft works\wkscal.exe
    c:\program files (x86)\microsoft works\wkscal.exe
    [NOTE] The process is not visible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '74' Module(s) have been scanned
    Scan process 'avscan.exe' - '29' Module(s) have been scanned
    Scan process 'Expert8.exe' - '47' Module(s) have been scanned
    Scan process 'avgnt.exe' - '70' Module(s) have been scanned
    Scan process 'WkCalRem.exe' - '25' Module(s) have been scanned
    Scan process 'DPAgent.exe' - '50' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
    Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
    Scan process 'CinemanowSvc.exe' - '35' Module(s) have been scanned
    Scan process 'avguard.exe' - '69' Module(s) have been scanned
    Scan process 'sched.exe' - '50' Module(s) have been scanned
    Scan process 'a2service.exe' - '41' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '100' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\ProgramData\Microsoft\WLSetup\wlt82C3.tmp
    [0] Archive type: CAB (Microsoft)
    --> WriterProdLang.7z
    [1] Archive type: 7-Zip
    --> WriterProdLang.cab
    [2] Archive type: CAB (Microsoft)
    --> writerprodlang.msi
    [WARNING] The file could not be read!
    C:\ProgramData\Microsoft\WLSetup\wlt8534.tmp
    [0] Archive type: CAB (Microsoft)
    --> LanguageSelector64.7z
    [1] Archive type: 7-Zip
    --> LanguageSelector64.cab
    [2] Archive type: CAB (Microsoft)
    --> LanguageSelector64.msi
    [WARNING] The file could not be read!
    Begin scan in 'D:\' <RECOVERY>
    Begin scan in 'E:\' <HP_TOOLS>


    End of the scan: Wednesday, June 08, 2011 17:50
    Used time: 58:09 Minute(s)

    The scan has been done completely.

    30402 Scanned directories
    550843 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    550843 Files not concerned
    2752 Archives were scanned
    2 Warnings
    4 Notes
    484546 Objects were scanned with rootkit scan
    4 Hidden objects were found

    I will do more if someone thinks I should. Thank you, John.

