-
June 9th, 2011, 05:16 AM
#1
[RESOLVED] Could someone please let me know if I have a rootkit on PC?
Hello, I did a scan with Avira. It found 4 hidden files. I am not having any problems with my computer, but here is what GMER and Malwarebytes and Avira found:
Malwarebytes:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6817
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
6/9/2011 3:53:09 AM
mbam-log-2011-06-09 (03-53-09).txt
Scan type: Quick scan
Objects scanned: 166713
Time elapsed: 2 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-09 03:59:59
Windows 6.1.7601 Service Pack 1
Running: 0zzru3c7.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002bb8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002bb8@0002761463a9 0x9C 0xA5 0xC0 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc00318b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc00318b@0002762683ae 0xAC 0x78 0x0B 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4a42
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4a42@0002762bbcd7 0x50 0x17 0xA7 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc002bb8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc002bb8@0002761463a9 0x9C 0xA5 0xC0 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc00318b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc00318b@0002762683ae 0xAC 0x78 0x0B 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4a42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4a42@0002762bbcd7 0x50 0x17 0xA7 0xC1 ...
---- EOF - GMER 1.0.15 ----
And here is Aviras scan results, which started me thinking I might have a rootkit:
Start of the scan: Wednesday, June 08, 2011 16:52
Starting search for hidden objects.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Applets\SysTray\BattMeter\Flyout\381b42 22-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Applets\SysTray\BattMeter\Flyout\8c5e7f da-e8bf-4a96-9a85-a6e23a8c635c
[NOTE] The registry entry is invisible.
c:\program files (x86)\microsoft works\wkscal.exe
c:\program files (x86)\microsoft works\wkscal.exe
[NOTE] The process is not visible.
The scan of running processes will be started
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'Expert8.exe' - '47' Module(s) have been scanned
Scan process 'avgnt.exe' - '70' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '25' Module(s) have been scanned
Scan process 'DPAgent.exe' - '50' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'CinemanowSvc.exe' - '35' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'a2service.exe' - '41' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '100' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\ProgramData\Microsoft\WLSetup\wlt82C3.tmp
[0] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[1] Archive type: 7-Zip
--> WriterProdLang.cab
[2] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!
C:\ProgramData\Microsoft\WLSetup\wlt8534.tmp
[0] Archive type: CAB (Microsoft)
--> LanguageSelector64.7z
[1] Archive type: 7-Zip
--> LanguageSelector64.cab
[2] Archive type: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNING] The file could not be read!
Begin scan in 'D:\' <RECOVERY>
Begin scan in 'E:\' <HP_TOOLS>
End of the scan: Wednesday, June 08, 2011 17:50
Used time: 58:09 Minute(s)
The scan has been done completely.
30402 Scanned directories
550843 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
550843 Files not concerned
2752 Archives were scanned
2 Warnings
4 Notes
484546 Objects were scanned with rootkit scan
4 Hidden objects were found
I will do more if someone thinks I should. Thank you, John.
-
June 9th, 2011, 06:44 AM
#2
Here is what MBR says:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 200):
0x02E4C000 \SystemRoot\system32\ntoskrnl.exe
0x02E03000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00CA9000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB6000 \SystemRoot\system32\PSHED.dll
0x00CCA000 \SystemRoot\system32\CLFS.SYS
0x00D28000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E67000 \SystemRoot\system32\drivers\ACPI.sys
0x00EBE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EC7000 \SystemRoot\system32\drivers\msisadrv.sys
0x00ED1000 \SystemRoot\system32\drivers\pci.sys
0x00F04000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F11000 \SystemRoot\System32\drivers\partmgr.sys
0x00F26000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F2F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F3B000 \SystemRoot\system32\drivers\volmgr.sys
0x00F50000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAC000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC6000 \SystemRoot\system32\drivers\atapi.sys
0x00FCF000 \SystemRoot\system32\drivers\ataport.SYS
0x00E00000 \SystemRoot\system32\drivers\msahci.sys
0x00E0B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E1B000 \SystemRoot\system32\drivers\amdxata.sys
0x010A6000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F2000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01106000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01164000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0149E000 \SystemRoot\system32\drivers\ndis.sys
0x01591000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01693000 \SystemRoot\System32\drivers\tcpip.sys
0x01897000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018E1000 \SystemRoot\system32\drivers\volsnap.sys
0x0192D000 \SystemRoot\System32\Drivers\spldr.sys
0x01935000 \SystemRoot\System32\drivers\rdyboost.sys
0x0196F000 \SystemRoot\System32\Drivers\mup.sys
0x01981000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0198A000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01994000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019CE000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01630000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x0142B000 \SystemRoot\system32\drivers\cdrom.sys
0x01670000 \SystemRoot\System32\Drivers\Null.SYS
0x01679000 \SystemRoot\System32\Drivers\Beep.SYS
0x01680000 \SystemRoot\System32\drivers\vga.sys
0x01455000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019E4000 \SystemRoot\System32\drivers\watchdog.sys
0x019F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0147A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01483000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0148C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0121B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011D6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01000000 \SystemRoot\system32\drivers\afd.sys
0x02C8E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CD3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CDC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D02000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D18000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D27000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D42000 \SystemRoot\system32\drivers\termdd.sys
0x02D56000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DA7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DB3000 \SystemRoot\system32\drivers\mssmbios.sys
0x02DBE000 \SystemRoot\system32\DRIVERS\dvmio.sys
0x02DC6000 \SystemRoot\System32\drivers\discache.sys
0x02DD5000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02C11000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02C33000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C59000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x036A4000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04816000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x036EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03636000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04FD2000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0428B000 \SystemRoot\system32\DRIVERS\athrx.sys
0x044D5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x044E2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04552000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0455D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045B3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045C4000 \SystemRoot\system32\drivers\i8042prt.sys
