4 Trojans and Rootkit- OTL log included
Started by
erindg25
, Jun 05 2011 11:43 AM
-
This topic is locked
#16
Posted 12 June 2011 - 04:36 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
#17
Posted 12 June 2011 - 04:38 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
Oops- posted OTL before I saw your response! ComboFix to follow...
#18
Posted 12 June 2011 - 05:03 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
I need Combofix log.
I need Combofix log.
#19
Posted 13 June 2011 - 08:54 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
ComboFix 11-06-13.02 - Erin 06/14/2011 21:46:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1663 [GMT -5:00]
Running from: c:\users\Erin\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 02:49 . 2011-06-15 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-15 02:41 . 2011-06-15 02:42 -------- d-----w- C:\Combo-Fix
2011-06-13 19:18 . 2011-06-13 19:25 -------- d-----w- c:\users\Erin\AppData\Local\Google
2011-06-13 19:18 . 2011-06-13 19:21 -------- d-----w- c:\program files (x86)\Google
2011-06-13 19:18 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-13 19:18 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-13 19:18 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-13 19:18 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-13 19:18 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-13 19:18 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-13 19:18 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-13 19:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-13 19:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-13 19:17 . 2011-06-13 19:17 -------- d-----w- c:\programdata\AVAST Software
2011-06-13 19:17 . 2011-06-13 19:17 -------- d-----w- c:\program files\AVAST Software
2011-06-13 19:10 . 2011-06-13 19:10 -------- d--h--w- c:\programdata\Common Files
2011-06-13 19:09 . 2011-06-13 19:10 -------- d-----w- c:\programdata\MFAData
2011-06-13 17:32 . 2011-06-15 02:35 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-13 16:56 . 2011-06-13 16:56 -------- d-----r- c:\users\Erin\AppData\Roaming\Brother
2011-06-06 17:11 . 2011-06-06 17:11 -------- d-----w- c:\users\Erin\AppData\Roaming\Malwarebytes
2011-06-06 17:11 . 2011-06-06 17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 17:11 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-06 17:10 . 2011-06-06 17:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-06 17:10 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 17:25 . 2011-05-29 17:25 -------- d-----w- c:\users\Erin\AppData\Roaming\Roxio
2011-05-29 17:09 . 2010-01-19 17:48 106192 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
2011-05-29 17:08 . 2007-07-26 08:00 53488 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\Napster Shared
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-05-29 17:07 . 2011-05-29 17:07 -------- d-----w- c:\users\Erin\AppData\Roaming\InstallShield
2011-05-29 17:03 . 2011-05-29 17:25 -------- d-----w- c:\programdata\Napster
2011-05-29 17:02 . 2011-05-29 17:09 -------- d-----w- c:\program files (x86)\Napster
2011-05-26 16:06 . 2011-05-26 16:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-05-26 16:05 . 2011-05-26 16:05 -------- d-----w- c:\windows\PCHEALTH
2011-05-26 16:05 . 2011-05-26 16:05 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-05-26 16:03 . 2011-05-26 16:03 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-05-26 16:02 . 2011-05-26 16:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-05-26 16:02 . 2011-05-26 16:02 -------- d-----w- c:\users\Erin\AppData\Local\Microsoft Help
2011-05-26 16:01 . 2011-05-30 13:01 -------- d-----w- c:\programdata\Microsoft Help
2011-05-26 16:01 . 2011-05-26 16:01 -------- d-----r- C:\MSOCache
2011-05-26 02:37 . 2011-05-26 02:37 -------- d-----w- c:\users\Erin\AppData\Roaming\U3
2011-05-26 00:30 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 11:16 . 2011-05-20 11:16 -------- d-----w- c:\programdata\VirtualizedApplications
2011-05-20 03:31 . 2011-05-20 03:31 -------- d-----w- c:\users\Erin\AppData\Local\SoftGrid Client
2011-05-20 03:31 . 2011-05-26 13:59 -------- d-----w- c:\users\Erin\AppData\Roaming\SoftGrid Client
2011-05-20 03:29 . 2011-05-20 03:31 -------- d-----w- c:\users\Erin\AppData\Roaming\TP
2011-05-19 04:02 . 2011-05-26 16:05 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-18 02:51 . 2011-05-18 03:26 -------- d-----w- c:\program files (x86)\Object
2011-05-18 02:50 . 2011-05-18 03:28 -------- d-----w- c:\users\Erin\AppData\Local\MediaGet2
2011-05-18 02:36 . 2011-05-18 03:26 -------- d-----w- c:\users\Erin\AppData\Roaming\uTorrent
2011-05-18 01:39 . 2011-05-18 01:39 -------- d-----w- c:\programdata\FLEXnet
2011-05-18 01:33 . 2011-05-18 01:33 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-18 01:31 . 2011-05-18 02:58 -------- d-----w- c:\users\Erin\AppData\Local\Microsoft Games
2011-05-18 01:31 . 2011-05-18 01:31 -------- d-----w- c:\windows\SysWow64\spool