  2. #2
    Join Date
    Jun 2011
    Posts
    14
    Here is what MBR says:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv7 Notebook PC
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 200):
    0x02E4C000 \SystemRoot\system32\ntoskrnl.exe
    0x02E03000 \SystemRoot\system32\hal.dll
    0x00BB1000 \SystemRoot\system32\kdcom.dll
    0x00CA9000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CB6000 \SystemRoot\system32\PSHED.dll
    0x00CCA000 \SystemRoot\system32\CLFS.SYS
    0x00D28000 \SystemRoot\system32\CI.dll
    0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E67000 \SystemRoot\system32\drivers\ACPI.sys
    0x00EBE000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00EC7000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00ED1000 \SystemRoot\system32\drivers\pci.sys
    0x00F04000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00F11000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F26000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00F2F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F3B000 \SystemRoot\system32\drivers\volmgr.sys
    0x00F50000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FAC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FC6000 \SystemRoot\system32\drivers\atapi.sys
    0x00FCF000 \SystemRoot\system32\drivers\ataport.SYS
    0x00E00000 \SystemRoot\system32\drivers\msahci.sys
    0x00E0B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00E1B000 \SystemRoot\system32\drivers\amdxata.sys
    0x010A6000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010F2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0123F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01106000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013E2000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01164000 \SystemRoot\System32\Drivers\cng.sys
    0x01200000 \SystemRoot\System32\drivers\pcw.sys
    0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0149E000 \SystemRoot\system32\drivers\ndis.sys
    0x01591000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01693000 \SystemRoot\System32\drivers\tcpip.sys
    0x01897000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018E1000 \SystemRoot\system32\drivers\volsnap.sys
    0x0192D000 \SystemRoot\System32\Drivers\spldr.sys
    0x01935000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0196F000 \SystemRoot\System32\Drivers\mup.sys
    0x01981000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0198A000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x01994000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x019CE000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01630000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x0142B000 \SystemRoot\system32\drivers\cdrom.sys
    0x01670000 \SystemRoot\System32\Drivers\Null.SYS
    0x01679000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01680000 \SystemRoot\System32\drivers\vga.sys
    0x01455000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x019E4000 \SystemRoot\System32\drivers\watchdog.sys
    0x019F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0147A000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01483000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x0148C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0121B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x011D6000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x015F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01000000 \SystemRoot\system32\drivers\afd.sys
    0x02C8E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02CD3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02CDC000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D02000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02D18000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02D27000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02D42000 \SystemRoot\system32\drivers\termdd.sys
    0x02D56000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02DA7000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02DB3000 \SystemRoot\system32\drivers\mssmbios.sys
    0x02DBE000 \SystemRoot\system32\DRIVERS\dvmio.sys
    0x02DC6000 \SystemRoot\System32\drivers\discache.sys
    0x02DD5000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02C11000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x02C33000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02C59000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x036A4000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04816000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x036EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03600000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x03636000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04FD2000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x0428B000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x044D5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x044E2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04552000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0455D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x045B3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x045C4000 \SystemRoot\system32\drivers\i8042prt.sys
    0x045E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x045F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04200000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x0420D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04212000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x0421B000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x0422B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04241000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04265000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00E26000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0367C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x050D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x050F6000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05110000 \SystemRoot\system32\drivers\swenum.sys
    0x05112000 \SystemRoot\system32\drivers\ks.sys
    0x05155000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x05167000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x0517B000 \SystemRoot\system32\drivers\umbus.sys
    0x0518D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x051E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05000000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x05022000 \SystemRoot\system32\drivers\portcls.sys
    0x0505F000 \SystemRoot\system32\drivers\drmk.sys
    0x05081000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0603A000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x060BC000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x060CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x060D6000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x060E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x060F4000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x00090000 \SystemRoot\System32\win32k.sys
    0x06105000 \SystemRoot\System32\drivers\Dxapi.sys