0x045E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04200000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0420D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04212000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0421B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0422B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04241000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04265000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00E26000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0367C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x050D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x050F6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05110000 \SystemRoot\system32\drivers\swenum.sys
0x05112000 \SystemRoot\system32\drivers\ks.sys
0x05155000 \SystemRoot\system32\DRIVERS\circlass.sys
0x05167000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x0517B000 \SystemRoot\system32\drivers\umbus.sys
0x0518D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x051E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05000000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x05022000 \SystemRoot\system32\drivers\portcls.sys
0x0505F000 \SystemRoot\system32\drivers\drmk.sys
0x05081000 \SystemRoot\system32\drivers\ksthunk.sys
0x0603A000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x060BC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x060CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x060D6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x060E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x060F4000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x06105000 \SystemRoot\System32\drivers\Dxapi.sys
0x06111000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0611F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06138000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06141000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06143000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x0615B000 \SystemRoot\System32\Drivers\bthport.sys
0x06000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05087000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0601D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x01638000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x061E7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x050B5000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x037E2000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x0602B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02A79000 \SystemRoot\system32\drivers\luafv.sys
0x02A9C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02AB9000 \SystemRoot\system32\drivers\WudfPf.sys
0x02ADA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02AEF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02B42000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02B55000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07E7D000 \SystemRoot\system32\drivers\HTTP.sys
0x07F46000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x07F50000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07F6E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07F86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07FB3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07E24000 \SystemRoot\SysWOW64\Drivers\HMuKstE8.sys
0x08696000 \SystemRoot\system32\drivers\peauth.sys
0x0873C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08747000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08778000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0878A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0887A000 \SystemRoot\System32\DRIVERS\srv.sys
0x77830000 \Windows\System32\ntdll.dll
0x47CC0000 \Windows\System32\smss.exe
0xFFB50000 \Windows\System32\apisetschema.dll
0xFF2F0000 \Windows\System32\autochk.exe
0x77620000 \Windows\System32\iertutil.dll
0xFFAC0000 \Windows\System32\difxapi.dll
0xFF9E0000 \Windows\System32\oleaut32.dll
0xFF970000 \Windows\System32\gdi32.dll
0xFF840000 \Windows\System32\rpcrt4.dll
0xFEAB0000 \Windows\System32\shell32.dll
0xFE9A0000 \Windows\System32\msctf.dll
0xFE900000 \Windows\System32\comdlg32.dll
0xFE880000 \Windows\System32\shlwapi.dll
0xFE820000 \Windows\System32\Wldap32.dll
0x77520000 \Windows\System32\user32.dll
0xFE640000 \Windows\System32\setupapi.dll
0xFE610000 \Windows\System32\imm32.dll
0xFE600000 \Windows\System32\nsi.dll
0x773C0000 \Windows\System32\wininet.dll
0xFE5B0000 \Windows\System32\ws2_32.dll
0xFE4D0000 \Windows\System32\advapi32.dll
0xFE2C0000 \Windows\System32\ole32.dll
0xFE2A0000 \Windows\System32\imagehlp.dll
0xFE200000 \Windows\System32\clbcatq.dll
0x772A0000 \Windows\System32\kernel32.dll
0xFE130000 \Windows\System32\usp10.dll
0x77150000 \Windows\System32\urlmon.dll
0x77A00000 \Windows\System32\psapi.dll
0xFE110000 \Windows\System32\sechost.dll
0x779F0000 \Windows\System32\normaliz.dll
0xFE070000 \Windows\System32\msvcrt.dll
0xFE060000 \Windows\System32\lpk.dll
0xFDEF0000 \Windows\System32\crypt32.dll
0xFDEB0000 \Windows\System32\cfgmgr32.dll
0xFDE10000 \Windows\System32\comctl32.dll
0xFDDD0000 \Windows\System32\wintrust.dll
0xFDDB0000 \Windows\System32\devobj.dll
0xFDD40000 \Windows\System32\KernelBase.dll
0xFDD30000 \Windows\System32\msasn1.dll
Processes (total 69):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
380 csrss.exe
472 C:\Windows\System32\wininit.exe
496 csrss.exe
536 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\svchost.exe
780 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
888 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\atiesrxx.exe
1016 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
556 C:\Program Files\IDT\WDM\stacsv64.exe
1092 C:\Windows\System32\audiodg.exe
1272 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\hpservice.exe
1332 C:\Windows\System32\atieclxx.exe
1384 C:\Windows\System32\vcsFPService.exe
1488 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\wlanext.exe
1600 C:\Windows\System32\conhost.exe
1680 C:\Windows\System32\spoolsv.exe
1724 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1808 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1828 C:\Windows\System32\svchost.exe
1944 C:\Windows\System32\svchost.exe
1988 C:\Program Files\IDT\WDM\AESTSr64.exe
2016 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1080 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1200 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
1444 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1848 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1928 C:\Windows\System32\conhost.exe
2056 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2112 C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe
2148 C:\Windows\System32\lxdxcoms.exe
2216 C:\Windows\System32\svchost.exe
2264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2320 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2384 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2572 C:\Windows\System32\taskeng.exe
2708 C:\Windows\System32\dwm.exe
2728 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
2740 C:\Windows\System32\taskhost.exe
2812 C:\Windows\explorer.exe
2960 C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
2980 C:\Program Files\IDT\WDM\sttray64.exe
2992 C:\Program Files\Windows Sidebar\sidebar.exe
3028 C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
2076 WmiPrvSE.exe
1220 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2524 C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe
3036 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3216 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3236 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3444 C:\Windows\System32\SearchIndexer.exe
3484 C:\Windows\System32\svchost.exe
3664 C:\Windows\System32\svchost.exe
3912 C:\Windows\System32\SearchProtocolHost.exe
3936 C:\Windows\System32\SearchFilterHost.exe
2372 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2644 C:\Users\john\Desktop\MBRCheck.exe
2736 C:\Windows\System32\conhost.exe
1796 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006e`f1100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)
PhysicalDrive0 Model Number: TOSHIBAMK5056GSY, Rev: LH003C
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 9733557A68EBEC97B87A30D9C07C0BA267E58A46
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
-
June 9th, 2011, 02:10 PM
#3
Welcome aboard
Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915
DDS logs are missing.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
-
June 10th, 2011, 08:09 AM
#4
Sorry about that. Thank you for taking the time to help. Anyway here is the other 2 logs, The DDS first then the aswMBR.
