adobe_flash_player.exe
Started by
geezy9723
, Jun 03 2011 12:28 PM
This topic is locked
#16
Posted 04 June 2011 - 11:18 AM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
#17
Posted 04 June 2011 - 11:25 AM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
I am also going to restart the computer to see if i continue to have the same issue or if it will start as usual. I will keep you posted.
#18
Posted 04 June 2011 - 11:28 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yep the folder was gone 
#19
Posted 04 June 2011 - 11:45 AM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
MBAM is currently running... 1 infected file thus far... but an interesting new development...i believe that some how a user was created which is probably what is preventing me from logging in or seeing the log in screen...Which by the way i am unable to delete.. its listed as unknown user
could be wrong though
could be wrong though
Edited by geezy9723, 04 June 2011 - 11:52 AM.
#20
Posted 04 June 2011 - 12:08 PM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6772
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/4/2011 12:59:02 PM
mbam-log-2011-06-04 (12-59-02).txt
Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Objects scanned: 362729
Time elapsed: 38 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Wan\AppData\Local\Temp\Low\tmpE62D.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 6772
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/4/2011 12:59:02 PM
mbam-log-2011-06-04 (12-59-02).txt
Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Objects scanned: 362729
Time elapsed: 38 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Wan\AppData\Local\Temp\Low\tmpE62D.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
#21
Posted 04 June 2011 - 12:31 PM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
And now my mouse doesnt work... Im not sure if its progressing. still not restarting normally
#22
Posted 04 June 2011 - 12:57 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK next phase
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#23
Posted 04 June 2011 - 01:42 PM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
ComboFix 11-06-04.02 - Wan 06/04/2011 14:33:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3882.2744 [GMT -5:00]
Running from: c:\users\Wan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\users\Wan\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\SPACESHIP COMMANDER\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 19:31 . 2011-06-04 19:32 -------- d-----w- C:\32788R22FWJFW
2011-06-04 15:34 . 2011-06-04 15:36 -------- d-----w- c:\users\Wan\AppData\Local\{FE0F3000-84A9-4E9F-B1E8-C8FB1152CCBD}
2011-06-03 22:39 . 2011-06-03 22:39 -------- d-----w- C:\_OTL
2011-06-03 17:55 . 2011-06-03 17:55 -------- d-----w- c:\users\Wan\AppData\Roaming\Malwarebytes
2011-06-03 17:54 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 17:54 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\users\Wan\AppData\Local\{E8A948E7-0703-49B5-98FC-DDE180F4B6E6}
2011-06-03 17:23 . 2011-06-03 17:24 -------- d-----w- c:\users\Wan\AppData\Local\{C8C63DAE-9CA1-4FCF-995F-392570653EC1}
2011-06-03 13:54 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B30453AF-02D2-46B8-9A2C-3824CF6A20BA}\mpengine.dll
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Local\{E431B259-2247-456D-90FB-00A5A585C62E}
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Roaming\Leader Technologies
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\users\Wan\AppData\Roaming\Leadertech
2011-06-01 22:07 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-01 22:07 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-01 22:07 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-01 22:07 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-01 22:07 . 2004-03-16 18:05 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\LTCM Client
2011-06-01 21:59 . 2011-06-01 21:59 -------- d-----w- c:\users\Wan\AppData\Local\ABBYY
2011-06-01 21:58 . 2011-06-01 22:06 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\programdata\ABBYY
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-06-01 21:34 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-06-01 21:34 . 2009-11-20 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2011-06-01 21:34 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-06-01 21:34 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\epson
2011-05-30 15:15 . 2011-05-30 15:15 -------- d-----w- c:\users\Wan\AppData\Local\{79DD5E53-D89B-4FDA-AC25-58D2A5CB0C4A}
2011-05-30 02:41 . 2011-05-30 02:41 -------- d-----w- c:\users\Wan\AppData\Local\{C60A3B08-4048-4A5C-9D0A-CEBEA47CBEB7}
2011-05-27 02:45 . 2011-05-27 02:45 -------- d-----w- c:\users\Wan\AppData\Local\{DCA2D0BF-F72E-4BB2-A660-835CEC4B2481}
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files (x86)\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iPod
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files\Bonjour
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-24 23:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 12:14 . 2011-05-24 12:14 -------- d-----w- c:\users\Wan\AppData\Local\{2E27057A-FCBA-40D0-A089-ABBD8F637399}