    0x06111000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0611F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x06138000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x06141000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x06143000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x0615B000 \SystemRoot\System32\Drivers\bthport.sys
    0x06000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05087000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0601D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005E0000 \SystemRoot\System32\TSDDD.dll
    0x00700000 \SystemRoot\System32\cdd.dll
    0x01638000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x061E7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x050B5000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x037E2000 \SystemRoot\system32\DRIVERS\hidbth.sys
    0x0602B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02A79000 \SystemRoot\system32\drivers\luafv.sys
    0x02A9C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x02AB9000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02ADA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02AEF000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02B42000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02B55000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x07E7D000 \SystemRoot\system32\drivers\HTTP.sys
    0x07F46000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x07F50000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07F6E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07F86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07FB3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07E24000 \SystemRoot\SysWOW64\Drivers\HMuKstE8.sys
    0x08696000 \SystemRoot\system32\drivers\peauth.sys
    0x0873C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08747000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08778000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0878A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0887A000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77830000 \Windows\System32\ntdll.dll
    0x47CC0000 \Windows\System32\smss.exe
    0xFFB50000 \Windows\System32\apisetschema.dll
    0xFF2F0000 \Windows\System32\autochk.exe
    0x77620000 \Windows\System32\iertutil.dll
    0xFFAC0000 \Windows\System32\difxapi.dll
    0xFF9E0000 \Windows\System32\oleaut32.dll
    0xFF970000 \Windows\System32\gdi32.dll
    0xFF840000 \Windows\System32\rpcrt4.dll
    0xFEAB0000 \Windows\System32\shell32.dll
    0xFE9A0000 \Windows\System32\msctf.dll
    0xFE900000 \Windows\System32\comdlg32.dll
    0xFE880000 \Windows\System32\shlwapi.dll
    0xFE820000 \Windows\System32\Wldap32.dll
    0x77520000 \Windows\System32\user32.dll
    0xFE640000 \Windows\System32\setupapi.dll
    0xFE610000 \Windows\System32\imm32.dll
    0xFE600000 \Windows\System32\nsi.dll
    0x773C0000 \Windows\System32\wininet.dll
    0xFE5B0000 \Windows\System32\ws2_32.dll
    0xFE4D0000 \Windows\System32\advapi32.dll
    0xFE2C0000 \Windows\System32\ole32.dll
    0xFE2A0000 \Windows\System32\imagehlp.dll
    0xFE200000 \Windows\System32\clbcatq.dll
    0x772A0000 \Windows\System32\kernel32.dll
    0xFE130000 \Windows\System32\usp10.dll
    0x77150000 \Windows\System32\urlmon.dll
    0x77A00000 \Windows\System32\psapi.dll
    0xFE110000 \Windows\System32\sechost.dll
    0x779F0000 \Windows\System32\normaliz.dll
    0xFE070000 \Windows\System32\msvcrt.dll
    0xFE060000 \Windows\System32\lpk.dll
    0xFDEF0000 \Windows\System32\crypt32.dll
    0xFDEB0000 \Windows\System32\cfgmgr32.dll
    0xFDE10000 \Windows\System32\comctl32.dll
    0xFDDD0000 \Windows\System32\wintrust.dll
    0xFDDB0000 \Windows\System32\devobj.dll
    0xFDD40000 \Windows\System32\KernelBase.dll
    0xFDD30000 \Windows\System32\msasn1.dll

    Processes (total 69):
    0 System Idle Process
    4 System
    268 C:\Windows\System32\smss.exe
    380 csrss.exe
    472 C:\Windows\System32\wininit.exe
    496 csrss.exe
    536 C:\Windows\System32\services.exe
    552 C:\Windows\System32\lsass.exe
    560 C:\Windows\System32\lsm.exe
    684 C:\Windows\System32\winlogon.exe
    716 C:\Windows\System32\svchost.exe
    780 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    888 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\atiesrxx.exe
    1016 C:\Windows\System32\svchost.exe
    308 C:\Windows\System32\svchost.exe
    384 C:\Windows\System32\svchost.exe
    556 C:\Program Files\IDT\WDM\stacsv64.exe
    1092 C:\Windows\System32\audiodg.exe
    1272 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\hpservice.exe
    1332 C:\Windows\System32\atieclxx.exe
    1384 C:\Windows\System32\vcsFPService.exe
    1488 C:\Windows\System32\svchost.exe
    1592 C:\Windows\System32\wlanext.exe
    1600 C:\Windows\System32\conhost.exe
    1680 C:\Windows\System32\spoolsv.exe
    1724 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    1808 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1828 C:\Windows\System32\svchost.exe
    1944 C:\Windows\System32\svchost.exe
    1988 C:\Program Files\IDT\WDM\AESTSr64.exe
    2016 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    1080 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1200 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    1444 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    1848 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1928 C:\Windows\System32\conhost.exe
    2056 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2112 C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe
    2148 C:\Windows\System32\lxdxcoms.exe
    2216 C:\Windows\System32\svchost.exe
    2264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2320 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2384 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2572 C:\Windows\System32\taskeng.exe
    2708 C:\Windows\System32\dwm.exe
    2728 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    2740 C:\Windows\System32\taskhost.exe
    2812 C:\Windows\explorer.exe
    2960 C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
    2980 C:\Program Files\IDT\WDM\sttray64.exe
    2992 C:\Program Files\Windows Sidebar\sidebar.exe
    3028 C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    2076 WmiPrvSE.exe
    1220 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2524 C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe
    3036 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3216 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    3236 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3444 C:\Windows\System32\SearchIndexer.exe
    3484 C:\Windows\System32\svchost.exe
    3664 C:\Windows\System32\svchost.exe
    3912 C:\Windows\System32\SearchProtocolHost.exe
    3936 C:\Windows\System32\SearchFilterHost.exe
    2372 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    2644 C:\Users\john\Desktop\MBRCheck.exe
    2736 C:\Windows\System32\conhost.exe
    1796 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006e`f1100000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

    PhysicalDrive0 Model Number: TOSHIBAMK5056GSY, Rev: LH003C

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 9733557A68EBEC97B87A30D9C07C0BA267E58A46


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:

    Done!