DDS:
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by john at 7:01:07 on 2011-06-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2307 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Expert8] "C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe"
StartupFolder: C:\Users\john\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wkcalrem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\2375942554836343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\2456C6B696E6F574F575962756C6563737F5331464733413 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\7786964756D616E6 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\A475 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\A677 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E49C2109-854E-4BA0-926C-A2BF8AB51A39}\C696E6B6379737 : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO-X64: StumbleUpon Launcher - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64: HP SimplePass Identity Protection Extension - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB-X64: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Expert8] "C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-5-6 2860800]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-31 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-21 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-21 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdxserv.exe [2011-2-3 29184]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-5-6 85800]
S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
S3 BTHBUS;YRT Bluetooth Bus Driver;C:\Windows\system32\DRIVERS\bthbus.sys --> C:\Windows\system32\DRIVERS\bthbus.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\84E9.tmp --> C:\Windows\system32\84E9.tmp [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-4-14 103336]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-06-09 08:47:02 -------- d-----w- C:\Users\john\AppData\Roaming\Malwarebytes
2011-06-09 08:46:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-09 08:46:52 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-09 01:50:45 6144 ------w- C:\Windows\System32\84E9.tmp
2011-06-09 01:50:01 6144 ------w- C:\Windows\System32\D97D.tmp
2011-06-09 01:20:05 6144 ------w- C:\Windows\System32\736A.tmp
2011-06-09 01:18:52 -------- d-----w- C:\Users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
2011-06-09 01:14:04 6144 ------w- C:\Windows\System32\EE63.tmp
2011-06-08 23:58:26 6144 ------w- C:\Windows\System32\9262.tmp
2011-06-08 23:57:42 6144 ------w- C:\Windows\System32\E7D1.tmp
2011-06-08 23:24:33 6144 ------w- C:\Windows\System32\8D62.tmp
2011-06-08 23:23:34 6144 ------w- C:\Windows\System32\A851.tmp
2011-06-08 21:52:15 -------- d-----w- C:\Users\john\AppData\Roaming\Avira
2011-06-07 21:47:37 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F23D451E-632D-4BEA-A8D7-AF436DBF690F}\mpengine.dll
2011-06-07 12:16:45 805400 ----a-r- C:\Windows\SysWow64\tmp80D3.tmp
2011-06-07 12:15:32 805400 ----a-r- C:\Windows\SysWow64\tmp8094.tmp
2011-06-06 15:38:30 -------- d-----w- C:\Users\john\AppData\Local\PassMark
2011-06-06 15:37:42 -------- d-----w- C:\ProgramData\Passmark
2011-06-04 00:16:45 -------- d-----w- C:\GTR2Demo
2011-05-31 12:40:35 -------- d-----w- C:\Program Files (x86)\Activision
2011-05-28 14:33:45 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-28 14:24:00 -------- d-----w- C:\Program Files (x86)\AMD
2011-05-27 23:03:09 -------- d-----w- C:\Users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
2011-05-24 22:06:17 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-20 20:52:44 6144 ------w- C:\Windows\System32\F457.tmp
2011-05-20 20:50:53 6144 ------w- C:\Windows\System32\42C3.tmp
2011-05-19 12:56:55 6144 ------w- C:\Windows\System32\25CB.tmp
2011-05-19 12:55:49 6144 ------w- C:\Windows\System32\23B8.tmp
2011-05-19 12:55:39 -------- d-----w- C:\Program Files (x86)\Sophos
2011-05-17 21:29:56 -------- d-----w- C:\Users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
2011-05-13 23:58:22 17720 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll
2011-05-13 23:58:10 30520 ----a-w- C:\Windows\System32\hpservice.exe
2011-05-13 23:58:04 20792 ----a-w- C:\Windows\System32\accelerometerdll.DLL
2011-05-13 23:57:58 43320 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys
2011-05-13 11:43:26 -------- d-----w- C:\Users\john\AppData\Local\{3575EC61-37A2-45DE-9C02-7FCAF6F3D703}
2011-05-12 21:35:55 -------- d-----w- C:\Users\john\AppData\Local\{9071DE0E-FA1D-4176-877B-7326A8E1B0C5}
2011-05-11 12:46:23 -------- d-----w- C:\Users\john\AppData\Local\{354F9A80-1190-4EA1-8857-B473AC1F3A49}
.