2011-05-22 00:31 . 2010-01-13 07:04 114432 ----a-r- c:\windows\system32\drivers\smhwdev.sys
2011-05-22 00:31 . 2010-02-04 05:17 122624 ----a-r- c:\windows\system32\drivers\smhwser.sys
2011-05-22 00:31 . 2009-12-23 16:00 1919968 ----a-r- c:\windows\system32\wdfcoinstaller01005.dll
2011-05-22 00:31 . 2009-12-23 16:00 31744 ----a-r- c:\windows\system32\drivers\smhwadb.sys
2011-05-19 05:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 05:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-18 10:49 . 2011-05-18 10:49 -------- d-----w- c:\users\Wan\AppData\Local\{59B91C04-8BA9-480A-9E91-93AB3A38EE32}
2011-05-18 10:49 . 2011-05-18 10:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 12:43 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 12:43 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 12:43 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 12:37 . 2011-05-11 12:38 -------- d-----w- c:\users\Wan\AppData\Local\{FF6BE008-3DD6-4550-8D53-BCA1FCE4F2EA}
2011-05-08 22:38 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 22:38 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 22:38 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 22:38 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 22:38 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 22:38 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 22:38 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 22:38 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:26 . 2011-02-10 08:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 15:25 . 2011-02-11 13:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 23:34 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:26 . 2011-04-06 21:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-29 13:58 . 2011-02-10 08:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-12 12:03 . 2011-04-28 03:12 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 03:12 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 03:12 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 03:12 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 03:12 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 03:12 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 03:12 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 03:12 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 03:12 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 12:15 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 12:15 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-28 03:12 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 03:12 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 12:15 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-15 12:15 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:39 . 2011-04-28 03:12 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 03:12 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 12:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 12:14 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"googletalk"="c:\users\Wan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-5 113664]
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-8 156952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{1AE09A9B-4603-4196-A35A-BD254479D53F}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Wan\AppData\Roaming\Mozilla\Firefox\Profiles\svikweht.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Oddity VST2 - c:\windows\unvise32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-04 14:40:38
ComboFix-quarantined-files.txt 2011-06-04 19:40
.
Pre-Run: 190,361,255,936 bytes free
Post-Run: 190,608,748,544 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E05CCB37F06A4A9AAED3EF284D342D9F
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3882.2744 [GMT -5:00]
Running from: c:\users\Wan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\users\Wan\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\SPACESHIP COMMANDER\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 19:31 . 2011-06-04 19:32 -------- d-----w- C:\32788R22FWJFW
2011-06-04 15:34 . 2011-06-04 15:36 -------- d-----w- c:\users\Wan\AppData\Local\{FE0F3000-84A9-4E9F-B1E8-C8FB1152CCBD}
2011-06-03 22:39 . 2011-06-03 22:39 -------- d-----w- C:\_OTL
2011-06-03 17:55 . 2011-06-03 17:55 -------- d-----w- c:\users\Wan\AppData\Roaming\Malwarebytes
2011-06-03 17:54 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 17:54 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\users\Wan\AppData\Local\{E8A948E7-0703-49B5-98FC-DDE180F4B6E6}
2011-06-03 17:23 . 2011-06-03 17:24 -------- d-----w- c:\users\Wan\AppData\Local\{C8C63DAE-9CA1-4FCF-995F-392570653EC1}
2011-06-03 13:54 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B30453AF-02D2-46B8-9A2C-3824CF6A20BA}\mpengine.dll
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Local\{E431B259-2247-456D-90FB-00A5A585C62E}
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Roaming\Leader Technologies
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\users\Wan\AppData\Roaming\Leadertech