  3. #3
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915
    DDS logs are missing.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

  4. #4
    Join Date
    Jun 2011
    Posts
    14
    Sorry about that. Thank you for taking the time to help. Anyway here is the other 2 logs, The DDS first then the aswMBR.
    DDS:
    DDS (Ver_2011-06-03.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by john at 7:01:07 on 2011-06-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2307 [GMT -5:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe
    C:\Windows\system32\lxdxcoms.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.charter.net/google/index.php?q=
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Expert8] "C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe"
    StartupFolder: C:\Users\john\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wkcalrem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\2375942554836343 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\2456C6B696E6F574F575962756C6563737F5331464733413 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\7786964756D616E6 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\A475 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\A677 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\C696E6B6379737 : DhcpNameServer = 68.94.156.1 68.94.157.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    BHO-X64: StumbleUpon Launcher - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
    BHO-X64: HP SimplePass Identity Protection Extension - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB-X64: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Expert8] "C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-5-6 2860800]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-31 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-21 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-21 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
    R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdxserv.exe [2011-2-3 29184]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-5-6 85800]
    S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
    S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
    S3 BTHBUS;YRT Bluetooth Bus Driver;C:\Windows\system32\DRIVERS\bthbus.sys --> C:\Windows\system32\DRIVERS\bthbus.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\84E9.tmp --> C:\Windows\system32\84E9.tmp [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-4-14 103336]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-09 08:47:02 -------- d-----w- C:\Users\john\AppData\Roaming\Malwarebytes
    2011-06-09 08:46:55 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-09 08:46:52 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-09 01:50:45 6144 ------w- C:\Windows\System32\84E9.tmp
    2011-06-09 01:50:01 6144 ------w- C:\Windows\System32\D97D.tmp
    2011-06-09 01:20:05 6144 ------w- C:\Windows\System32\736A.tmp
    2011-06-09 01:18:52 -------- d-----w- C:\Users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
    2011-06-09 01:14:04 6144 ------w- C:\Windows\System32\EE63.tmp
    2011-06-08 23:58:26 6144 ------w- C:\Windows\System32\9262.tmp
    2011-06-08 23:57:42 6144 ------w- C:\Windows\System32\E7D1.tmp
    2011-06-08 23:24:33 6144 ------w- C:\Windows\System32\8D62.tmp
    2011-06-08 23:23:34 6144 ------w- C:\Windows\System32\A851.tmp
    2011-06-08 21:52:15 -------- d-----w- C:\Users\john\AppData\Roaming\Avira
    2011-06-07 21:47:37 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F23D451E-632D-4BEA-A8D7-AF436DBF690F}\mpengine.dll
    2011-06-07 12:16:45 805400 ----a-r- C:\Windows\SysWow64\tmp80D3.tmp
    2011-06-07 12:15:32 805400 ----a-r- C:\Windows\SysWow64\tmp8094.tmp
    2011-06-06 15:38:30 -------- d-----w- C:\Users\john\AppData\Local\PassMark
    2011-06-06 15:37:42 -------- d-----w- C:\ProgramData\Passmark
    2011-06-04 00:16:45 -------- d-----w- C:\GTR2Demo
    2011-05-31 12:40:35 -------- d-----w- C:\Program Files (x86)\Activision
    2011-05-28 14:33:45 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-05-28 14:24:00 -------- d-----w- C:\Program Files (x86)\AMD
    2011-05-27 23:03:09 -------- d-----w- C:\Users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
    2011-05-24 22:06:17 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-20 20:52:44 6144 ------w- C:\Windows\System32\F457.tmp
    2011-05-20 20:50:53 6144 ------w- C:\Windows\System32\42C3.tmp
    2011-05-19 12:56:55 6144 ------w- C:\Windows\System32\25CB.tmp
    2011-05-19 12:55:49 6144 ------w- C:\Windows\System32\23B8.tmp
    2011-05-19 12:55:39 -------- d-----w- C:\Program Files (x86)\Sophos
    2011-05-17 21:29:56 -------- d-----w- C:\Users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
    2011-05-13 23:58:22 17720 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll
    2011-05-13 23:58:10 30520 ----a-w- C:\Windows\System32\hpservice.exe
    2011-05-13 23:58:04 20792 ----a-w- C:\Windows\System32\accelerometerdll.DLL
    2011-05-13 23:57:58 43320 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys
    2011-05-13 11:43:26 -------- d-----w- C:\Users\john\AppData\Local\{3575EC61-37A2-45DE-9C02-7FCAF6F3D703}
    2011-05-12 21:35:55 -------- d-----w- C:\Users\john\AppData\Local\{9071DE0E-FA1D-4176-877B-7326A8E1B0C5}
    2011-05-11 12:46:23 -------- d-----w- C:\Users\john\AppData\Local\{354F9A80-1190-4EA1-8857-B473AC1F3A49}
    .
    ==================== Find3M ====================
    .
    2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-13 23:58:16 30008 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys
    2011-04-25 07:08:42 345968 ----a-w- C:\Windows\System32\drivers\bthbus.sys
    2011-04-09 23:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
    2011-04-09 23:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-04-01 22:07:59 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-03-25 03:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-03-25 03:29:14 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-03-25 03:29:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-03-25 03:29:04 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-03-25 03:29:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-03-25 03:28:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-03-21 18:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2011-03-21 18:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2011-03-21 18:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    .
    ============= FINISH: 7:01:34.67 ===============