==================== Find3M ====================
.
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-13 23:58:16 30008 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys
2011-04-25 07:08:42 345968 ----a-w- C:\Windows\System32\drivers\bthbus.sys
2011-04-09 23:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 23:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-01 22:07:59 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-25 03:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:29:14 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:29:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:29:04 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:29:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:28:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-03-21 18:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-03-21 18:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-03-21 18:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 7:01:34.67 ===============
aswMBR:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 07:00:01
-----------------------------
07:00:01.572 OS Version: Windows x64 6.1.7601 Service Pack 1
07:00:01.572 Number of processors: 3 586 0x503
07:00:01.572 ComputerName: JOHN-PC UserName: john
07:00:03.834 Initialize success
07:00:13.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:00:13.287 Disk 0 Vendor: TOSHIBA_MK5056GSY LH003C Size: 476940MB BusType: 11
07:00:15.315 Disk 0 MBR read successfully
07:00:15.315 Disk 0 MBR scan
07:00:15.315 Disk 0 unknown MBR code
07:00:15.331 Service scanning
07:00:18.981 Disk 0 trace - called modules:
07:00:18.997 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:00:18.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046be690]
07:00:18.997 3 CLASSPNP.SYS[fffff880019a043f] -> nt!IofCallDriver -> [0xfffffa80046be040]
07:00:18.997 5 hpdskflt.sys[fffff88001947189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004636680]
07:00:19.012 Scan finished successfully
07:00:44.331 Disk 0 MBR has been saved successfully to "C:\Users\john\Desktop\MBR.dat"
07:00:44.331 The log file has been saved successfully to "C:\Users\john\Desktop\aswMBR.txt"
I hope thats all, Thank's again, John....
-
June 10th, 2011, 11:25 AM
#5
Attach.txt part of DDS is missing.
Please, provide that.
You're also not saying what are your computer problems.
So far, I don't see much.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
June 10th, 2011, 04:30 PM
#6
Hi Broni, First of all I guess I did not make it very clear from my first post, I am not having any computer problems. I ran a scan with Avira, during the rootkit part of scanning it found 4 hidden files. So I downloaded GMER. It found what you see in the report. That is what lead me to wonder if what GMER found is a rootkit. From what I have already posted, do you think there is something there? Or do you need ,me to do the other 2 scans. If so what did I do wrong for the DDS files?
-
June 10th, 2011, 06:32 PM
#7
I ran a scan with Avira, during the rootkit part of scanning it found 4 hidden files
Without knowing file names and their location, I simply can't comment.
GMER doesn't show any rootkit activity.
Please continue with my previous reply.
-
June 10th, 2011, 10:21 PM
#8
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4 MUI
Adobe Shockwave Player
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
Canon Easy-PhotoPrint EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
D3DX10
DeviceIO
DiRT2 Demo
Emsisoft Anti-Malware 5.1
ESU for Microsoft Windows 7
Feedback Tool
GRID Demo
HP MediaSmart Webcam
HP Power Plan Utility
HP Product Detection
HP Software Framework
HP User Guides 0188
HPAsset component for HP Active Support Library
ICA
IDT Audio
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
jv16 PowerTools 2010
Kensington SlimBlade Trackball
LabelPrint
LightScribe System Software
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Underground 2 Demo
Need for Speed™ Most Wanted PC Demo
Need for Speed™ SHIFT Demo
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
NVIDIA PhysX
OpenAL
Ovi Desktop Sync Engine
OviMPlatform
PaintShop Photo Pro X3 Registration Incentive
PC Connectivity Solution
PSPPContent
PSPPRO_DCRAW
PureHD
RadioShack PRO-107 "iSCAN" PC Application
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Setup
Share
Skype™ 5.1
StumbleUpon IE Toolbar
System Requirements Lab
TmNationsForever
VIO
Visual C++ 2008 Runtime (x64)
VSClassic
VSPro
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 9:27:21 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
6/8/2011 9:32:18 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
6/8/2011 9:32:18 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\84E9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 8:50:02 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\D97D.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 8:20:06 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\736A.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 8:14:19 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\EE63.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 8:10:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks
6/8/2011 7:36:31 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\9262.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 6:57:43 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\E7D1.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 6:24:33 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\8D62.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 6:23:50 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\A851.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/8/2011 10:04:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6abae76a-bd2d-11df-8cde-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1DC7E1F3-D99A-4B73-B274-C6262E17F7AC}' was corrupted and it has been recovered. Some data might have been lost.
6/6/2011 11:00:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
6/3/2011 5:11:41 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
6/10/2011 9:04:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
-
June 10th, 2011, 10:24 PM
#9
Make sure, you always post whole logs.
Top part of Attach.txt log is missing, but in this case I can live without it.