2011-05-18 01:27 . 2011-05-18 01:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-05-17 11:26 . 2011-05-17 11:26 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-17 11:26 . 2011-05-17 11:26 -------- d-----w- c:\windows\system32\Wat
2011-05-17 11:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-17 11:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-05-17 11:05 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-17 11:05 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-17 11:05 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-17 11:05 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-17 11:05 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-17 11:05 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-17 11:05 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-17 11:05 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-17 11:05 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-17 11:05 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-16 19:26 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-05-16 19:26 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-16 19:26 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-05-16 19:26 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-16 19:26 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-16 19:26 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 19:26 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-16 16:31 . 2011-05-16 16:31 -------- d-----w- c:\programdata\QuickTime
2011-05-16 16:30 . 2011-05-16 16:30 -------- d-----w- c:\program files (x86)\The Rosetta Stone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 21:21 . 2011-05-14 21:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 17:05 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 06:45 . 2011-05-14 20:57 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-14 20:57 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-14 20:57 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-24 21:25 . 2011-03-24 21:25 2219520 ----a-w- c:\windows\system32\Apblend64.dll
2011-03-24 21:25 . 2011-03-24 21:25 1767936 ----a-w- c:\windows\system32\imagereog.dll
2011-03-24 21:25 . 2011-03-24 21:25 2110816 ----a-w- c:\windows\SysWow64\Apblend.dll
2011-03-24 21:25 . 2011-03-24 21:25 1398112 ----a-w- c:\windows\SysWow64\Imagereog.dll
2011-03-24 21:25 . 2011-03-24 21:25 1171456 ----a-w- c:\windows\SysWow64\PicNotify.dll
2011-03-24 21:25 . 2011-03-24 21:25 11104 ----a-w- c:\windows\SysWow64\biologon.dll
2011-03-24 21:25 . 2011-03-24 21:25 1025376 ----a-w- c:\windows\SysWow64\CamOpEx.dll
2011-03-24 21:25 . 2011-03-24 21:25 778240 ----a-w- c:\windows\system32\EncIcons.dll
2011-03-24 21:25 . 2011-03-24 21:25 622592 ----a-w- c:\windows\system32\SimpleExt.dll
2011-03-24 21:25 . 2011-03-24 21:25 1502720 ----a-w- c:\windows\system32\IcnOvrly.dll
2011-03-24 21:25 . 2011-03-24 21:25 876032 ----a-w- c:\windows\SysWow64\DevIL.dll
2011-03-24 21:25 . 2011-03-24 21:25 77824 ----a-w- c:\windows\SysWow64\ILU.dll
2011-03-24 21:25 . 2011-03-24 21:25 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-03-24 21:25 . 2011-03-24 21:25 32768 ----a-w- c:\windows\SysWow64\ILUT.dll
2011-03-24 21:25 . 2011-03-24 21:25 1044480 ----a-w- c:\windows\SysWow64\3DImageRenderer.dll
2011-03-24 12:23 . 2011-03-24 12:23 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-03-24 12:23 . 2011-03-24 12:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-03-24 12:22 . 2011-03-24 12:22 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-03-24 12:20 . 2011-03-24 12:20 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-03-24 12:20 . 2011-03-24 12:20 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-03-24 12:20 . 2011-03-24 12:20 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-03-24 12:20 . 2011-03-24 12:20 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-03-24 12:20 . 2011-03-24 12:20 410504 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-24 12:20 . 2011-03-24 12:20 27016 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-24 12:20 . 2011-03-24 12:20 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-24 12:20 . 2011-03-24 12:20 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-24 12:20 . 2011-03-24 12:20 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-24 12:20 . 2011-03-24 12:20 166280 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-24 12:20 . 2011-03-24 12:20 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-24 12:20 . 2011-03-24 12:20 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-24 12:20 . 2011-03-24 12:20 107912 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-24 12:17 . 2011-03-24 12:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-03-24 12:17 . 2011-03-24 12:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-03-24 12:17 . 2011-03-24 12:17 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-24 12:17 . 2011-03-24 12:17 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-24 12:14 . 2011-03-24 12:14 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-03-24 12:14 . 2011-03-24 12:14 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-03-24 12:14 . 2011-03-24 12:14 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-03-24 12:14 . 2011-03-24 12:14 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-03-24 12:13 . 2011-03-24 12:13 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-24 12:13 . 2011-03-24 12:13 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-03-24 12:13 . 2011-03-24 12:13 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-24 12:13 . 2011-03-24 12:13 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-03-24 12:13 . 2011-03-24 12:13 139264 ----a-w- c:\windows\system32\cabview.dll