    aswMBR:
    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-10 07:00:01
    -----------------------------
    07:00:01.572 OS Version: Windows x64 6.1.7601 Service Pack 1
    07:00:01.572 Number of processors: 3 586 0x503
    07:00:01.572 ComputerName: JOHN-PC UserName: john
    07:00:03.834 Initialize success
    07:00:13.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    07:00:13.287 Disk 0 Vendor: TOSHIBA_MK5056GSY LH003C Size: 476940MB BusType: 11
    07:00:15.315 Disk 0 MBR read successfully
    07:00:15.315 Disk 0 MBR scan
    07:00:15.315 Disk 0 unknown MBR code
    07:00:15.331 Service scanning
    07:00:18.981 Disk 0 trace - called modules:
    07:00:18.997 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    07:00:18.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046be690]
    07:00:18.997 3 CLASSPNP.SYS[fffff880019a043f] -> nt!IofCallDriver -> [0xfffffa80046be040]
    07:00:18.997 5 hpdskflt.sys[fffff88001947189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004636680]
    07:00:19.012 Scan finished successfully
    07:00:44.331 Disk 0 MBR has been saved successfully to "C:\Users\john\Desktop\MBR.dat"
    07:00:44.331 The log file has been saved successfully to "C:\Users\john\Desktop\aswMBR.txt"


    I hope thats all, Thank's again, John....

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Attach.txt part of DDS is missing.
    Please, provide that.

    You're also not saying what are your computer problems.
    So far, I don't see much.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

  6. #6
    Join Date
    Jun 2011
    Posts
    14
    Hi Broni, First of all I guess I did not make it very clear from my first post, I am not having any computer problems. I ran a scan with Avira, during the rootkit part of scanning it found 4 hidden files. So I downloaded GMER. It found what you see in the report. That is what lead me to wonder if what GMER found is a rootkit. From what I have already posted, do you think there is something there? Or do you need ,me to do the other 2 scans. If so what did I do wrong for the DDS files?

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    I ran a scan with Avira, during the rootkit part of scanning it found 4 hidden files
    Without knowing file names and their location, I simply can't comment.
    GMER doesn't show any rootkit activity.

    Please continue with my previous reply.

  8. #8
    Join Date
    Jun 2011
    Posts
    14
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.4 MUI
    Adobe Shockwave Player
    Atheros Driver Installation Program
    Avira AntiVir Personal - Free Antivirus
    Canon Easy-PhotoPrint EX
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Contents
    Corel PaintShop Photo Pro X3
    Corel VideoStudio Pro X3
    D3DX10
    DeviceIO
    DiRT2 Demo
    Emsisoft Anti-Malware 5.1
    ESU for Microsoft Windows 7
    Feedback Tool
    GRID Demo
    HP MediaSmart Webcam
    HP Power Plan Utility
    HP Product Detection
    HP Software Framework
    HP User Guides 0188
    HPAsset component for HP Active Support Library
    ICA
    IDT Audio
    IPM_PSP_Pro
    IPM_VS_Pro
    ISCOM
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    jv16 PowerTools 2010
    Kensington SlimBlade Trackball
    LabelPrint
    LightScribe System Software
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed Underground 2 Demo
    Need for Speed™ Most Wanted PC Demo
    Need for Speed™ SHIFT Demo
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    NVIDIA PhysX
    OpenAL
    Ovi Desktop Sync Engine
    OviMPlatform
    PaintShop Photo Pro X3 Registration Incentive
    PC Connectivity Solution
    PSPPContent
    PSPPRO_DCRAW
    PureHD
    RadioShack PRO-107 "iSCAN" PC Application
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Setup
    Share
    Skype™ 5.1
    StumbleUpon IE Toolbar
    System Requirements Lab
    TmNationsForever
    VIO
    Visual C++ 2008 Runtime (x64)
    VSClassic
    VSPro
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WOT for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2011 9:27:21 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: &#37;%-2147467243
    6/8/2011 9:32:18 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
    6/8/2011 9:32:18 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\84E9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 8:50:02 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\D97D.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 8:20:06 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\736A.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 8:14:19 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\EE63.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 8:10:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks
    6/8/2011 7:36:31 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\9262.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 6:57:43 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\E7D1.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 6:24:33 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\8D62.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 6:23:50 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\A851.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/8/2011 10:04:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6abae76a-bd2d-11df-8cde-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1DC7E1F3-D99A-4B73-B274-C6262E17F7AC}' was corrupted and it has been recovered. Some data might have been lost.
    6/6/2011 11:00:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    6/3/2011 5:11:41 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
    6/10/2011 9:04:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Make sure, you always post whole logs.
    Top part of Attach.txt log is missing, but in this case I can live without it.