-
June 10th, 2011, 10:56 PM
#10
Sorry about that, this is kinda of new to me. Here is the log from Combofix, this is the ssecond log, as when the program ran the first time it saved the log to a default location on my harddrive, not sure how to get it, so I ran it a second time. The first time it did remove something. Here's what I have:
ComboFix 11-06-10.09 - john 06/10/2011 21:39:41.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2585 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 02:45 . 2011-06-11 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 02:45 . 2011-06-11 02:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-10 12:16 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CC2DDE-5792-4EC8-B57A-FF740AB51DC9}\mpengine.dll
2011-06-09 08:47 . 2011-06-09 08:47 -------- d-----w- c:\users\john\AppData\Roaming\Malwarebytes
2011-06-09 08:46 . 2011-06-09 08:46 -------- d-----w- c:\programdata\Malwarebytes
2011-06-09 08:46 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\84E9.tmp
2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\D97D.tmp
2011-06-09 01:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\736A.tmp
2011-06-09 01:18 . 2011-06-09 01:19 -------- d-----w- c:\users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
2011-06-09 01:14 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\EE63.tmp
2011-06-08 23:58 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9262.tmp
2011-06-08 23:57 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\E7D1.tmp
2011-06-08 23:24 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\8D62.tmp
2011-06-08 23:23 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\A851.tmp
2011-06-08 21:52 . 2011-06-08 21:52 -------- d-----w- c:\users\john\AppData\Roaming\Avira
2011-06-07 12:16 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp80D3.tmp
2011-06-07 12:15 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp8094.tmp
2011-06-06 15:38 . 2011-06-06 15:38 -------- d-----w- c:\users\john\AppData\Local\PassMark
2011-06-06 15:37 . 2011-06-06 15:37 -------- d-----w- c:\programdata\Passmark
2011-06-04 00:16 . 2011-06-07 03:50 -------- d-----w- C:\GTR2Demo
2011-05-31 12:40 . 2011-05-31 12:40 -------- d-----w- c:\program files (x86)\Activision
2011-05-28 14:35 . 2011-05-28 14:35 -------- d-----w- c:\programdata\ATI
2011-05-28 14:33 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD APP
2011-05-28 14:24 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD
2011-05-27 23:03 . 2011-05-27 23:03 -------- d-----w- c:\users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
2011-05-24 22:06 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 20:52 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\F457.tmp
2011-05-20 20:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\42C3.tmp
2011-05-19 12:56 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\25CB.tmp
2011-05-19 12:55 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\23B8.tmp
2011-05-19 12:55 . 2011-06-09 09:22 -------- d-----w- c:\program files (x86)\Sophos
2011-05-17 21:29 . 2011-05-17 21:30 -------- d-----w- c:\users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
2011-05-13 23:58 . 2011-05-13 23:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-13 23:58 . 2011-05-13 23:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-13 23:58 . 2011-05-13 23:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-13 23:57 . 2011-05-13 23:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-13 11:43 . 2011-05-13 11:43 -------- d-----w- c:\users\john\AppData\Local\{3575EC61-37A2-45DE-9C02-7FCAF6F3D703}
2011-05-12 21:35 . 2011-05-12 21:36 -------- d-----w- c:\users\john\AppData\Local\{9071DE0E-FA1D-4176-877B-7326A8E1B0C5}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2010-09-10 16:43 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 23:58 . 2009-07-08 20:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-04-25 07:08 . 2011-04-25 07:08 345968 ----a-w- c:\windows\system32\drivers\bthbus.sys
2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-11 03:29 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 11:30 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 03:29 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 03:29 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 11:30 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-03 00:16 . 2011-04-03 00:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-03 00:16 . 2011-04-03 00:16 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-03 00:16 . 2011-04-03 00:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-03 00:16 . 2011-04-03 00:16 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-03 00:16 . 2011-04-03 00:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-03 00:16 . 2011-04-03 00:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-03 00:16 . 2011-04-03 00:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-03 00:16 . 2011-04-03 00:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-03 00:16 . 2011-04-03 00:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-03 00:16 . 2011-04-03 00:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-03 00:16 . 2011-04-03 00:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-03 00:16 . 2011-04-03 00:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-03 00:16 . 2011-04-03 00:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-03 00:16 . 2011-04-03 00:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-03 00:16 . 2011-04-03 00:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-03 00:16 . 2011-04-03 00:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-03 00:16 . 2011-04-03 00:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 00:16 . 2011-04-03 00:16 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-03 00:16 . 2011-04-03 00:16 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-03 00:16 . 2011-04-03 00:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-03 00:16 . 2011-04-03 00:16 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-03 00:16 . 2011-04-03 00:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-03 00:16 . 2011-04-03 00:16 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-03 00:16 . 2011-04-03 00:16 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-03 00:16 . 2011-04-03 00:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-03 00:16 . 2011-04-03 00:16 448512 ----a-w- c:\windows\system32\html.iec
2011-04-03 00:16 . 2011-04-03 00:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-03 00:16 . 2011-04-03 00:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-03 00:16 . 2011-04-03 00:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-03 00:16 . 2011-04-03 00:16 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-03 00:16 . 2011-04-03 00:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-03 00:16 . 2011-04-03 00:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-03 00:16 . 2011-04-03 00:16 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-03 00:16 . 2011-04-03 00:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-01 22:07 . 2010-09-21 13:42 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-01 22:07 . 2010-09-21 13:42 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-25 03:29 . 2011-05-11 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-11 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-11 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-11 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:28 . 2011-05-11 03:29 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-21 18:22 . 2011-03-21 18:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 18:22 . 2011-03-21 18:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-21 18:22 . 2010-08-02 09:19 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-11_02.30.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 16:42 . 2011-06-11 02:38 60942 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-04-25 16:42 . 2011-06-10 20:08 60942 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-11 02:05 51562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-11 02:38 51562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-10 16:05 . 2011-06-11 02:38 14286 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2995256995-1083078439-3919252237-1001_UserData.bin
+ 2010-09-10 22:48 . 2011-06-11 02:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-10 22:48 . 2011-06-11 02:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-10 22:48 . 2011-06-11 02:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-10 22:48 . 2011-06-11 02:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-11 02:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-11 02:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-10 16:46 . 2011-06-11 02:36 1801 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-09-10 16:46 . 2011-06-11 02:29 1801 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-06-11 02:30 . 2011-06-11 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-11 02:36 . 2011-06-11 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-11 02:30 . 2011-06-11 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-11 02:36 . 2011-06-11 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-06-11 02:08 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-11 02:43 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-11 02:43 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-06-11 02:08 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-06-11 02:29 334588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-11 02:36 334588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"Expert8"="c:\program files (x86)\Kensington\SlimBlade Trackball\Expert8.exe" [2009-02-23 457224]
.