2011-03-24 12:13 . 2011-03-24 12:13 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-03-24 12:12 . 2011-03-24 12:12 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2011-03-24 12:12 . 2011-03-24 12:12 424960 ----a-w- c:\windows\system32\secproc.dll
2011-03-24 12:12 . 2011-03-24 12:12 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 369152 ----a-w- c:\windows\SysWow64\secproc.dll
2011-03-24 12:12 . 2011-03-24 12:12 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 356352 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-24 12:12 . 2011-03-24 12:12 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
2011-03-24 12:12 . 2011-03-24 12:12 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-24 12:12 . 2011-03-24 12:12 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2011-03-24 12:12 . 2011-03-24 12:12 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-24 12:11 . 2011-03-24 12:11 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-24 12:11 . 2011-03-24 12:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-03-24 12:11 . 2011-03-24 12:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-03-24 12:11 . 2011-03-24 12:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-03-24 12:11 . 2011-03-24 12:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-03-24 12:11 . 2011-03-24 12:11 243200 ----a-w- c:\windows\system32\wow64.dll
2011-03-24 12:11 . 2011-03-24 12:11 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-03-24 12:11 . 2011-03-24 12:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-03-24 12:11 . 2011-03-24 12:11 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-03-24 12:11 . 2011-03-24 12:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-03-24 12:09 . 2011-03-24 12:09 389632 ----a-w- c:\windows\system32\winlogon.exe
2011-03-24 12:08 . 2011-03-24 12:08 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-03-24 12:06 . 2011-03-24 12:06 91648 ----a-w- c:\windows\SysWow64\avifil32.dll
2011-03-24 12:06 . 2011-03-24 12:06 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll
2011-03-24 12:06 . 2011-03-24 12:06 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-24 12:06 . 2011-03-24 12:06 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll
2011-03-24 12:06 . 2011-03-24 12:06 38912 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-24 12:06 . 2011-03-24 12:06 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll
2011-03-24 12:06 . 2011-03-24 12:06 25088 ----a-w- c:\windows\system32\msyuv.dll
2011-03-24 12:06 . 2011-03-24 12:06 22016 ----a-w- c:\windows\SysWow64\msyuv.dll
2011-03-24 12:06 . 2011-03-24 12:06 16384 ----a-w- c:\windows\system32\msrle32.dll
2011-03-24 12:06 . 2011-03-24 12:06 1572352 ----a-w- c:\windows\system32\quartz.dll
2011-03-24 12:06 . 2011-03-24 12:06 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-24 12:06 . 2011-03-24 12:06 13312 ----a-w- c:\windows\SysWow64\msrle32.dll
2011-03-24 12:06 . 2011-03-24 12:06 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2011-03-24 12:06 . 2011-03-24 12:06 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll
2011-03-24 12:05 . 2011-03-24 12:05 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-24 12:05 . 2011-03-24 12:05 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-24 12:05 . 2011-03-24 12:05 4068864 ----a-w- c:\windows\system32\mf.dll
2011-03-24 12:05 . 2011-03-24 12:05 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-24 12:05 . 2011-03-24 12:05 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-03-24 12:05 . 2011-03-24 12:05 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-03-24 12:05 . 2011-03-24 12:05 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-24 12:05 . 2011-03-24 12:05 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-19 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-24 3122528]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NapsterShell"="c:\program files (x86)\Napster\napster.exe" [2010-01-19 323280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:18]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-24 21:25 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-20 11448424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-20 2120808]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-14 21:51:20
ComboFix-quarantined-files.txt 2011-06-15 02:51
.
Pre-Run: 239,508,312,064 bytes free
Post-Run: 239,161,278,464 bytes free
.
- - End Of File - - 437BC174B3837A12CCF7E87B84CFE2C8
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1663 [GMT -5:00]
Running from: c:\users\Erin\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 02:49 . 2011-06-15 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-15 02:41 . 2011-06-15 02:42 -------- d-----w- C:\Combo-Fix
2011-06-13 19:18 . 2011-06-13 19:25 -------- d-----w- c:\users\Erin\AppData\Local\Google
2011-06-13 19:18 . 2011-06-13 19:21 -------- d-----w- c:\program files (x86)\Google
2011-06-13 19:18 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-13 19:18 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-13 19:18 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-13 19:18 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-13 19:18 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-13 19:18 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-13 19:18 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-13 19:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-13 19:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-13 19:17 . 2011-06-13 19:17 -------- d-----w- c:\programdata\AVAST Software
2011-06-13 19:17 . 2011-06-13 19:17 -------- d-----w- c:\program files\AVAST Software
2011-06-13 19:10 . 2011-06-13 19:10 -------- d--h--w- c:\programdata\Common Files
2011-06-13 19:09 . 2011-06-13 19:10 -------- d-----w- c:\programdata\MFAData
2011-06-13 17:32 . 2011-06-15 02:35 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-13 16:56 . 2011-06-13 16:56 -------- d-----r- c:\users\Erin\AppData\Roaming\Brother
2011-06-06 17:11 . 2011-06-06 17:11 -------- d-----w- c:\users\Erin\AppData\Roaming\Malwarebytes
2011-06-06 17:11 . 2011-06-06 17:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 17:11 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-06 17:10 . 2011-06-06 17:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-06 17:10 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 17:25 . 2011-05-29 17:25 -------- d-----w- c:\users\Erin\AppData\Roaming\Roxio
2011-05-29 17:09 . 2010-01-19 17:48 106192 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
2011-05-29 17:08 . 2007-07-26 08:00 53488 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\Roxio Shared
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\Napster Shared
2011-05-29 17:08 . 2011-05-29 17:08 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-05-29 17:07 . 2011-05-29 17:07 -------- d-----w- c:\users\Erin\AppData\Roaming\InstallShield
2011-05-29 17:03 . 2011-05-29 17:25 -------- d-----w- c:\programdata\Napster
2011-05-29 17:02 . 2011-05-29 17:09 -------- d-----w- c:\program files (x86)\Napster
2011-05-26 16:06 . 2011-05-26 16:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-05-26 16:05 . 2011-05-26 16:05 -------- d-----w- c:\windows\PCHEALTH
2011-05-26 16:05 . 2011-05-26 16:05 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-05-26 16:03 . 2011-05-26 16:03 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-05-26 16:02 . 2011-05-26 16:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-05-26 16:02 . 2011-05-26 16:02 -------- d-----w- c:\users\Erin\AppData\Local\Microsoft Help
2011-05-26 16:01 . 2011-05-30 13:01 -------- d-----w- c:\programdata\Microsoft Help
2011-05-26 16:01 . 2011-05-26 16:01 -------- d-----r- C:\MSOCache
2011-05-26 02:37 . 2011-05-26 02:37 -------- d-----w- c:\users\Erin\AppData\Roaming\U3
2011-05-26 00:30 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 11:16 . 2011-05-20 11:16 -------- d-----w- c:\programdata\VirtualizedApplications
2011-05-20 03:31 . 2011-05-20 03:31 -------- d-----w- c:\users\Erin\AppData\Local\SoftGrid Client
2011-05-20 03:31 . 2011-05-26 13:59 -------- d-----w- c:\users\Erin\AppData\Roaming\SoftGrid Client
2011-05-20 03:29 . 2011-05-20 03:31 -------- d-----w- c:\users\Erin\AppData\Roaming\TP
2011-05-19 04:02 . 2011-05-26 16:05 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-18 02:51 . 2011-05-18 03:26 -------- d-----w- c:\program files (x86)\Object
2011-05-18 02:50 . 2011-05-18 03:28 -------- d-----w- c:\users\Erin\AppData\Local\MediaGet2
2011-05-18 02:36 . 2011-05-18 03:26 -------- d-----w- c:\users\Erin\AppData\Roaming\uTorrent
2011-05-18 01:39 . 2011-05-18 01:39 -------- d-----w- c:\programdata\FLEXnet
2011-05-18 01:33 . 2011-05-18 01:33 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-18 01:31 . 2011-05-18 02:58 -------- d-----w- c:\users\Erin\AppData\Local\Microsoft Games
2011-05-18 01:31 . 2011-05-18 01:31 -------- d-----w- c:\windows\SysWow64\spool
2011-05-18 01:27 . 2011-05-18 01:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-05-17 11:26 . 2011-05-17 11:26 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-17 11:26 . 2011-05-17 11:26 -------- d-----w- c:\windows\system32\Wat
2011-05-17 11:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-17 11:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-05-17 11:05 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-17 11:05 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-17 11:05 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-17 11:05 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-17 11:05 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-17 11:05 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-17 11:05 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-17 11:05 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-17 11:05 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-17 11:05 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-16 19:26 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-05-16 19:26 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-16 19:26 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-05-16 19:26 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-16 19:26 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-16 19:26 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 19:26 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-16 16:31 . 2011-05-16 16:31 -------- d-----w- c:\programdata\QuickTime
2011-05-16 16:30 . 2011-05-16 16:30 -------- d-----w- c:\program files (x86)\The Rosetta Stone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 21:21 . 2011-05-14 21:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 17:05 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 06:45 . 2011-05-14 20:57 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-14 20:57 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-14 20:57 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-24 21:25 . 2011-03-24 21:25 2219520 ----a-w- c:\windows\system32\Apblend64.dll
2011-03-24 21:25 . 2011-03-24 21:25 1767936 ----a-w- c:\windows\system32\imagereog.dll
2011-03-24 21:25 . 2011-03-24 21:25 2110816 ----a-w- c:\windows\SysWow64\Apblend.dll
2011-03-24 21:25 . 2011-03-24 21:25 1398112 ----a-w- c:\windows\SysWow64\Imagereog.dll
2011-03-24 21:25 . 2011-03-24 21:25 1171456 ----a-w- c:\windows\SysWow64\PicNotify.dll
2011-03-24 21:25 . 2011-03-24 21:25 11104 ----a-w- c:\windows\SysWow64\biologon.dll
2011-03-24 21:25 . 2011-03-24 21:25 1025376 ----a-w- c:\windows\SysWow64\CamOpEx.dll
2011-03-24 21:25 . 2011-03-24 21:25 778240 ----a-w- c:\windows\system32\EncIcons.dll
2011-03-24 21:25 . 2011-03-24 21:25 622592 ----a-w- c:\windows\system32\SimpleExt.dll
2011-03-24 21:25 . 2011-03-24 21:25 1502720 ----a-w- c:\windows\system32\IcnOvrly.dll
2011-03-24 21:25 . 2011-03-24 21:25 876032 ----a-w- c:\windows\SysWow64\DevIL.dll
2011-03-24 21:25 . 2011-03-24 21:25 77824 ----a-w- c:\windows\SysWow64\ILU.dll
2011-03-24 21:25 . 2011-03-24 21:25 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-03-24 21:25 . 2011-03-24 21:25 32768 ----a-w- c:\windows\SysWow64\ILUT.dll
2011-03-24 21:25 . 2011-03-24 21:25 1044480 ----a-w- c:\windows\SysWow64\3DImageRenderer.dll
2011-03-24 12:23 . 2011-03-24 12:23 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-03-24 12:23 . 2011-03-24 12:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-03-24 12:22 . 2011-03-24 12:22 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-03-24 12:20 . 2011-03-24 12:20 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-03-24 12:20 . 2011-03-24 12:20 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-03-24 12:20 . 2011-03-24 12:20 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-03-24 12:20 . 2011-03-24 12:20 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-03-24 12:20 . 2011-03-24 12:20 410504 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-24 12:20 . 2011-03-24 12:20 27016 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-24 12:20 . 2011-03-24 12:20 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-24 12:20 . 2011-03-24 12:20 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-24 12:20 . 2011-03-24 12:20 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-24 12:20 . 2011-03-24 12:20 166280 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-24 12:20 . 2011-03-24 12:20 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-24 12:20 . 2011-03-24 12:20 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-24 12:20 . 2011-03-24 12:20 107912 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-24 12:17 . 2011-03-24 12:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-03-24 12:17 . 2011-03-24 12:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-03-24 12:17 . 2011-03-24 12:17 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-24 12:17 . 2011-03-24 12:17 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-24 12:14 . 2011-03-24 12:14 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-03-24 12:14 . 2011-03-24 12:14 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-03-24 12:14 . 2011-03-24 12:14 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-03-24 12:14 . 2011-03-24 12:14 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-03-24 12:13 . 2011-03-24 12:13 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-24 12:13 . 2011-03-24 12:13 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-03-24 12:13 . 2011-03-24 12:13 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-24 12:13 . 2011-03-24 12:13 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-03-24 12:13 . 2011-03-24 12:13 139264 ----a-w- c:\windows\system32\cabview.dll
2011-03-24 12:13 . 2011-03-24 12:13 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-03-24 12:12 . 2011-03-24 12:12 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2011-03-24 12:12 . 2011-03-24 12:12 424960 ----a-w- c:\windows\system32\secproc.dll
2011-03-24 12:12 . 2011-03-24 12:12 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 369152 ----a-w- c:\windows\SysWow64\secproc.dll
2011-03-24 12:12 . 2011-03-24 12:12 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 356352 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-24 12:12 . 2011-03-24 12:12 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
2011-03-24 12:12 . 2011-03-24 12:12 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-24 12:12 . 2011-03-24 12:12 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2011-03-24 12:12 . 2011-03-24 12:12 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2011-03-24 12:12 . 2011-03-24 12:12 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-24 12:12 . 2011-03-24 12:12 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-24 12:11 . 2011-03-24 12:11 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-24 12:11 . 2011-03-24 12:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-03-24 12:11 . 2011-03-24 12:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-03-24 12:11 . 2011-03-24 12:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-03-24 12:11 . 2011-03-24 12:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-03-24 12:11 . 2011-03-24 12:11 243200 ----a-w- c:\windows\system32\wow64.dll
2011-03-24 12:11 . 2011-03-24 12:11 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-03-24 12:11 . 2011-03-24 12:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-03-24 12:11 . 2011-03-24 12:11 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-03-24 12:11 . 2011-03-24 12:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-03-24 12:09 . 2011-03-24 12:09 389632 ----a-w- c:\windows\system32\winlogon.exe
2011-03-24 12:08 . 2011-03-24 12:08 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-03-24 12:06 . 2011-03-24 12:06 91648 ----a-w- c:\windows\SysWow64\avifil32.dll
2011-03-24 12:06 . 2011-03-24 12:06 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll
2011-03-24 12:06 . 2011-03-24 12:06 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-24 12:06 . 2011-03-24 12:06 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll
2011-03-24 12:06 . 2011-03-24 12:06 38912 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-24 12:06 . 2011-03-24 12:06 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll
2011-03-24 12:06 . 2011-03-24 12:06 25088 ----a-w- c:\windows\system32\msyuv.dll
2011-03-24 12:06 . 2011-03-24 12:06 22016 ----a-w- c:\windows\SysWow64\msyuv.dll
2011-03-24 12:06 . 2011-03-24 12:06 16384 ----a-w- c:\windows\system32\msrle32.dll
2011-03-24 12:06 . 2011-03-24 12:06 1572352 ----a-w- c:\windows\system32\quartz.dll
2011-03-24 12:06 . 2011-03-24 12:06 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-24 12:06 . 2011-03-24 12:06 13312 ----a-w- c:\windows\SysWow64\msrle32.dll
2011-03-24 12:06 . 2011-03-24 12:06 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2011-03-24 12:06 . 2011-03-24 12:06 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll
2011-03-24 12:05 . 2011-03-24 12:05 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-24 12:05 . 2011-03-24 12:05 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-24 12:05 . 2011-03-24 12:05 4068864 ----a-w- c:\windows\system32\mf.dll
2011-03-24 12:05 . 2011-03-24 12:05 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-24 12:05 . 2011-03-24 12:05 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-03-24 12:05 . 2011-03-24 12:05 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-03-24 12:05 . 2011-03-24 12:05 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-24 12:05 . 2011-03-24 12:05 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-19 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-24 3122528]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NapsterShell"="c:\program files (x86)\Napster\napster.exe" [2010-01-19 323280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:18]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-24 21:25 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-20 11448424]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-20 2120808]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-14 21:51:20
ComboFix-quarantined-files.txt 2011-06-15 02:51
.
Pre-Run: 239,508,312,064 bytes free
Post-Run: 239,161,278,464 bytes free
.
- - End Of File - - 437BC174B3837A12CCF7E87B84CFE2C8
#20
Posted 14 June 2011 - 11:01 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
Is only one (this one) computer connected to the router? If not please check other computer(s) for redirects.
Is only one (this one) computer connected to the router? If not please check other computer(s) for redirects.
#21
Posted 14 June 2011 - 12:26 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
Yes, it is only this one- no other machines are networked.
#22
Posted 14 June 2011 - 12:46 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
Then check for redirects.
Also please tell me if you are aware and using Best Buy PC App?
Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
Then check for redirects.
Also please tell me if you are aware and using Best Buy PC App?
#23
Posted 14 June 2011 - 12:54 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
Sorry if this is a stupid question, but could you please tell me how to check for redirects?
Also, this is a new machine that I purchased from Best Buy. It came bloated with some software that I haven't bothered to remove yet, including Best Buy PC App. So yes, I'm aware of it, but no- I don't use it.
Also, this is a new machine that I purchased from Best Buy. It came bloated with some software that I haven't bothered to remove yet, including Best Buy PC App. So yes, I'm aware of it, but no- I don't use it.
#24
Posted 14 June 2011 - 01:16 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
Well... I'm sorry but I'm confused also. So, please, tell me again what are your issues.
Also, the clicking seems to be confined to certain websites. I don't think the HD is crashing. It sounds like a re-direct.
Well... I'm sorry but I'm confused also. So, please, tell me again what are your issues.
#25
Posted 14 June 2011 - 01:34 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
It sounded like it was clicking as if I had clicked the mouse when I hadn't- like it was trying to redirect to somewhere else.
I just didn't know if there was a more technical way that I should be checking
I just didn't know if there was a more technical way that I should be checking
#26
Posted 14 June 2011 - 01:45 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
And some new program windows have been opened?
#27
Posted 14 June 2011 - 02:13 PM
erindg25
- Topic Starter
-
- Member
-
- 54 posts
Member
No, nothing ever opened, but it would sometimes show activity on the task bar. It was odd. Performance seems better since ComboFix...
#28
Posted 14 June 2011 - 02:57 PM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
I actually don't see nothing malicious from your logs. Are you experiencing any other problems when working with computer?
Let's try SAS now:
Download and scan with SUPERAntiSpyware Free for Home Users
Let's try SAS now:
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
#29
Posted 23 June 2011 - 11:12 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