  10. #10
    Join Date
    Jun 2011
    Posts
    14
    Sorry about that, this is kinda of new to me. Here is the log from Combofix, this is the ssecond log, as when the program ran the first time it saved the log to a default location on my harddrive, not sure how to get it, so I ran it a second time. The first time it did remove something. Here's what I have:
    ComboFix 11-06-10.09 - john 06/10/2011 21:39:41.2.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2585 [GMT -5:00]
    Running from: c:\users\john\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-11 02:45 . 2011-06-11 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-11 02:45 . 2011-06-11 02:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-06-10 12:16 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CC2DDE-5792-4EC8-B57A-FF740AB51DC9}\mpengine.dll
    2011-06-09 08:47 . 2011-06-09 08:47 -------- d-----w- c:\users\john\AppData\Roaming\Malwarebytes
    2011-06-09 08:46 . 2011-06-09 08:46 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-09 08:46 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\84E9.tmp
    2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\D97D.tmp
    2011-06-09 01:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\736A.tmp
    2011-06-09 01:18 . 2011-06-09 01:19 -------- d-----w- c:\users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
    2011-06-09 01:14 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\EE63.tmp
    2011-06-08 23:58 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9262.tmp
    2011-06-08 23:57 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\E7D1.tmp
    2011-06-08 23:24 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\8D62.tmp
    2011-06-08 23:23 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\A851.tmp
    2011-06-08 21:52 . 2011-06-08 21:52 -------- d-----w- c:\users\john\AppData\Roaming\Avira
    2011-06-07 12:16 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp80D3.tmp
    2011-06-07 12:15 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp8094.tmp
    2011-06-06 15:38 . 2011-06-06 15:38 -------- d-----w- c:\users\john\AppData\Local\PassMark
    2011-06-06 15:37 . 2011-06-06 15:37 -------- d-----w- c:\programdata\Passmark
    2011-06-04 00:16 . 2011-06-07 03:50 -------- d-----w- C:\GTR2Demo
    2011-05-31 12:40 . 2011-05-31 12:40 -------- d-----w- c:\program files (x86)\Activision
    2011-05-28 14:35 . 2011-05-28 14:35 -------- d-----w- c:\programdata\ATI
    2011-05-28 14:33 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD APP
    2011-05-28 14:24 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD
    2011-05-27 23:03 . 2011-05-27 23:03 -------- d-----w- c:\users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
    2011-05-24 22:06 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-20 20:52 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\F457.tmp
    2011-05-20 20:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\42C3.tmp
    2011-05-19 12:56 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\25CB.tmp
    2011-05-19 12:55 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\23B8.tmp
    2011-05-19 12:55 . 2011-06-09 09:22 -------- d-----w- c:\program files (x86)\Sophos
    2011-05-17 21:29 . 2011-05-17 21:30 -------- d-----w- c:\users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
    2011-05-13 23:58 . 2011-05-13 23:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
    2011-05-13 23:58 . 2011-05-13 23:58 30520 ----a-w- c:\windows\system32\hpservice.exe
    2011-05-13 23:58 . 2011-05-13 23:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
    2011-05-13 23:57 . 2011-05-13 23:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
    2011-05-13 11:43 . 2011-05-13 11:43 -------- d-----w- c:\users\john\AppData\Local\{3575EC61-37A2-45DE-9C02-7FCAF6F3D703}
    2011-05-12 21:35 . 2011-05-12 21:36 -------- d-----w- c:\users\john\AppData\Local\{9071DE0E-FA1D-4176-877B-7326A8E1B0C5}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 00:14 . 2010-09-10 16:43 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-13 23:58 . 2009-07-08 20:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
    2011-04-25 07:08 . 2011-04-25 07:08 345968 ----a-w- c:\windows\system32\drivers\bthbus.sys
    2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
    2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
    2011-04-09 07:02 . 2011-05-11 03:29 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:58 . 2011-05-11 11:30 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-09 06:02 . 2011-05-11 03:29 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 03:29 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-11 11:30 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-04-03 00:16 . 2011-04-03 00:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-04-03 00:16 . 2011-04-03 00:16 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-04-03 00:16 . 2011-04-03 00:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-04-03 00:16 . 2011-04-03 00:16 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-04-03 00:16 . 2011-04-03 00:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-04-03 00:16 . 2011-04-03 00:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-04-03 00:16 . 2011-04-03 00:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-04-03 00:16 . 2011-04-03 00:16 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-04-03 00:16 . 2011-04-03 00:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-04-03 00:16 . 2011-04-03 00:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-04-03 00:16 . 2011-04-03 00:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-04-03 00:16 . 2011-04-03 00:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-04-03 00:16 . 2011-04-03 00:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-04-03 00:16 . 2011-04-03 00:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-04-03 00:16 . 2011-04-03 00:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-04-03 00:16 . 2011-04-03 00:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-04-03 00:16 . 2011-04-03 00:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-03 00:16 . 2011-04-03 00:16 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-04-03 00:16 . 2011-04-03 00:16 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-04-03 00:16 . 2011-04-03 00:16 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-03 00:16 . 2011-04-03 00:16 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-04-03 00:16 . 2011-04-03 00:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-04-03 00:16 . 2011-04-03 00:16 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-04-03 00:16 . 2011-04-03 00:16 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-04-03 00:16 . 2011-04-03 00:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-04-03 00:16 . 2011-04-03 00:16 448512 ----a-w- c:\windows\system32\html.iec
    2011-04-03 00:16 . 2011-04-03 00:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-03 00:16 . 2011-04-03 00:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-04-03 00:16 . 2011-04-03 00:16 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-04-03 00:16 . 2011-04-03 00:16 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-03 00:16 . 2011-04-03 00:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-03 00:16 . 2011-04-03 00:16 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-04-03 00:16 . 2011-04-03 00:16 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-04-03 00:16 . 2011-04-03 00:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-01 22:07 . 2010-09-21 13:42 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-01 22:07 . 2010-09-21 13:42 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-25 03:29 . 2011-05-11 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:29 . 2011-05-11 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:29 . 2011-05-11 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:29 . 2011-05-11 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:29 . 2011-05-11 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:28 . 2011-05-11 03:29 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-03-21 18:22 . 2011-03-21 18:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2011-03-21 18:22 . 2011-03-21 18:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2011-03-21 18:22 . 2010-08-02 09:19 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-11_02.30.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-25 16:42 . 2011-06-11 02:38 60942 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2010-04-25 16:42 . 2011-06-10 20:08 60942 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-06-11 02:05 51562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-06-11 02:38 51562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-09-10 16:05 . 2011-06-11 02:38 14286 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2995256995-1083078439-3919252237-1001_UserData.bin
    + 2010-09-10 22:48 . 2011-06-11 02:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-09-10 22:48 . 2011-06-11 02:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-09-10 22:48 . 2011-06-11 02:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-09-10 22:48 . 2011-06-11 02:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-06-11 02:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-06-11 02:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-09-10 16:46 . 2011-06-11 02:36 1801 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2010-09-10 16:46 . 2011-06-11 02:29 1801 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2011-06-11 02:30 . 2011-06-11 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-06-11 02:36 . 2011-06-11 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-06-11 02:30 . 2011-06-11 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-11 02:36 . 2011-06-11 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2011-06-11 02:08 624178 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-06-11 02:43 624178 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-06-11 02:43 106522 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-06-11 02:08 106522 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-06-11 02:29 334588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-06-11 02:36 334588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
    "Expert8"="c:\program files (x86)\Kensington\SlimBlade Trackball\Expert8.exe" [2009-02-23 457224]
    .
    c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-02-21 85800]
    R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
    R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
    R3 BTHBUS;YRT Bluetooth Bus Driver;c:\windows\system32\DRIVERS\bthbus.sys [x]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84E9.tmp [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-04-14 103336]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va003;X6va003;c:\users\john\AppData\Local\Temp\003A42C.tmp [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-03-29 2860800]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-01 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
    S2 HMuKstE8;Kensington SlimBlade Trackball USB HID Device Filter Driver;SysWOW64\Drivers\HMuKstE8.sys [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-01 487424]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\84E9.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\john\AppData\Local\Temp\003A42C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-06-10 21:47:00
    ComboFix-quarantined-files.txt 2011-06-11 02:47
    ComboFix2.txt 2011-06-11 02:33
    .
    Pre-Run: 394,537,455,616 bytes free
    Post-Run: 394,342,817,792 bytes free
    .
    - - End Of File - - 5F52498B4F30CA0A7BCB213CB437C998