c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-02-21 85800]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 BTHBUS;YRT Bluetooth Bus Driver;c:\windows\system32\DRIVERS\bthbus.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84E9.tmp [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-04-14 103336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\john\AppData\Local\Temp\003A42C.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-03-29 2860800]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 HMuKstE8;Kensington SlimBlade Trackball USB HID Device Filter Driver;SysWOW64\Drivers\HMuKstE8.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-01 487424]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84E9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\john\AppData\Local\Temp\003A42C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-10 21:47:00
ComboFix-quarantined-files.txt 2011-06-11 02:47
ComboFix2.txt 2011-06-11 02:33
.
Pre-Run: 394,537,455,616 bytes free
Post-Run: 394,342,817,792 bytes free
.
- - End Of File - - 5F52498B4F30CA0A7BCB213CB437C998
-
June 10th, 2011, 11:00 PM
#11
OK, navigate to C:\Qoobox, find ComboFix2.txt file and post the content back here.
-
June 10th, 2011, 11:13 PM
#12
ComboFix 11-06-10.09 - john 06/10/2011 21:24:12.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2376 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\john\AppData\Roaming\EurekaLog
c:\users\john\AppData\Roaming\EurekaLog\EurekaLog.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 02:22 . 2011-06-11 02:23 -------- d-----w- C:\32788R22FWJFW
2011-06-10 12:16 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CC2DDE-5792-4EC8-B57A-FF740AB51DC9}\mpengine.dll
2011-06-09 08:47 . 2011-06-09 08:47 -------- d-----w- c:\users\john\AppData\Roaming\Malwarebytes
2011-06-09 08:46 . 2011-06-09 08:46 -------- d-----w- c:\programdata\Malwarebytes
2011-06-09 08:46 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\84E9.tmp
2011-06-09 01:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\D97D.tmp
2011-06-09 01:20 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\736A.tmp
2011-06-09 01:18 . 2011-06-09 01:19 -------- d-----w- c:\users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
2011-06-09 01:14 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\EE63.tmp
2011-06-08 23:58 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9262.tmp
2011-06-08 23:57 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\E7D1.tmp
2011-06-08 23:24 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\8D62.tmp
2011-06-08 23:23 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\A851.tmp
2011-06-08 21:52 . 2011-06-08 21:52 -------- d-----w- c:\users\john\AppData\Roaming\Avira
2011-06-07 12:16 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp80D3.tmp
2011-06-07 12:15 . 2008-04-28 17:29 805400 ----a-r- c:\windows\SysWow64\tmp8094.tmp
2011-06-06 15:38 . 2011-06-06 15:38 -------- d-----w- c:\users\john\AppData\Local\PassMark
2011-06-06 15:37 . 2011-06-06 15:37 -------- d-----w- c:\programdata\Passmark
2011-06-04 00:16 . 2011-06-07 03:50 -------- d-----w- C:\GTR2Demo
2011-05-31 12:40 . 2011-05-31 12:40 -------- d-----w- c:\program files (x86)\Activision
2011-05-28 14:35 . 2011-05-28 14:35 -------- d-----w- c:\programdata\ATI
2011-05-28 14:33 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD APP
2011-05-28 14:24 . 2011-05-28 15:42 -------- d-----w- c:\program files (x86)\AMD
2011-05-27 23:03 . 2011-05-27 23:03 -------- d-----w- c:\users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
2011-05-24 22:06 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 20:52 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\F457.tmp
2011-05-20 20:50 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\42C3.tmp
2011-05-19 12:56 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\25CB.tmp
2011-05-19 12:55 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\23B8.tmp
2011-05-19 12:55 . 2011-06-09 09:22 -------- d-----w- c:\program files (x86)\Sophos
2011-05-17 21:29 . 2011-05-17 21:30 -------- d-----w- c:\users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
2011-05-13 23:58 . 2011-05-13 23:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-13 23:58 . 2011-05-13 23:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-13 23:58 . 2011-05-13 23:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-13 23:57 . 2011-05-13 23:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-13 11:43 . 2011-05-13 11:43 -------- d-----w- c:\users\john\AppData\Local\{3575EC61-37A2-45DE-9C02-7FCAF6F3D703}
2011-05-12 21:35 . 2011-05-12 21:36 -------- d-----w- c:\users\john\AppData\Local\{9071DE0E-FA1D-4176-877B-7326A8E1B0C5}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2010-09-10 16:43 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 23:58 . 2009-07-08 20:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-04-25 07:08 . 2011-04-25 07:08 345968 ----a-w- c:\windows\system32\drivers\bthbus.sys
2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-11 03:29 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 11:30 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 03:29 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 03:29 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 11:30 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-03 00:16 . 2011-04-03 00:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-03 00:16 . 2011-04-03 00:16 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-03 00:16 . 2011-04-03 00:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-03 00:16 . 2011-04-03 00:16 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-03 00:16 . 2011-04-03 00:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-03 00:16 . 2011-04-03 00:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-03 00:16 . 2011-04-03 00:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-03 00:16 . 2011-04-03 00:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-03 00:16 . 2011-04-03 00:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-03 00:16 . 2011-04-03 00:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-03 00:16 . 2011-04-03 00:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-03 00:16 . 2011-04-03 00:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-03 00:16 . 2011-04-03 00:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-03 00:16 . 2011-04-03 00:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-03 00:16 . 2011-04-03 00:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-03 00:16 . 2011-04-03 00:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-03 00:16 . 2011-04-03 00:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-03 00:16 . 2011-04-03 00:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 00:16 . 2011-04-03 00:16 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-03 00:16 . 2011-04-03 00:16 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-03 00:16 . 2011-04-03 00:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-03 00:16 . 2011-04-03 00:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-03 00:16 . 2011-04-03 00:16 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-03 00:16 . 2011-04-03 00:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-03 00:16 . 2011-04-03 00:16 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-03 00:16 . 2011-04-03 00:16 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-03 00:16 . 2011-04-03 00:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 00:16 . 2011-04-03 00:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-03 00:16 . 2011-04-03 00:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-03 00:16 . 2011-04-03 00:16 448512 ----a-w- c:\windows\system32\html.iec
2011-04-03 00:16 . 2011-04-03 00:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-03 00:16 . 2011-04-03 00:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-03 00:16 . 2011-04-03 00:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-03 00:16 . 2011-04-03 00:16 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-03 00:16 . 2011-04-03 00:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-03 00:16 . 2011-04-03 00:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-03 00:16 . 2011-04-03 00:16 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-03 00:16 . 2011-04-03 00:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-01 22:07 . 2010-09-21 13:42 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-01 22:07 . 2010-09-21 13:42 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-25 03:29 . 2011-05-11 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-11 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-11 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-11 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:28 . 2011-05-11 03:29 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-21 18:22 . 2011-03-21 18:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 18:22 . 2011-03-21 18:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-21 18:22 . 2010-08-02 09:19 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"Expert8"="c:\program files (x86)\Kensington\SlimBlade Trackball\Expert8.exe" [2009-02-23 457224]
.
c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-02-21 85800]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 BTHBUS;YRT Bluetooth Bus Driver;c:\windows\system32\DRIVERS\bthbus.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84E9.tmp [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-04-14 103336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\john\AppData\Local\Temp\003A42C.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-03-29 2860800]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 HMuKstE8;Kensington SlimBlade Trackball USB HID Device Filter Driver;SysWOW64\Drivers\HMuKstE8.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF2633.cfxxe" [X]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-01 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84E9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\john\AppData\Local\Temp\003A42C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
.
**************************************************************************
.
Completion time: 2011-06-10 21:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 02:33
.
Pre-Run: 394,932,441,088 bytes free
Post-Run: 394,453,688,320 bytes free
.
- - End Of File - - 726B9B9D58F58CB70B0DF1CFE78573B7
-
June 10th, 2011, 11:18 PM
#13
That looks good.
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
June 13th, 2011, 09:31 AM
#14
Hello again Broni, I just did the scan with OTL and here are the Logs, I have to split them up, they are too big for one post.
OTL logfile created on: 6/13/2011 8:09:57 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\john\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 69.09% Memory free
7.49 Gb Paging File | 5.86 Gb Available in Paging File | 78.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.57 Gb Total Space | 368.07 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive D: | 21.89 Gb Total Space | 3.19 Gb Free Space | 14.58% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 99.02 Mb Free Space | 100.00% Space Free | Partition Type: FAT32
Computer Name: JOHN-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
PRC - [2011/05/01 09:50:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/20 21:59:55 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 12:47:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/12/30 14:22:02 | 000,623,368 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2009/02/23 17:20:18 | 000,457,224 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe
PRC - [2007/06/21 07:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
========== Modules (SafeList) ==========
MOD - [2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/31 23:06:55 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/31 23:06:53 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/04 23:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/01/06 03:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/30 14:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/10/16 18:00:54 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/02/27 19:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV - [2011/05/01 09:50:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/14 17:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/06 02:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/27 19:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/25 02:08:42 | 000,345,968 | ---- | M] (Yi Ruan Technology Corp.Ltd.,Beijing) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthbus.sys -- (BTHBUS)
DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/31 23:06:57 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/26 21:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/07/30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/07/30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/07/30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/07/12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/07/12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\F457.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/28 13:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/11 15:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/04/28 12:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\john\Desktop
IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/08/02 04:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/04 01:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/26 00:20:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/04 01:08:50 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Expert8] C:\Program Files (x86)\Kensington\SlimBlade Trackball\Expert8.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2995256995-1083078439-3919252237-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab...64_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...t_4.4.21.0.cab (SysInfo Class)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
-
June 13th, 2011, 09:33 AM
#15
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/06/13 08:08:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2011/06/12 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Avira
[2011/06/10 21:47:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/10 21:23:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/10 21:22:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/09 03:47:02 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
[2011/06/09 03:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/08 20:18:52 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{1FDE4712-0301-4285-9694-552F7C027CAB}
[2011/06/06 10:38:32 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\PassMark
[2011/06/06 10:38:30 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\PassMark
[2011/06/06 10:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2011/06/03 22:48:05 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\Codemasters
[2011/06/03 19:18:49 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\GTR2
[2011/06/03 19:16:45 | 000,000,000 | ---D | C] -- C:\GTR2Demo
[2011/05/31 07:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2011/05/28 09:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/28 09:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/05/28 09:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/05/27 18:03:09 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{247947E1-0AD5-4FDA-A180-7EDCECDEDCC6}
[2011/05/19 07:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/05/17 16:29:56 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{B0E90857-A80D-4084-AC9D-7E6B91310ED9}
[2011/02/03 06:26:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
[2011/02/03 06:26:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
[2011/02/03 06:26:03 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
[2011/02/03 06:26:01 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
[2011/02/03 06:26:01 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
[2011/02/03 06:26:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
[2011/02/03 06:26:00 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
[2011/02/03 06:26:00 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
[2011/02/03 06:26:00 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe
[2011/02/03 06:25:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
[2011/02/03 06:25:59 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe
[2011/02/03 06:25:59 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
[2011/02/03 06:25:58 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2011/06/13 08:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/12 17:26:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 17:26:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 17:23:26 | 000,624,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/12 17:23:26 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/12 17:23:26 | 000,008,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/12 17:19:01 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 11:03:59 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/07 16:07:37 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2011/05/07 16:07:37 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/23 03:53:40 | 000,000,022 | -HS- | C] () -- C:\Users\john\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/02/03 06:27:03 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2011/02/03 06:26:05 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
[2011/02/03 06:26:05 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
[2011/01/31 23:30:12 | 000,001,854 | ---- | C] () -- C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
[2010/10/15 20:35:49 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/15 20:35:42 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/24 05:53:10 | 000,000,000 | ---- | C] () -- C:\Users\john\AppData\Roaming\wklnhst.dat
[2010/09/11 17:32:47 | 000,009,216 | ---- | C] () -- C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 00:17:30 | 000,007,658 | ---- | C] () -- C:\Users\john\AppData\Local\Resmon.ResmonCfg
[2010/09/10 16:13:52 | 000,000,022 | -HS- | C] () -- C:\Users\john\AppData\Roaming\Sys6925.Config Collection.sys
[2010/09/10 16:13:52 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin
[2010/08/02 04:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/02 04:13:56 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/08/02 04:13:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/12/30 13:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2009/12/30 13:57:04 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2009/12/30 01:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2009/12/30 01:36:24 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2009/12/30 01:35:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
========== LOP Check ==========
[2010/11/30 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Canon
[2010/09/10 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\DigitalPersona
[2011/06/11 08:25:00 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\EurekaLog
[2010/12/31 08:02:14 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\GARMIN
[2010/11/28 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Need for Speed World
[2011/02/04 17:52:00 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Nokia
[2011/02/04 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Nokia Ovi Suite
[2011/02/04 01:37:27 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\PC Suite
[2011/02/10 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Template
[2010/09/28 17:49:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Ulead Systems
[2010/10/20 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Windows Live Writer
[2011/05/20 02:24:48 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/06/10 21:47:00 | 000,023,779 | ---- | M] () -- C:\ComboFix.txt
[2011/06/12 17:19:01 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 10:30:51 | 000,000,256 | ---- | M] () -- C:\lxdx.log
[2011/06/12 17:19:03 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys
[2010/11/27 16:34:18 | 000,000,184 | ---- | M] () -- C:\setup.log
< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/02 19:23:49 | 000,000,221 | -HS- | M] () -- C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/06/13 08:08:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2011/02/23 09:16:10 | 000,000,402 | -HS- | M] () -- C:\Users\john\Favorites\desktop.ini
[2011/04/02 19:24:35 | 000,000,000 | ---- | M] () -- C:\Users\john\Favorites\From Internet Explorer
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/03 06:27:00 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2011/02/03 06:32:53 | 000,000,267 | ---- | M] () -- C:\ProgramData\lxdx.log
[2011/05/07 11:56:43 | 000,000,492 | ---- | M] () -- C:\ProgramData\lxdxDiagnostics.log
[2011/02/03 06:36:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
[2010/08/02 04:43:34 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/04/25 14:14:51 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/08/02 04:43:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/04/25 14:10:30 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/08/02 04:42:24 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/08/02 04:43:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/04/25 14:09:28 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/04/25 14:14:27 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/08/02 04:43:48 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:AD768A7E
< End of report >
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|