2011-06-01 22:07 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-01 22:07 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-01 22:07 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-01 22:07 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-01 22:07 . 2004-03-16 18:05 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\LTCM Client
2011-06-01 21:59 . 2011-06-01 21:59 -------- d-----w- c:\users\Wan\AppData\Local\ABBYY
2011-06-01 21:58 . 2011-06-01 22:06 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\programdata\ABBYY
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-06-01 21:34 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-06-01 21:34 . 2009-11-20 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2011-06-01 21:34 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-06-01 21:34 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\epson
2011-05-30 15:15 . 2011-05-30 15:15 -------- d-----w- c:\users\Wan\AppData\Local\{79DD5E53-D89B-4FDA-AC25-58D2A5CB0C4A}
2011-05-30 02:41 . 2011-05-30 02:41 -------- d-----w- c:\users\Wan\AppData\Local\{C60A3B08-4048-4A5C-9D0A-CEBEA47CBEB7}
2011-05-27 02:45 . 2011-05-27 02:45 -------- d-----w- c:\users\Wan\AppData\Local\{DCA2D0BF-F72E-4BB2-A660-835CEC4B2481}
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files (x86)\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iPod
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files\Bonjour
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-24 23:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 12:14 . 2011-05-24 12:14 -------- d-----w- c:\users\Wan\AppData\Local\{2E27057A-FCBA-40D0-A089-ABBD8F637399}
2011-05-22 00:31 . 2010-01-13 07:04 114432 ----a-r- c:\windows\system32\drivers\smhwdev.sys
2011-05-22 00:31 . 2010-02-04 05:17 122624 ----a-r- c:\windows\system32\drivers\smhwser.sys
2011-05-22 00:31 . 2009-12-23 16:00 1919968 ----a-r- c:\windows\system32\wdfcoinstaller01005.dll
2011-05-22 00:31 . 2009-12-23 16:00 31744 ----a-r- c:\windows\system32\drivers\smhwadb.sys
2011-05-19 05:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 05:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-18 10:49 . 2011-05-18 10:49 -------- d-----w- c:\users\Wan\AppData\Local\{59B91C04-8BA9-480A-9E91-93AB3A38EE32}
2011-05-18 10:49 . 2011-05-18 10:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 12:43 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 12:43 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 12:43 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 12:37 . 2011-05-11 12:38 -------- d-----w- c:\users\Wan\AppData\Local\{FF6BE008-3DD6-4550-8D53-BCA1FCE4F2EA}
2011-05-08 22:38 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 22:38 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 22:38 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 22:38 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 22:38 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 22:38 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 22:38 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 22:38 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:26 . 2011-02-10 08:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 15:25 . 2011-02-11 13:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 23:34 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:26 . 2011-04-06 21:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-29 13:58 . 2011-02-10 08:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-12 12:03 . 2011-04-28 03:12 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 03:12 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 03:12 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 03:12 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 03:12 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 03:12 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 03:12 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 03:12 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 03:12 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 12:15 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 12:15 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-28 03:12 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 03:12 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 12:15 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-15 12:15 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:39 . 2011-04-28 03:12 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 03:12 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 12:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 12:14 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"googletalk"="c:\users\Wan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-5 113664]
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-8 156952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{1AE09A9B-4603-4196-A35A-BD254479D53F}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Wan\AppData\Roaming\Mozilla\Firefox\Profiles\svikweht.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Oddity VST2 - c:\windows\unvise32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-04 14:40:38
ComboFix-quarantined-files.txt 2011-06-04 19:40
.
Pre-Run: 190,361,255,936 bytes free
Post-Run: 190,608,748,544 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E05CCB37F06A4A9AAED3EF284D342D9F
#24
Posted 04 June 2011 - 01:45 PM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
ComboFix 11-06-04.02 - Wan 06/04/2011 14:33:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3882.2744 [GMT -5:00]
Running from: c:\users\Wan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\users\Wan\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\SPACESHIP COMMANDER\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 19:31 . 2011-06-04 19:32 -------- d-----w- C:\32788R22FWJFW
2011-06-04 15:34 . 2011-06-04 15:36 -------- d-----w- c:\users\Wan\AppData\Local\{FE0F3000-84A9-4E9F-B1E8-C8FB1152CCBD}
2011-06-03 22:39 . 2011-06-03 22:39 -------- d-----w- C:\_OTL
2011-06-03 17:55 . 2011-06-03 17:55 -------- d-----w- c:\users\Wan\AppData\Roaming\Malwarebytes
2011-06-03 17:54 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 17:54 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\users\Wan\AppData\Local\{E8A948E7-0703-49B5-98FC-DDE180F4B6E6}
2011-06-03 17:23 . 2011-06-03 17:24 -------- d-----w- c:\users\Wan\AppData\Local\{C8C63DAE-9CA1-4FCF-995F-392570653EC1}
2011-06-03 13:54 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B30453AF-02D2-46B8-9A2C-3824CF6A20BA}\mpengine.dll
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Local\{E431B259-2247-456D-90FB-00A5A585C62E}
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Roaming\Leader Technologies
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\users\Wan\AppData\Roaming\Leadertech
2011-06-01 22:07 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-01 22:07 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-01 22:07 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-01 22:07 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-01 22:07 . 2004-03-16 18:05 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\LTCM Client
2011-06-01 21:59 . 2011-06-01 21:59 -------- d-----w- c:\users\Wan\AppData\Local\ABBYY
2011-06-01 21:58 . 2011-06-01 22:06 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\programdata\ABBYY
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-06-01 21:34 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-06-01 21:34 . 2009-11-20 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2011-06-01 21:34 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-06-01 21:34 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\epson
2011-05-30 15:15 . 2011-05-30 15:15 -------- d-----w- c:\users\Wan\AppData\Local\{79DD5E53-D89B-4FDA-AC25-58D2A5CB0C4A}
2011-05-30 02:41 . 2011-05-30 02:41 -------- d-----w- c:\users\Wan\AppData\Local\{C60A3B08-4048-4A5C-9D0A-CEBEA47CBEB7}
2011-05-27 02:45 . 2011-05-27 02:45 -------- d-----w- c:\users\Wan\AppData\Local\{DCA2D0BF-F72E-4BB2-A660-835CEC4B2481}
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files (x86)\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iPod
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files\Bonjour
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-24 23:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 12:14 . 2011-05-24 12:14 -------- d-----w- c:\users\Wan\AppData\Local\{2E27057A-FCBA-40D0-A089-ABBD8F637399}
2011-05-22 00:31 . 2010-01-13 07:04 114432 ----a-r- c:\windows\system32\drivers\smhwdev.sys
2011-05-22 00:31 . 2010-02-04 05:17 122624 ----a-r- c:\windows\system32\drivers\smhwser.sys
2011-05-22 00:31 . 2009-12-23 16:00 1919968 ----a-r- c:\windows\system32\wdfcoinstaller01005.dll
2011-05-22 00:31 . 2009-12-23 16:00 31744 ----a-r- c:\windows\system32\drivers\smhwadb.sys
2011-05-19 05:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 05:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-18 10:49 . 2011-05-18 10:49 -------- d-----w- c:\users\Wan\AppData\Local\{59B91C04-8BA9-480A-9E91-93AB3A38EE32}
2011-05-18 10:49 . 2011-05-18 10:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 12:43 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 12:43 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 12:43 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 12:37 . 2011-05-11 12:38 -------- d-----w- c:\users\Wan\AppData\Local\{FF6BE008-3DD6-4550-8D53-BCA1FCE4F2EA}
2011-05-08 22:38 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 22:38 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 22:38 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 22:38 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 22:38 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 22:38 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 22:38 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 22:38 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:26 . 2011-02-10 08:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 15:25 . 2011-02-11 13:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 23:34 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:26 . 2011-04-06 21:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-29 13:58 . 2011-02-10 08:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-12 12:03 . 2011-04-28 03:12 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 03:12 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 03:12 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 03:12 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 03:12 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 03:12 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 03:12 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 03:12 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 03:12 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 12:15 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 12:15 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-28 03:12 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 03:12 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 12:15 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-15 12:15 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:39 . 2011-04-28 03:12 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 03:12 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 12:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 12:14 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"googletalk"="c:\users\Wan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-5 113664]
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-8 156952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{1AE09A9B-4603-4196-A35A-BD254479D53F}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Wan\AppData\Roaming\Mozilla\Firefox\Profiles\svikweht.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Oddity VST2 - c:\windows\unvise32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-04 14:40:38
ComboFix-quarantined-files.txt 2011-06-04 19:40
.
Pre-Run: 190,361,255,936 bytes free
Post-Run: 190,608,748,544 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E05CCB37F06A4A9AAED3EF284D342D9F
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3882.2744 [GMT -5:00]
Running from: c:\users\Wan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
c:\users\Wan\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\SPACESHIP COMMANDER\AppData\Local\temp
2011-06-04 19:38 . 2011-06-04 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 19:31 . 2011-06-04 19:32 -------- d-----w- C:\32788R22FWJFW
2011-06-04 15:34 . 2011-06-04 15:36 -------- d-----w- c:\users\Wan\AppData\Local\{FE0F3000-84A9-4E9F-B1E8-C8FB1152CCBD}
2011-06-03 22:39 . 2011-06-03 22:39 -------- d-----w- C:\_OTL
2011-06-03 17:55 . 2011-06-03 17:55 -------- d-----w- c:\users\Wan\AppData\Roaming\Malwarebytes
2011-06-03 17:54 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 17:54 . 2011-06-03 17:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 17:54 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\users\Wan\AppData\Local\{E8A948E7-0703-49B5-98FC-DDE180F4B6E6}
2011-06-03 17:23 . 2011-06-03 17:24 -------- d-----w- c:\users\Wan\AppData\Local\{C8C63DAE-9CA1-4FCF-995F-392570653EC1}
2011-06-03 13:54 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B30453AF-02D2-46B8-9A2C-3824CF6A20BA}\mpengine.dll
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Local\{E431B259-2247-456D-90FB-00A5A585C62E}
2011-06-03 13:31 . 2011-06-03 13:31 -------- d-----w- c:\users\Wan\AppData\Roaming\Leader Technologies
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\users\Wan\AppData\Roaming\Leadertech
2011-06-01 22:07 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-01 22:07 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-01 22:07 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-01 22:07 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-01 22:07 . 2004-03-16 18:05 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-01 22:07 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\LTCM Client
2011-06-01 21:59 . 2011-06-01 21:59 -------- d-----w- c:\users\Wan\AppData\Local\ABBYY
2011-06-01 21:58 . 2011-06-01 22:06 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\programdata\ABBYY
2011-06-01 21:58 . 2011-06-01 21:58 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-06-01 21:34 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-06-01 21:34 . 2009-11-20 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2011-06-01 21:34 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-06-01 21:34 . 2011-06-01 22:07 -------- d-----w- c:\program files (x86)\epson
2011-05-30 15:15 . 2011-05-30 15:15 -------- d-----w- c:\users\Wan\AppData\Local\{79DD5E53-D89B-4FDA-AC25-58D2A5CB0C4A}
2011-05-30 02:41 . 2011-05-30 02:41 -------- d-----w- c:\users\Wan\AppData\Local\{C60A3B08-4048-4A5C-9D0A-CEBEA47CBEB7}
2011-05-27 02:45 . 2011-05-27 02:45 -------- d-----w- c:\users\Wan\AppData\Local\{DCA2D0BF-F72E-4BB2-A660-835CEC4B2481}
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files (x86)\iTunes
2011-05-27 02:37 . 2011-05-27 02:37 -------- d-----w- c:\program files\iPod
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files\Bonjour
2011-05-27 02:35 . 2011-05-27 02:35 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-24 23:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 12:14 . 2011-05-24 12:14 -------- d-----w- c:\users\Wan\AppData\Local\{2E27057A-FCBA-40D0-A089-ABBD8F637399}
2011-05-22 00:31 . 2010-01-13 07:04 114432 ----a-r- c:\windows\system32\drivers\smhwdev.sys
2011-05-22 00:31 . 2010-02-04 05:17 122624 ----a-r- c:\windows\system32\drivers\smhwser.sys
2011-05-22 00:31 . 2009-12-23 16:00 1919968 ----a-r- c:\windows\system32\wdfcoinstaller01005.dll
2011-05-22 00:31 . 2009-12-23 16:00 31744 ----a-r- c:\windows\system32\drivers\smhwadb.sys
2011-05-19 05:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 05:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-18 10:49 . 2011-05-18 10:49 -------- d-----w- c:\users\Wan\AppData\Local\{59B91C04-8BA9-480A-9E91-93AB3A38EE32}
2011-05-18 10:49 . 2011-05-18 10:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 12:43 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 12:43 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 12:43 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 12:37 . 2011-05-11 12:38 -------- d-----w- c:\users\Wan\AppData\Local\{FF6BE008-3DD6-4550-8D53-BCA1FCE4F2EA}
2011-05-08 22:38 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 22:38 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 22:38 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 22:38 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 22:38 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 22:38 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 22:38 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 22:38 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:26 . 2011-02-10 08:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 15:25 . 2011-02-11 13:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 23:34 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:26 . 2011-04-06 21:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:26 . 2011-04-06 21:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-29 13:58 . 2011-02-10 08:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-12 12:03 . 2011-04-28 03:12 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-28 03:12 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-28 03:12 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-28 03:12 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-28 03:12 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-28 03:12 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-28 03:12 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-28 03:12 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-28 03:12 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-15 12:15 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-15 12:15 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-28 03:12 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-28 03:12 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-15 12:15 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-15 12:15 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:39 . 2011-04-28 03:12 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-28 03:12 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-15 12:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-15 12:14 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"googletalk"="c:\users\Wan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-5 113664]
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-8 156952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{1AE09A9B-4603-4196-A35A-BD254479D53F}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Wan\AppData\Roaming\Mozilla\Firefox\Profiles\svikweht.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20110112062833398&tb_oid=12-01-2011&tb_mrud=12-01-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Oddity VST2 - c:\windows\unvise32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3697508626-334463192-4084198358-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-04 14:40:38
ComboFix-quarantined-files.txt 2011-06-04 19:40
.
Pre-Run: 190,361,255,936 bytes free
Post-Run: 190,608,748,544 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E05CCB37F06A4A9AAED3EF284D342D9F
#25
Posted 04 June 2011 - 03:06 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
These were the reason for the black screen - they did not show on OTLc:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Wan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
How is the computer behaving now ?
#26
Posted 04 June 2011 - 05:54 PM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
The mouse isnt working... Im not sure if driver is corrupteted
#27
Posted 05 June 2011 - 04:53 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
What is the make and model of the mouse and I will look for the driver
#28
Posted 05 June 2011 - 07:56 AM
geezy9723
- Topic Starter
-
- Member
-
- 36 posts
Member
SAMSUNG QX410
While I was looking to fix the mouse via device manager there were also additional hardware that shows to be corrupted...
Its giving an error message regarding the driver and or the fact there may be malicious software from an unknown source that may be preventing it from functioning properly because it says the drivers are up to date
While I was looking to fix the mouse via device manager there were also additional hardware that shows to be corrupted...
Its giving an error message regarding the driver and or the fact there may be malicious software from an unknown source that may be preventing it from functioning properly because it says the drivers are up to date
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