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    OK, navigate to C:\Qoobox, find ComboFix2.txt file and post the content back here.

  12. #12
    Join Date
    Jun 2011
    Posts
    14
    ComboFix 11-06-10.09 - john 06/10/2011 21:24:12.1.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2376 [GMT -5:00]
    Running from: c:\users\john\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\users\john\AppData\Roaming\EurekaLog
    c:\users\john\AppData\Roaming\EurekaLog\EurekaLog.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-11 02:22 . 2011-06-11 02:23 -------- d-----w- C:\32788R22FWJFW
    2011-06-10 12:16 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CC2DDE-5792-4EC8-B57A-FF740AB51DC9}\mpengine.dll
    2011-06-09 08:47 . 2011-06-09 08:47 -------- d-----w- c:\users\john\AppData\Roaming\Malwarebytes
    2011-06-09 08:46 . 2011-06-09 08:46 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-09 08:46 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\84E9.tmp
    2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\D97D.tmp
    2011-06-09 01:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\736A.tmp
    2011-06-09 01:18 . 2011-06-09 01:19 -------- d-----w- c:\users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
    2011-06-09 01:14 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\EE63.tmp
    2011-06-08 23:58 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9262.tmp
    2011-06-08 23:57 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\E7D1.tmp
    2011-06-08 23:24 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\8D62.tmp
    2011-06-08 23:23 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\A851.tmp
    2011-06-08 21:52 . 2011-06-08 21:52 -------- d-----w- c:\users\john\AppData\Roaming\Avira
    2011-06-07 12:16 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp80D3.tmp
    2011-06-07 12:15 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp8094.tmp
    2011-06-06 15:38 . 2011-06-06 15:38 -------- d-----w- c:\users\john\AppData\Local\PassMark
    2011-06-06 15:37 . 2011-06-06 15:37 -------- d-----w- c:\programdata\Passmark
    2011-06-04 00:16 . 2011-06-07 03:50 -------- d-----w- C:\GTR2Demo
    2011-05-31 12:40 . 2011-05-31 12:40 -------- d-----w- c:\program files (x86)\Activision
    2011-05-28 14:35 . 2011-05-28 14:35 -------- d-----w- c:\programdata\ATI
    2011-05-28 14:33 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD APP
    2011-05-28 14:24 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD
    2011-05-27 23:03 . 2011-05-27 23:03 -------- d-----w- c:\users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
    2011-05-24 22:06 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-20 20:52 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\F457.tmp
    2011-05-20 20:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\42C3.tmp
    2011-05-19 12:56 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\25CB.tmp
    2011-05-19 12:55 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\23B8.tmp
    2011-05-19 12:55 . 2011-06-09 09:22 -------- d-----w- c:\program files (x86)\Sophos
    2011-05-17 21:29 . 2011-05-17 21:30 -------- d-----w- c:\users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
    2011-05-13 23:58 . 2011-05-13 23:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
    2011-05-13 23:58 . 2011-05-13 23:58 30520 ----a-w- c:\windows\system32\hpservice.exe
    2011-05-13 23:58 . 2011-05-13 23:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
    2011-05-13 23:57 . 2011-05-13 23:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
    2011-05-13 11:43 . 2011-05-13 11:43 -------- d-----w- c:\users\john\AppData\Local\{3575EC61-37A2-45DE-9C02-7FCAF6F3D703}
    2011-05-12 21:35 . 2011-05-12 21:36 -------- d-----w- c:\users\john\AppData\Local\{9071DE0E-FA1D-4176-877B-7326A8E1B0C5}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 00:14 . 2010-09-10 16:43 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-13 23:58 . 2009-07-08 20:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
    2011-04-25 07:08 . 2011-04-25 07:08 345968 ----a-w- c:\windows\system32\drivers\bthbus.sys
    2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
    2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
    2011-04-09 07:02 . 2011-05-11 03:29 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:58 . 2011-05-11 11:30 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-09 06:02 . 2011-05-11 03:29 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 03:29 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-11 11:30 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-04-03 00:16 . 2011-04-03 00:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-04-03 00:16 . 2011-04-03 00:16 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-04-03 00:16 . 2011-04-03 00:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-04-03 00:16 . 2011-04-03 00:16 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-04-03 00:16 . 2011-04-03 00:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-04-03 00:16 . 2011-04-03 00:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-04-03 00:16 . 2011-04-03 00:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-04-03 00:16 . 2011-04-03 00:16 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-04-03 00:16 . 2011-04-03 00:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-04-03 00:16 . 2011-04-03 00:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-04-03 00:16 . 2011-04-03 00:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-04-03 00:16 . 2011-04-03 00:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-04-03 00:16 . 2011-04-03 00:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-04-03 00:16 . 2011-04-03 00:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-04-03 00:16 . 2011-04-03 00:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-04-03 00:16 . 2011-04-03 00:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-04-03 00:16 . 2011-04-03 00:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-03 00:16 . 2011-04-03 00:16 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-04-03 00:16 . 2011-04-03 00:16 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-04-03 00:16 . 2011-04-03 00:16 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-03 00:16 . 2011-04-03 00:16 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-04-03 00:16 . 2011-04-03 00:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-04-03 00:16 . 2011-04-03 00:16 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-04-03 00:16 . 2011-04-03 00:16 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-04-03 00:16 . 2011-04-03 00:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-04-03 00:16 . 2011-04-03 00:16 448512 ----a-w- c:\windows\system32\html.iec
    2011-04-03 00:16 . 2011-04-03 00:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-03 00:16 . 2011-04-03 00:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-04-03 00:16 . 2011-04-03 00:16 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-04-03 00:16 . 2011-04-03 00:16 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-03 00:16 . 2011-04-03 00:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-03 00:16 . 2011-04-03 00:16 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-04-03 00:16 . 2011-04-03 00:16 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-04-03 00:16 . 2011-04-03 00:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-01 22:07 . 2010-09-21 13:42 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-01 22:07 . 2010-09-21 13:42 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-25 03:29 . 2011-05-11 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:29 . 2011-05-11 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:29 . 2011-05-11 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:29 . 2011-05-11 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:29 . 2011-05-11 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:28 . 2011-05-11 03:29 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-03-21 18:22 . 2011-03-21 18:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2011-03-21 18:22 . 2011-03-21 18:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2011-03-21 18:22 . 2010-08-02 09:19 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
    "Expert8"="c:\program files (x86)\Kensington\SlimBlade Trackball\Expert8.exe" [2009-02-23 457224]
    .
    c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-02-21 85800]
    R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
    R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
    R3 BTHBUS;YRT Bluetooth Bus Driver;c:\windows\system32\DRIVERS\bthbus.sys [x]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84E9.tmp [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-04-14 103336]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va003;X6va003;c:\users\john\AppData\Local\Temp\003A42C.tmp [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-03-29 2860800]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-01 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
    S2 HMuKstE8;Kensington SlimBlade Trackball USB HID Device Filter Driver;SysWOW64\Drivers\HMuKstE8.sys [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF2633.cfxxe" [X]
    "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-01 487424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\84E9.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\john\AppData\Local\Temp\003A42C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-10 21:33:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-11 02:33
    .
    Pre-Run: 394,932,441,088 bytes free
    Post-Run: 394,453,688,320 bytes free
    .
    - - End Of File - - 726B9B9D58F58CB70B0DF1CFE78573B7

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    That looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    &#37;SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  14. #14
    Join Date
    Jun 2011
    Posts
    14
    Hello again Broni, I just did the scan with OTL and here are the Logs, I have to split them up, they are too big for one post.
    OTL logfile created on: 6/13/2011 8:09:57 AM - Run 1
    OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\john\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 69.09% Memory free
    7.49 Gb Paging File | 5.86 Gb Available in Paging File | 78.31% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 443.57 Gb Total Space | 368.07 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
    Drive D: | 21.89 Gb Total Space | 3.19 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 99.02 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: JOHN-PC | User Name: john | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
    PRC - [2011/05/01 09:50:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/20 21:59:55 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
    PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/11/03 12:47:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2009/12/30 14:22:02 | 000,623,368 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    PRC - [2009/02/23 17:20:18 | 000,457,224 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe
    PRC - [2007/06/21 07:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
    MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/01/31 23:06:55 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/01/31 23:06:53 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2011/01/04 23:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV:64bit: - [2010/01/06 03:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
    SRV:64bit: - [2009/12/30 14:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
    SRV:64bit: - [2009/10/16 18:00:54 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2008/02/27 19:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
    SRV - [2011/05/01 09:50:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/04/14 17:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
    SRV - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/01/06 02:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/02/27 19:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/04/25 02:08:42 | 000,345,968 | ---- | M] (Yi Ruan Technology Corp.Ltd.,Beijing) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthbus.sys -- (BTHBUS)
    DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/31 23:06:57 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/26 21:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/07/30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
    DRV:64bit: - [2010/07/30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2010/07/30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
    DRV:64bit: - [2010/07/30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
    DRV:64bit: - [2010/07/12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2010/07/12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\F457.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/01/28 13:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/11/11 15:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
    DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/04/28 12:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
    DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\john\Desktop
    IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
    IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/08/02 04:56:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/04 01:08:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/26 00:20:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/04 01:08:50 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Expert8] C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O4 - Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab...64_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...t_4.4.21.0.cab (SysInfo Class)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

  15. #15
    Join Date
    Jun 2011
    Posts
    14
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/13 08:08:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
    [2011/06/12 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Avira
    [2011/06/10 21:47:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/10 21:23:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/10 21:22:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/09 03:47:02 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
    [2011/06/09 03:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/06/08 20:18:52 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
    [2011/06/06 10:38:32 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\PassMark
    [2011/06/06 10:38:30 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\PassMark
    [2011/06/06 10:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
    [2011/06/03 22:48:05 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\Codemasters
    [2011/06/03 19:18:49 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\GTR2
    [2011/06/03 19:16:45 | 000,000,000 | ---D | C] -- C:\GTR2Demo
    [2011/05/31 07:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
    [2011/05/28 09:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2011/05/28 09:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2011/05/28 09:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
    [2011/05/27 18:03:09 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
    [2011/05/19 07:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2011/05/17 16:29:56 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
    [2011/02/03 06:26:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
    [2011/02/03 06:26:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
    [2011/02/03 06:26:03 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
    [2011/02/03 06:26:01 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
    [2011/02/03 06:26:01 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
    [2011/02/03 06:26:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
    [2011/02/03 06:26:00 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
    [2011/02/03 06:26:00 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
    [2011/02/03 06:26:00 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
    [2011/02/03 06:25:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
    [2011/02/03 06:25:59 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
    [2011/02/03 06:25:59 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
    [2011/02/03 06:25:58 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe
    [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
    [2011/06/13 08:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/12 17:26:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/12 17:26:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/12 17:23:26 | 000,624,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/06/12 17:23:26 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/06/12 17:23:26 | 000,008,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/06/12 17:19:01 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/28 11:03:59 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/07 16:07:37 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
    [2011/05/07 16:07:37 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/02/23 03:53:40 | 000,000,022 | -HS- | C] () -- C:\Users\john\AppData\Roaming\Sys2662.Config.Repository.bin
    [2011/02/03 06:27:03 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
    [2011/02/03 06:26:05 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
    [2011/02/03 06:26:05 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
    [2011/01/31 23:30:12 | 000,001,854 | ---- | C] () -- C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
    [2010/10/15 20:35:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/10/15 20:35:42 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/09/24 05:53:10 | 000,000,000 | ---- | C] () -- C:\Users\john\AppData\Roaming\wklnhst.dat
    [2010/09/11 17:32:47 | 000,009,216 | ---- | C] () -- C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/11 00:17:30 | 000,007,658 | ---- | C] () -- C:\Users\john\AppData\Local\Resmon.ResmonCfg
    [2010/09/10 16:13:52 | 000,000,022 | -HS- | C] () -- C:\Users\john\AppData\Roaming\Sys6925.Config Collection.sys
    [2010/09/10 16:13:52 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin
    [2010/08/02 04:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/08/02 04:13:56 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/08/02 04:13:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/12/30 13:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
    [2009/12/30 13:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
    [2009/12/30 01:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
    [2009/12/30 01:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
    [2009/12/30 01:35:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
    [2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
    [2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

    ========== LOP Check ==========

    [2010/11/30 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Canon
    [2010/09/10 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\DigitalPersona
    [2011/06/11 08:25:00 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\EurekaLog
    [2010/12/31 08:02:14 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\GARMIN
    [2010/11/28 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Need for Speed World
    [2011/02/04 17:52:00 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Nokia
    [2011/02/04 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Nokia Ovi Suite
    [2011/02/04 01:37:27 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\PC Suite
    [2011/02/10 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Template
    [2010/09/28 17:49:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Ulead Systems
    [2010/10/20 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Windows Live Writer
    [2011/05/20 02:24:48 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/06/10 21:47:00 | 000,023,779 | ---- | M] () -- C:\ComboFix.txt
    [2011/06/12 17:19:01 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/06 10:30:51 | 000,000,256 | ---- | M] () -- C:\lxdx.log
    [2011/06/12 17:19:03 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/27 16:34:18 | 000,000,184 | ---- | M] () -- C:\setup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/02 19:23:49 | 000,000,221 | -HS- | M] () -- C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/23 09:16:10 | 000,000,402 | -HS- | M] () -- C:\Users\john\Favorites\desktop.ini
    [2011/04/02 19:24:35 | 000,000,000 | ---- | M] () -- C:\Users\john\Favorites\From Internet Explorer

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/02/03 06:27:00 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2011/02/03 06:32:53 | 000,000,267 | ---- | M] () -- C:\ProgramData\lxdx.log
    [2011/05/07 11:56:43 | 000,000,492 | ---- | M] () -- C:\ProgramData\lxdxDiagnostics.log
    [2011/02/03 06:36:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
    [2010/08/02 04:43:34 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/04/25 14:14:51 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/08/02 04:43:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/04/25 14:10:30 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/08/02 04:42:24 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/08/02 04:43:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/04/25 14:09:28 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/04/25 14:14:27 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/08/02 04:43:48 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoRebootWithLoggedOnUsers" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:AD768A7E

    < End of report >

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •