Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google and bing redirects

Started by quasarn01 , Jul 07 2011 10:35 PM

  • This topic is locked This topic is locked

#1
quasarn01
Posted 07 July 2011 - 10:35 PM

quasarn01

    Member

  • Member
  • PipPip
  • 56 posts
I'm getting google and bing redirects in Firefox. Ran every type of Malware and adware removers and have scanned my laptop several times with different A/V programs but nothing is found other than the normal cookies and such... Plus, I've had to rename IE because while watching my task manager, two instances of IE would start and often IE would pop up on its own with some sort of site... Please help... I'm getting frustrated...
  • 0

Advertisements

#2
quasarn01
Posted 08 July 2011 - 10:52 AM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Forgot the OTL.txt log...

***********************************************************

OTL logfile created on: 7/8/2011 12:46:18 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Michael\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.19% Memory free
5.98 Gb Paging File | 4.29 Gb Available in Paging File | 71.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 68.07 Gb Free Space | 36.83% Space Free | Partition Type: NTFS
Drive F: | 42.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 12:45:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/06/22 13:45:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 08:47:34 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/25 07:10:48 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/29 17:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/10/19 15:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/19 15:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
PRC - [2010/05/06 12:25:09 | 000,565,248 | ---- | M] () -- C:\Users\Michael\AppData\Local\temp\SAS_SelfExtract\SEAutorun.com
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 12:45:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GDV)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/09 05:18:30 | 000,029,552 | ---- | M] (Gladinet, INC) [Disabled | Stopped] -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/19 15:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/10/19 15:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2009/10/29 11:16:32 | 000,013,824 | ---- | M] (Sequentum) [Disabled | Stopped] -- C:\Program Files\Visual Web Ripper\WebRipperService.exe -- (VisualWebRipper)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 12:05:49 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FB122AA-5B77-4CB0-8757-2CF7A5C8A92E}\MpKsl8fc0eca2.sys -- (MpKsl8fc0eca2)
DRV - [2011/06/15 04:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/06 20:37:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/15 02:24:56 | 000,009,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Anti Trojan Elite\ATEPMON.sys -- (ATE_PROCMON)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/07 06:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/04/13 02:00:20 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/04/13 02:00:20 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/04/13 02:00:18 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/04/02 09:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/06/03 19:26:09] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/03/12 18:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F F3 B3 1D 14 D3 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/07/05 22:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 13:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 12:29:10 | 000,000,000 | ---D | M]

[2011/02/23 00:44:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/07/05 22:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\extensions
[2011/07/05 22:19:51 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\extensions\[email protected]
[2011/07/05 22:19:52 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\extensions\FasterFox_Lite@BigRedBrent
[2011/07/05 22:19:53 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\extensions\[email protected]
[2011/07/05 22:19:53 | 000,000,000 | ---D | M] (Copy ShortURL) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\extensions\jid0-ODIKJS9b4IT3H1NYlPKr0NDtLuE@jetpack
[2011/05/18 19:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/07 22:25:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/24 06:58:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/13 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/22 13:45:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/23 08:53:31 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/04/30 11:06:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/08 11:27:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 207.65.96.5 207.65.96.3 192.168.2.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 23:36:03 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 03:39:48 | 000,000,074 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 12:45:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/07/08 12:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/08 12:03:13 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/07/08 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/07/08 11:32:45 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/07/08 11:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/07/08 11:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/07 22:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/07 21:00:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/07 20:40:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/07 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2011/07/07 19:51:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/07 19:29:07 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/07/07 19:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/07/07 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011/07/07 19:28:18 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/07 19:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/07 19:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/07 19:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/07 13:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti Trojan Elite
[2011/07/07 12:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
[2011/07/07 12:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2011/07/07 08:38:13 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/07/07 07:07:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Pavark
[2011/07/07 06:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/07/06 23:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/07/06 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Visual Studio 2005
[2011/07/06 00:30:57 | 000,000,000 | ---D | C] -- C:\CubeCart.v5
[2011/07/05 23:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2011/07/05 23:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 3
[2011/07/05 22:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/05 08:43:47 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Addons
[2011/07/04 11:00:38 | 000,000,000 | ---D | C] -- C:\TrafficGenBundle
[2011/06/30 21:09:55 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\ResearchRankings
[2011/06/30 02:46:08 | 000,000,000 | -H-D | C] -- C:\Users\Michael\Documents\Artisteer Projects
[2011/06/30 01:27:04 | 000,000,000 | ---D | C] -- C:\Artisteer themes
[2011/06/30 01:16:37 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Artisteer
[2011/06/30 01:16:36 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Apple Computer
[2011/06/30 01:16:36 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Local\Apple Computer
[2011/06/30 00:57:58 | 000,000,000 | ---D | C] -- C:\Artisteer.3.0.0.32906
[2011/06/28 19:36:26 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/06/28 19:36:26 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/06/28 19:36:25 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/06/28 19:36:25 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/06/28 19:36:24 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/06/28 19:36:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/06/28 11:17:35 | 000,000,000 | R--D | C] -- C:\Users\Michael\Documents\Scanned Documents
[2011/06/28 11:17:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Fax
[2011/06/27 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Google
[2011/06/26 06:57:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\JollyBear
[2011/06/26 06:57:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\JollyBear
[2011/06/24 23:07:11 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\JonathanLeger.com
[2011/06/24 23:07:11 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Local\JonathanLeger.com
[2011/06/24 23:05:55 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InstantArticleWizard
[2011/06/24 23:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstantArticleWizard
[2011/06/24 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\InstantArticleWizard
[2011/06/24 22:39:20 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Article Marketing Robot
[2011/06/24 22:20:24 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\WeatherBug
[2011/06/22 10:36:01 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Publish Providers
[2011/06/22 10:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Michael\Documents\Vegas Movie Studio PE 9.0 Projects
[2011/06/22 10:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\Sony
[2011/06/22 10:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Local\Sony
[2011/06/22 10:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/06/22 00:51:58 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/06/22 00:51:56 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/06/22 00:51:56 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2011/06/22 00:51:49 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/06/22 00:51:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\LogMeIn
[2011/06/22 00:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/06/21 12:21:30 | 000,000,000 | -H-D | C] -- C:\Users\Michael\Desktop\The Reading Site
[2011/06/21 07:55:26 | 000,000,000 | -H-D | C] -- C:\Users\Michael\Documents\Visual Web Ripper
[2011/06/21 07:55:20 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Local\Visual Web Ripper
[2011/06/21 07:50:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Visual Web Ripper
[2011/06/21 07:50:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visual Web Ripper
[2011/06/21 07:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Web Ripper
[2011/06/21 07:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Web Ripper
[2011/06/20 14:57:05 | 000,000,000 | ---D | C] -- C:\download
[2011/06/20 14:39:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\bhw
[2011/06/20 14:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S3 Ripper
[2011/06/20 14:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\S3 Ripper
[2011/06/20 13:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/06/20 13:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/19 14:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
[2011/06/19 14:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/06/18 13:46:59 | 000,000,000 | ---D | C] -- C:\widgets
[2011/06/18 09:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/18 07:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCapv1005
[2011/06/16 15:01:26 | 000,081,920 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys
[2011/06/16 15:01:25 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys
[2011/06/15 18:28:54 | 000,000,000 | ---D | C] -- C:\ZazzleStoreBuilder
[2011/06/15 04:23:56 | 000,060,156 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys
[2011/06/14 17:24:53 | 000,000,000 | -H-D | C] -- C:\Users\Michael\AppData\Roaming\TorrentEasy
[2011/06/14 17:24:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\TorrentEasy
[2011/06/14 17:03:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/14 17:02:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/14 17:02:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/14 17:02:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/13 13:01:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PopCapv1005eni
[2011/06/12 08:06:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\PopCap Games
[2011/06/12 07:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcap Game Collection
[2011/06/12 07:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Popcap Game Collection
[2011/06/11 22:28:33 | 000,000,000 | ---D | C] -- C:\GoClickCashV4
[2011/06/10 09:03:27 | 000,000,000 | ---D | C] -- C:\themes
[2011/06/10 08:35:20 | 000,000,000 | ---D | C] -- C:\wordpress-3.1.3
[2011/06/09 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/09 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/06/08 14:36:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2011/07/08 12:45:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/07/08 12:21:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001UA.job
[2011/07/08 12:16:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 12:06:14 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Windows 7 Manager - Logon Background Changer.job
[2011/07/08 12:06:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 12:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 12:05:35 | 2408,022,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 11:42:38 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 11:42:38 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 11:32:47 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/07/08 11:27:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/08 11:16:07 | 000,001,124 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/08 11:15:57 | 000,000,944 | ---- | M] () -- C:\Users\Michael\Desktop\NTREGOPT.lnk
[2011/07/08 11:15:57 | 000,000,925 | ---- | M] () -- C:\Users\Michael\Desktop\ERUNT.lnk
[2011/07/07 23:21:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001Core.job
[2011/07/07 23:17:03 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/07 23:17:03 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/07 22:16:21 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/07 13:17:09 | 000,001,001 | ---- | M] () -- C:\Users\Michael\Desktop\Anti Trojan Elite.lnk
[2011/07/07 00:46:01 | 000,005,444 | ---- | M] () -- C:\Users\Michael\Desktop\Windows Compatibility Report.htm
[2011/07/06 23:45:18 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/07/05 23:21:59 | 000,001,157 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Artisteer 3.lnk
[2011/07/05 23:21:59 | 000,001,133 | ---- | M] () -- C:\Users\Michael\Desktop\Artisteer 3.lnk
[2011/07/05 21:40:16 | 000,007,645 | -H-- | M] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2011/07/01 18:46:24 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/07/01 09:21:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/30 01:03:16 | 000,001,255 | ---- | M] () -- C:\Users\Michael\Desktop\cmd.exe.lnk
[2011/06/29 20:09:13 | 003,776,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/28 19:22:17 | 000,002,425 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2011/06/25 01:25:56 | 000,000,053 | RH-- | M] () -- C:\Users\Michael\Documents\google8db540fc845f66aa.html
[2011/06/25 00:04:05 | 000,003,043 | -H-- | M] () -- C:\Users\Michael\Documents\challenger.csv
[2011/06/24 22:20:23 | 000,002,004 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk
[2011/06/22 13:46:03 | 000,002,009 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/22 10:34:19 | 058,113,536 | -H-- | M] () -- C:\Users\Michael\Documents\(Unknown) - Clip 001.avi
[2011/06/22 10:25:50 | 000,002,580 | -H-- | M] () -- C:\Users\Michael\Documents\Register Vegas Movie Studio Platinum.htm
[2011/06/21 12:29:12 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/21 07:55:26 | 000,000,080 | -H-- | M] () -- C:\Users\Michael\AppData\Local\vwr_lic_px.dat
[2011/06/20 22:38:21 | 000,001,820 | ---- | M] () -- C:\Users\Michael\Desktop\Launch IBP.lnk
[2011/06/20 13:16:10 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 13:16:09 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/19 14:44:22 | 000,002,787 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2011/06/19 13:33:39 | 000,220,499 | -H-- | M] () -- C:\Users\Michael\Documents\Untitled (2).wma
[2011/06/18 10:21:05 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/06/15 04:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys
[2011/06/14 20:27:17 | 000,022,828 | -H-- | M] () -- C:\Users\Michael\Documents\proj teplbanner120x600.jpg
[2011/06/14 20:17:58 | 000,012,723 | -H-- | M] () -- C:\Users\Michael\Documents\REP005-m.jpg
[2011/06/14 17:40:20 | 000,509,804 | -H-- | M] () -- C:\Users\Michael\Documents\Grant_Kit.pdf
[2011/06/14 16:58:10 | 000,664,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/14 16:58:10 | 000,122,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/11 08:39:02 | 003,422,720 | -H-- | M] () -- C:\Users\Michael\Documents\6091-Campaign.pps
[2011/06/11 08:34:03 | 003,353,600 | RH-- | M] () -- C:\Users\Michael\Documents\6091-Campaign_fo_.pps
[2011/06/10 14:41:54 | 002,297,424 | -H-- | M] () -- C:\Users\Michael\Documents\shopperpress.pdf
[2011/06/08 14:52:27 | 000,029,093 | -H-- | M] () -- C:\Users\Michael\Documents\TENNESSEE GENERAL DURABLE POWER OF ATTORNEY.pdf
[2011/06/08 14:51:39 | 000,002,561 | -H-- | M] () -- C:\Users\Michael\Documents\order_locator_info.jsp.pdf
[2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/06/08 13:05:18 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/06/08 13:05:16 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

========== Files Created - No Company Name ==========

[2011/07/08 11:16:07 | 000,001,124 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/08 11:15:57 | 000,000,944 | ---- | C] () -- C:\Users\Michael\Desktop\NTREGOPT.lnk
[2011/07/08 11:15:57 | 000,000,925 | ---- | C] () -- C:\Users\Michael\Desktop\ERUNT.lnk
[2011/07/07 22:16:21 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/07 13:08:26 | 000,001,001 | ---- | C] () -- C:\Users\Michael\Desktop\Anti Trojan Elite.lnk
[2011/07/07 00:38:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/07 00:38:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/05 23:21:59 | 000,001,157 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Artisteer 3.lnk
[2011/07/05 23:21:59 | 000,001,133 | ---- | C] () -- C:\Users\Michael\Desktop\Artisteer 3.lnk
[2011/07/05 21:41:34 | 000,005,444 | ---- | C] () -- C:\Users\Michael\Desktop\Windows Compatibility Report.htm
[2011/06/30 01:03:04 | 000,001,255 | ---- | C] () -- C:\Users\Michael\Desktop\cmd.exe.lnk
[2011/06/30 00:58:44 | 000,154,424 | ---- | C] () -- C:\ChVID.exe
[2011/06/25 01:25:58 | 000,000,053 | RH-- | C] () -- C:\Users\Michael\Documents\google8db540fc845f66aa.html
[2011/06/25 00:04:05 | 000,003,043 | -H-- | C] () -- C:\Users\Michael\Documents\challenger.csv
[2011/06/22 10:34:10 | 058,113,536 | -H-- | C] () -- C:\Users\Michael\Documents\(Unknown) - Clip 001.avi
[2011/06/22 10:25:49 | 000,002,580 | -H-- | C] () -- C:\Users\Michael\Documents\Register Vegas Movie Studio Platinum.htm
[2011/06/21 12:29:12 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/21 12:29:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/21 07:55:26 | 000,000,080 | -H-- | C] () -- C:\Users\Michael\AppData\Local\vwr_lic_px.dat
[2011/06/20 22:38:21 | 000,001,820 | ---- | C] () -- C:\Users\Michael\Desktop\Launch IBP.lnk
[2011/06/19 14:44:22 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2011/06/19 13:33:39 | 000,220,499 | -H-- | C] () -- C:\Users\Michael\Documents\Untitled (2).wma
[2011/06/18 10:20:02 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/18 10:20:02 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2011/06/18 10:14:11 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/16 15:01:26 | 000,026,719 | ---- | C] () -- C:\Windows\System32\SERSPL.VXD
[2011/06/14 20:27:15 | 000,022,828 | -H-- | C] () -- C:\Users\Michael\Documents\proj teplbanner120x600.jpg
[2011/06/14 20:17:56 | 000,012,723 | -H-- | C] () -- C:\Users\Michael\Documents\REP005-m.jpg
[2011/06/14 17:40:18 | 000,509,804 | -H-- | C] () -- C:\Users\Michael\Documents\Grant_Kit.pdf
[2011/06/11 08:38:59 | 003,422,720 | -H-- | C] () -- C:\Users\Michael\Documents\6091-Campaign.pps
[2011/06/11 08:33:32 | 003,353,600 | RH-- | C] () -- C:\Users\Michael\Documents\6091-Campaign_fo_.pps
[2011/06/10 14:41:54 | 002,297,424 | -H-- | C] () -- C:\Users\Michael\Documents\shopperpress.pdf
[2011/06/09 21:11:53 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 21:11:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 14:52:25 | 000,029,093 | -H-- | C] () -- C:\Users\Michael\Documents\TENNESSEE GENERAL DURABLE POWER OF ATTORNEY.pdf
[2011/06/08 14:51:33 | 000,002,561 | -H-- | C] () -- C:\Users\Michael\Documents\order_locator_info.jsp.pdf
[2011/06/06 21:39:11 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/05/27 21:46:53 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011/05/27 21:46:53 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011/05/27 21:46:53 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011/05/27 21:46:53 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011/05/07 06:46:55 | 000,000,054 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2011/05/03 06:59:50 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2011/05/03 06:59:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2011/05/03 06:47:53 | 000,004,608 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDFxx.ini
[2011/05/03 06:44:29 | 000,000,067 | ---- | C] () -- C:\Windows\Speed Video Splitter.INI
[2011/04/06 00:18:42 | 000,002,913 | ---- | C] () -- C:\Program Files\Home Data Keeper 9.2.lnk
[2011/03/24 19:22:04 | 000,000,126 | ---- | C] () -- C:\Windows\espia.ini
[2011/03/22 06:44:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/22 06:42:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/20 19:04:09 | 000,000,057 | ---- | C] () -- C:\Windows\RSSC.INI
[2011/03/01 00:30:56 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/03/01 00:16:27 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/03/01 00:16:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2011/02/27 19:52:37 | 000,007,645 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2011/02/25 12:58:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/23 21:54:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/23 20:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,776,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,664,822 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,122,558 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
  • 0

#3
ali.B
Posted 08 July 2011 - 04:45 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#4
quasarn01
Posted 08 July 2011 - 05:20 PM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Downloaded, unzipped, and placed TDSSKiller on the desktop, clicked on it and ran it, would not start up... Ran as administrator, would not start up... I opened Task manager and TDSSKiller shows up for a second and disappears...
  • 0

#5
ali.B
Posted 08 July 2011 - 05:46 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
quasarn01
Posted 08 July 2011 - 06:59 PM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ComboFix 11-07-08.03 - Michael 07/08/2011 20:08:58.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1568 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-09 00:39 . 2011-07-09 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-08 23:57 . 2011-07-08 23:59 -------- d-----w- C:\32788R22FWJFW
2011-07-08 23:30 . 2011-07-08 23:30 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FB122AA-5B77-4CB0-8757-2CF7A5C8A92E}\MpKsl0d441d35.sys
2011-07-08 16:54 . 2011-07-08 16:54 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2011-07-08 16:54 . 2011-07-08 16:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-08 16:32 . 2011-07-08 16:32 -------- d-----w- c:\program files\ESET
2011-07-08 15:15 . 2011-07-08 15:16 -------- d-----w- c:\program files\ERUNT
2011-07-08 06:14 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FB122AA-5B77-4CB0-8757-2CF7A5C8A92E}\mpengine.dll
2011-07-08 00:35 . 2011-07-09 00:39 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-07-07 23:29 . 2011-07-07 23:29 -------- d-----w- C:\MGADiagToolOutput
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-07-07 23:28 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Loaris
2011-07-07 12:38 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-07 11:07 . 2011-07-07 11:08 -------- d-----w- c:\users\Michael\Pavark
2011-07-06 04:30 . 2011-07-06 04:31 -------- d-----w- C:\CubeCart.v5
2011-07-06 03:20 . 2011-07-06 03:20 -------- d-----w- c:\program files\Artisteer 3
2011-07-06 02:35 . 2011-07-06 02:35 -------- d-----w- c:\program files\Apple Software Update
2011-07-05 12:43 . 2011-07-05 12:43 -------- d--h--w- c:\users\Michael\AppData\Roaming\Addons
2011-07-04 15:00 . 2011-07-04 15:00 -------- d-----w- C:\TrafficGenBundle
2011-07-01 16:33 . 2011-07-01 16:33 1811848 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-01 01:09 . 2011-07-01 01:09 -------- d--h--w- c:\users\Michael\AppData\Roaming\ResearchRankings
2011-06-30 16:57 . 2011-07-06 02:22 -------- d-----w- c:\users\Mike
2011-06-30 05:27 . 2011-07-07 02:27 -------- d-----w- C:\Artisteer themes
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Roaming\Artisteer
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Roaming\Apple Computer
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Local\Apple Computer
2011-06-30 04:58 . 2011-06-07 09:04 154424 ----a-w- C:\ChVID.exe
2011-06-30 04:57 . 2011-07-07 02:40 -------- d-----w- C:\Artisteer.3.0.0.32906
2011-06-28 23:36 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 23:36 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 23:36 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 23:36 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 23:36 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 23:36 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 23:36 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 23:36 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 23:36 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 23:36 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 03:16 . 2011-07-06 02:10 -------- d-----w- c:\users\Michael\AppData\Local\Google
2011-06-26 10:57 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Local\JollyBear
2011-06-26 10:57 . 2011-06-26 10:57 -------- d--h--w- c:\programdata\JollyBear
2011-06-25 03:07 . 2011-06-25 03:07 -------- d--h--w- c:\users\Michael\AppData\Roaming\JonathanLeger.com
2011-06-25 03:07 . 2011-06-25 03:07 -------- d--h--w- c:\users\Michael\AppData\Local\JonathanLeger.com
2011-06-25 03:05 . 2011-07-06 02:18 -------- d-----w- c:\program files\InstantArticleWizard
2011-06-25 02:39 . 2011-06-26 01:36 -------- d--h--w- c:\users\Michael\AppData\Roaming\Article Marketing Robot
2011-06-25 02:20 . 2011-06-25 02:20 -------- d--h--w- c:\users\Michael\AppData\Roaming\WeatherBug
2011-06-22 17:45 . 2011-06-22 17:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 17:45 . 2011-06-22 17:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 14:36 . 2011-06-22 14:36 -------- d--h--w- c:\users\Michael\AppData\Roaming\Publish Providers
2011-06-22 14:35 . 2011-06-22 14:40 -------- d--h--w- c:\users\Michael\AppData\Roaming\Sony
2011-06-22 14:35 . 2011-06-22 14:35 -------- d--h--w- c:\users\Michael\AppData\Local\Sony
2011-06-22 04:51 . 2011-06-08 17:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-22 04:51 . 2011-06-08 17:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-22 04:51 . 2011-06-08 17:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-22 04:51 . 2011-01-11 23:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-06-22 04:51 . 2011-06-08 17:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-22 04:51 . 2011-06-25 02:15 -------- d--h--w- c:\programdata\LogMeIn
2011-06-22 04:51 . 2011-06-25 02:15 -------- d-----w- c:\program files\LogMeIn
2011-06-21 11:55 . 2011-06-21 12:12 -------- d--h--w- c:\users\Michael\AppData\Local\Visual Web Ripper
2011-06-21 11:50 . 2011-06-21 11:55 -------- d--h--w- c:\programdata\Visual Web Ripper
2011-06-21 11:50 . 2011-06-21 11:50 -------- d-----w- c:\windows\system32\Visual Web Ripper
2011-06-21 11:49 . 2011-06-21 11:55 -------- d-----w- c:\program files\Visual Web Ripper
2011-06-20 18:57 . 2011-07-06 18:20 -------- d-----w- C:\download
2011-06-20 18:39 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Local\bhw
2011-06-20 18:39 . 2011-06-20 18:39 -------- d-----w- c:\program files\S3 Ripper
2011-06-20 17:05 . 2011-06-20 17:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-19 18:32 . 2011-07-06 02:07 -------- d-----w- c:\programdata\FLEXnet
2011-06-18 17:46 . 2011-07-06 02:14 -------- d-----w- C:\widgets
2011-06-18 14:14 . 2011-06-20 17:16 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-18 13:59 . 2011-06-20 17:14 -------- d-----w- c:\programdata\Hitman Pro
2011-06-18 11:29 . 2011-07-06 02:18 -------- d-----w- c:\programdata\PopCapv1005
2011-06-16 19:01 . 2010-03-12 22:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2011-06-16 19:01 . 2005-08-03 20:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2011-06-16 19:01 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2011-06-15 22:28 . 2011-06-15 22:39 -------- d-----w- C:\ZazzleStoreBuilder
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-14 21:24 . 2011-06-14 21:24 -------- d--h--w- c:\users\Michael\AppData\Roaming\TorrentEasy
2011-06-14 21:24 . 2011-06-14 21:24 -------- d--h--w- c:\programdata\TorrentEasy
2011-06-14 21:03 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-14 21:03 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-14 21:02 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-14 20:31 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-14 20:31 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-14 20:31 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-14 20:31 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-14 20:31 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 20:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 20:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 20:28 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 20:28 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 20:28 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-13 17:01 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Roaming\PopCapv1005eni
2011-06-12 12:06 . 2011-06-13 15:24 -------- d--h--w- c:\programdata\PopCap Games
2011-06-12 11:57 . 2011-06-12 12:03 -------- d-----w- c:\program files\Popcap Game Collection
2011-06-12 02:28 . 2011-07-06 02:06 -------- d-----w- C:\GoClickCashV4
2011-06-10 13:03 . 2011-07-06 02:10 -------- d-----w- C:\themes
2011-06-10 12:35 . 2011-07-06 02:14 -------- d-----w- C:\wordpress-3.1.3
2011-06-10 01:11 . 2011-06-10 01:14 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 13:21 . 2011-05-21 12:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 02:20 . 2011-02-25 05:40 18944 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-06-25 02:20 . 2011-02-25 05:40 11264 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-06-07 15:55 . 2011-02-23 06:16 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-03 23:23 . 2010-03-26 07:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-03 23:23 . 2011-05-03 10:44 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-27 17:56 . 2011-05-27 17:56 2 --shatr- c:\windows\winstart.bat
2011-04-29 06:25 . 2011-04-29 06:25 32768 ----a-w- c:\windows\system32\ZnMacroUIRes.enu
2011-04-22 19:14 . 2011-05-25 02:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-17 01:46 . 2011-04-17 01:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-17 01:46 . 2011-04-17 01:46 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-17 01:46 . 2011-04-17 01:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-17 01:46 . 2011-04-17 01:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-17 01:46 . 2011-04-17 01:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-17 01:46 . 2011-04-17 01:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-17 01:46 . 2011-04-17 01:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-17 01:46 . 2011-04-17 01:46 367104 ----a-w- c:\windows\system32\html.iec
2011-04-17 01:46 . 2011-04-17 01:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-17 01:46 . 2011-04-17 01:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-17 01:46 . 2011-04-17 01:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-17 01:46 . 2011-04-17 01:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-17 01:46 . 2011-04-17 01:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-17 01:46 . 2011-04-17 01:46 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-17 01:46 . 2011-04-17 01:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-17 01:46 . 2011-04-17 01:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-17 01:46 . 2011-04-17 01:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-17 01:46 . 2011-04-17 01:46 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-17 01:46 . 2011-04-17 01:46 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-22 17:45 . 2011-03-24 04:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:10 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
backup=c:\windows\pss\Nuance Cloud Connector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
2011-07-07 20:30 4076544 ----a-w- c:\program files\Anti Trojan Elite\TJEnder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-04-02 13:11 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 11:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-10 01:11 136176 ----atw- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-11-14 21:30 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 18-reminder]
2010-10-27 15:45 333088 ----a-w- c:\program files\Nuance\OmniPage18\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage Preload]
2011-05-10 18:26 2983200 ----a-w- c:\program files\Nuance\OmniPage18\OmniPage18.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller]
2011-04-29 06:38 138528 ----a-w- c:\program files\Nuance\PDF Create 7\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2011-04-29 06:38 606496 ----a-w- c:\program files\Nuance\PDF Create 7\PdfCreate7Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 04:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2011-05-28 01:47 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IBP"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 GDV;GDV;c:\users\Michael\AppData\Local\Temp\GDV.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\62BE.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2010-07-08 20480]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R4 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R4 GladFileMonSvc;GladFileMonSvc;c:\program files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R4 VisualWebRipper;Visual Web Ripper;c:\program files\Visual Web Ripper\WebRipperService.exe [2009-10-29 13824]
S1 MpKsl0d441d35;MpKsl0d441d35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FB122AA-5B77-4CB0-8757-2CF7A5C8A92E}\MpKsl0d441d35.sys [2011-07-08 28752]
S1 SASDIFSV;SASDIFSV;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/06/03 19:26];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 13:11 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [2010-11-15 9984]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-03 216064]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 44416]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 176384]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0D441D35
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 01:11]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 01:11]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 01:11]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 01:11]
.
2011-06-18 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-06-20 17:04]
.
2011-07-08 c:\windows\Tasks\Windows 7 Manager - Logon Background Changer.job
- c:\program files\Yamicsoft\Windows 7 Manager\LogonBackgroundChanger.exe [2010-10-26 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 207.65.96.5 207.65.96.3 192.168.2.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49737
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\62BE.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4444)
c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
Completion time: 2011-07-08 20:56:38
ComboFix-quarantined-files.txt 2011-07-09 00:56
.
Pre-Run: 72,700,641,280 bytes free
Post-Run: 72,737,849,344 bytes free
.
- - End Of File - - 0E28180AECC445557E3BBE4C6C52B22B
  • 0

#7
ali.B
Posted 09 July 2011 - 11:36 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 2

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

#8
quasarn01
Posted 09 July 2011 - 12:41 PM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-09 14:32:58
-----------------------------
14:32:58.348 OS Version: Windows 6.1.7601 Service Pack 1
14:32:58.348 Number of processors: 2 586 0xF0D
14:32:58.349 ComputerName: MICHAEL-PC UserName: Michael
14:33:01.324 Initialize success
14:33:18.799 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
14:33:18.801 Disk 0 Vendor: Hitachi_HTS542520K9SA00 BBDOC33P Size: 190782MB BusType: 11
14:33:20.805 Disk 0 MBR read successfully
14:33:20.810 Disk 0 MBR scan
14:33:20.816 Disk 0 Windows 7 default MBR code
14:33:22.824 Disk 0 scanning sectors +390717872
14:33:22.854 Disk 0 scanning C:\Windows\system32\drivers
14:33:32.601 Service scanning
14:33:33.759 Disk 0 trace - called modules:
14:33:33.792 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8671af16]<<
14:33:33.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8660c030]
14:33:33.809 3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> [0x86536c10]
14:33:33.819 5 ACPI.sys[834b63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x864fc908]
14:33:33.828 \Driver\atapi[0x8579bcd8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8671af16
14:33:34.185 Scan finished successfully
14:34:02.068 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
14:34:02.076 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

******************************************************************************************************

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x92232000 C:\Windows\system32\DRIVERS\NETwLv32.sys 6680576 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x9142E000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C46000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82C46000 PnpManager 4268032 bytes
0x82C46000 RAW 4268032 bytes
0x82C46000 WMIxWDM 4268032 bytes
0x97A01000 C:\Windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x98A60000 Win32k 2416640 bytes
0x98A60000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B41C000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8364B000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x97CE5000 C:\Windows\system32\DRIVERS\AGRSM.sys 1073152 bytes (LSI Corp, SoftModem Device Driver)
0x91937000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B2A0000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83304000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xAC682000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9A8E2000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83224000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8342E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90879000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8B22C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8FAEB000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAC22D000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xAC77D000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98D10000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9097B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8356F000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x834AD000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9A863000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91E56000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832C2000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90818000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B5A0000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B357000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91E0B000 C:\Windows\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xAC607000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x90942000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C0F000 ACPI_HAL 225280 bytes
0x82C0F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83606000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x929AC000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x837B8000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FB45000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B566000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9A822000 C:\Windows\system32\DRIVERS\RMCAST.sys 200704 bytes (Microsoft Corporation, Reliable Multicast Transport)
0x928B6000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x97C9D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B3BA000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0xAC751000 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 180224 bytes (CyberLink Corp., -)
0x91F98000 C:\Windows\system32\DRIVERS\nwusbmdm_000.sys 180224 bytes (Novatel Wireless Inc., Novatel Wireless USB Modem/Serial Device Driver)
0x92200000 C:\Windows\system32\DRIVERS\nwusbser2_000.sys 180224 bytes (Novatel Wireless Inc., Novatel Wireless USB Modem/Serial Device Driver)
0x91FC4000 C:\Windows\system32\DRIVERS\nwusbser_000.sys 180224 bytes (Novatel Wireless Inc., Novatel Wireless USB Modem/Serial Device Driver)
0x8377A000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83506000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83400000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x8FA23000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8B200000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B395000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x91F5E000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x833D8000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A9B3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x92938000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9A992000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xAC723000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90903000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FA69000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAC285000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8FA04000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9140F000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8FB7E000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98CF0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x929E0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAC642000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x909C6000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9A967000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x97CCC000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x908DD000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92891000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x92915000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9295A000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x92972000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92989000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FAC8000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91EDE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x91F47000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9A8CC000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x835CF000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x91F14000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x837A5000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9A8B9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FBAB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x835E5000 00000159 73728 bytes
0x92903000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9092C000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9A980000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x835E5000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8B408000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91ECD000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8363A000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91E9A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8353B000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832A9000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8FBBE000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x9A853000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B5EC000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9A8A9000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8355F000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91400000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x908F5000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8FB9D000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FABA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x835C1000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B289000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FBCF000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x833AF000 C:\Windows\system32\DRIVERS\szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0x91E48000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8349F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x928F5000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91EAB000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x928A9000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x97DEB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x928E8000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x833BD000 C:\Windows\system32\drivers\szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xAC744000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FA8A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9086D000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x91F27000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAC336000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x8FADF000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8FA5D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAC348000 C:\Users\Michael\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x83554000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x91EB8000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x91F09000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91F82000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x91F33000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8FAAF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9292D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x919EE000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83530000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x91EFF000 C:\Windows\system32\DRIVERS\dc3d.sys 40960 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x91EC3000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x91EF5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xAC678000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xAC32C000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x83200000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x90863000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90859000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x929A0000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xAC719000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8320A000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x835F7000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xAC353000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8B297000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x91F3E000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0x98CC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B597000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x834F5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832BA000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8354C000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x90924000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x8B400000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x834FE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FA97000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FA9F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8FAA7000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B5E4000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAC324000 C:\Windows\system32\DRIVERS\umpass.sys 32768 bytes (Microsoft Corporation, Generic pass-through driver)
0x8FA56000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x97DF8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x835BA000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8FA4F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8FB77000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0xAC342000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12D423D1-A89B-4102-AA00-04C533FD2DE9}\MpKslfb0562fc.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8FA4A000 C:\Windows\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000)
0x8B5DF000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x9093E000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAC675000 C:\Program Files\Anti Trojan Elite\ATEPMon.sys 12288 bytes
0x929AA000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x928E6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x80BC6000 00000157 6656 bytes
0x80BC6000 C:\Windows\system32\kdcom.dll 6656 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x92902000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
!!!!!!!!!!!Hidden driver: 0x86673F38 00000373 0 bytes
==============================================
>Stealth
==============================================
0x8671F604 Unknown page with executable code, 2556 bytes
0x8671D4A5 Unknown page with executable code, 2907 bytes
0x8671D0B3 Unknown thread object [ ETHREAD 0x864FED48 ] TID: 248, 600 bytes
0x8671E7FB Unknown thread object [ ETHREAD 0x86715D48 ] TID: 260, 600 bytes
0x8671AFB5 Unknown page with executable code, 75 bytes
  • 0

#9
ali.B
Posted 09 July 2011 - 12:51 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

delete your current copy of ComboFix

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#10
quasarn01
Posted 09 July 2011 - 04:24 PM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ComboFix 11-07-09.02 - Michael 07/09/2011 17:15:03.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1072 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\zvvwhb1r.vbt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-09 21:48 . 2011-07-09 22:05 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-07-09 21:48 . 2011-07-09 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-09 18:31 . 2011-07-09 18:31 -------- d-----w- C:\STOPZilla_v5.0.82.1-StreamingClub.net
2011-07-09 18:26 . 2011-07-09 18:26 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12D423D1-A89B-4102-AA00-04C533FD2DE9}\MpKslfb0562fc.sys
2011-07-09 18:26 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12D423D1-A89B-4102-AA00-04C533FD2DE9}\mpengine.dll
2011-07-09 17:33 . 2011-07-09 17:33 -------- d-----w- c:\program files\STOPzilla!
2011-07-09 17:33 . 2011-07-09 21:03 -------- d-----w- c:\programdata\STOPzilla!
2011-07-09 17:33 . 2011-07-09 17:33 -------- d-----w- c:\program files\Common Files\iS3
2011-07-08 21:59 . 2011-07-08 21:59 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-07-08 21:59 . 2011-07-08 21:59 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-07-08 21:59 . 2011-07-08 21:59 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-07-08 21:59 . 2011-07-08 21:59 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-07-08 21:59 . 2011-07-08 21:59 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-07-08 21:59 . 2011-07-08 21:59 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-07-08 21:59 . 2011-07-08 21:59 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-07-08 21:59 . 2011-07-08 21:59 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-07-08 21:59 . 2011-07-08 21:59 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-07-08 21:59 . 2011-07-08 21:59 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-07-08 21:59 . 2011-07-08 21:59 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-07-08 21:59 . 2011-07-08 21:59 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-07-08 16:54 . 2011-07-08 16:54 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2011-07-08 16:54 . 2011-07-08 16:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-08 16:32 . 2011-07-08 16:32 -------- d-----w- c:\program files\ESET
2011-07-08 15:15 . 2011-07-08 15:16 -------- d-----w- c:\program files\ERUNT
2011-07-07 23:29 . 2011-07-07 23:29 -------- d-----w- C:\MGADiagToolOutput
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-07-07 23:28 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Loaris
2011-07-07 12:38 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-07 11:07 . 2011-07-07 11:08 -------- d-----w- c:\users\Michael\Pavark
2011-07-06 04:30 . 2011-07-06 04:31 -------- d-----w- C:\CubeCart.v5
2011-07-06 03:20 . 2011-07-06 03:20 -------- d-----w- c:\program files\Artisteer 3
2011-07-06 02:35 . 2011-07-06 02:35 -------- d-----w- c:\program files\Apple Software Update
2011-07-05 12:43 . 2011-07-05 12:43 -------- d--h--w- c:\users\Michael\AppData\Roaming\Addons
2011-07-04 15:00 . 2011-07-04 15:00 -------- d-----w- C:\TrafficGenBundle
2011-07-01 16:33 . 2011-07-01 16:33 1811848 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-01 01:09 . 2011-07-01 01:09 -------- d--h--w- c:\users\Michael\AppData\Roaming\ResearchRankings
2011-06-30 16:57 . 2011-07-06 02:22 -------- d-----w- c:\users\Mike
2011-06-30 05:27 . 2011-07-07 02:27 -------- d-----w- C:\Artisteer themes
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Roaming\Artisteer
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Roaming\Apple Computer
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Local\Apple Computer
2011-06-30 04:58 . 2011-06-07 09:04 154424 ----a-w- C:\ChVID.exe
2011-06-30 04:57 . 2011-07-07 02:40 -------- d-----w- C:\Artisteer.3.0.0.32906
2011-06-28 23:36 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 23:36 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 23:36 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 23:36 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 23:36 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 23:36 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 23:36 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 23:36 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 23:36 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 23:36 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 03:16 . 2011-07-06 02:10 -------- d-----w- c:\users\Michael\AppData\Local\Google
2011-06-26 10:57 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Local\JollyBear
2011-06-26 10:57 . 2011-06-26 10:57 -------- d--h--w- c:\programdata\JollyBear
2011-06-25 03:07 . 2011-06-25 03:07 -------- d--h--w- c:\users\Michael\AppData\Roaming\JonathanLeger.com
2011-06-25 03:07 . 2011-06-25 03:07 -------- d--h--w- c:\users\Michael\AppData\Local\JonathanLeger.com
2011-06-25 03:05 . 2011-07-06 02:18 -------- d-----w- c:\program files\InstantArticleWizard
2011-06-25 02:39 . 2011-06-26 01:36 -------- d--h--w- c:\users\Michael\AppData\Roaming\Article Marketing Robot
2011-06-25 02:20 . 2011-06-25 02:20 -------- d--h--w- c:\users\Michael\AppData\Roaming\WeatherBug
2011-06-22 17:45 . 2011-06-22 17:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 17:45 . 2011-06-22 17:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 14:36 . 2011-06-22 14:36 -------- d--h--w- c:\users\Michael\AppData\Roaming\Publish Providers
2011-06-22 14:35 . 2011-06-22 14:40 -------- d--h--w- c:\users\Michael\AppData\Roaming\Sony
2011-06-22 14:35 . 2011-06-22 14:35 -------- d--h--w- c:\users\Michael\AppData\Local\Sony
2011-06-22 04:51 . 2011-06-08 17:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-22 04:51 . 2011-06-08 17:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-22 04:51 . 2011-06-08 17:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-22 04:51 . 2011-01-11 23:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-06-22 04:51 . 2011-06-08 17:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-22 04:51 . 2011-06-25 02:15 -------- d--h--w- c:\programdata\LogMeIn
2011-06-22 04:51 . 2011-06-25 02:15 -------- d-----w- c:\program files\LogMeIn
2011-06-21 11:55 . 2011-06-21 12:12 -------- d--h--w- c:\users\Michael\AppData\Local\Visual Web Ripper
2011-06-21 11:50 . 2011-06-21 11:55 -------- d--h--w- c:\programdata\Visual Web Ripper
2011-06-21 11:50 . 2011-06-21 11:50 -------- d-----w- c:\windows\system32\Visual Web Ripper
2011-06-21 11:49 . 2011-06-21 11:55 -------- d-----w- c:\program files\Visual Web Ripper
2011-06-20 18:57 . 2011-07-06 18:20 -------- d-----w- C:\download
2011-06-20 18:39 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Local\bhw
2011-06-20 18:39 . 2011-06-20 18:39 -------- d-----w- c:\program files\S3 Ripper
2011-06-20 17:05 . 2011-06-20 17:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-19 18:32 . 2011-07-06 02:07 -------- d-----w- c:\programdata\FLEXnet
2011-06-18 17:46 . 2011-07-06 02:14 -------- d-----w- C:\widgets
2011-06-18 14:14 . 2011-06-20 17:16 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-18 13:59 . 2011-06-20 17:14 -------- d-----w- c:\programdata\Hitman Pro
2011-06-18 11:29 . 2011-07-06 02:18 -------- d-----w- c:\programdata\PopCapv1005
2011-06-16 19:01 . 2010-03-12 22:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2011-06-16 19:01 . 2005-08-03 20:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2011-06-16 19:01 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2011-06-15 22:28 . 2011-06-15 22:39 -------- d-----w- C:\ZazzleStoreBuilder
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-14 21:24 . 2011-06-14 21:24 -------- d--h--w- c:\users\Michael\AppData\Roaming\TorrentEasy
2011-06-14 21:24 . 2011-06-14 21:24 -------- d--h--w- c:\programdata\TorrentEasy
2011-06-14 21:03 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-14 21:03 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-14 21:02 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-14 20:31 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-14 20:31 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-14 20:31 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-14 20:31 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-14 20:31 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 20:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 20:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 20:28 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 20:28 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 20:28 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-13 17:01 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Roaming\PopCapv1005eni
2011-06-12 12:06 . 2011-06-13 15:24 -------- d--h--w- c:\programdata\PopCap Games
2011-06-12 11:57 . 2011-06-12 12:03 -------- d-----w- c:\program files\Popcap Game Collection
2011-06-12 02:28 . 2011-07-06 02:06 -------- d-----w- C:\GoClickCashV4
2011-06-10 13:03 . 2011-07-06 02:10 -------- d-----w- C:\themes
2011-06-10 12:35 . 2011-07-06 02:14 -------- d-----w- C:\wordpress-3.1.3
2011-06-10 01:11 . 2011-06-10 01:14 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 13:21 . 2011-05-21 12:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 02:20 . 2011-02-25 05:40 18944 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-06-25 02:20 . 2011-02-25 05:40 11264 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-06-07 15:55 . 2011-02-23 06:16 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-03 23:23 . 2010-03-26 07:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-03 23:23 . 2011-05-03 10:44 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-27 17:56 . 2011-05-27 17:56 2 --shatr- c:\windows\winstart.bat
2011-04-29 06:25 . 2011-04-29 06:25 32768 ----a-w- c:\windows\system32\ZnMacroUIRes.enu
2011-04-22 19:14 . 2011-05-25 02:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-17 01:46 . 2011-04-17 01:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-17 01:46 . 2011-04-17 01:46 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-17 01:46 . 2011-04-17 01:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-17 01:46 . 2011-04-17 01:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-17 01:46 . 2011-04-17 01:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-17 01:46 . 2011-04-17 01:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-17 01:46 . 2011-04-17 01:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-17 01:46 . 2011-04-17 01:46 367104 ----a-w- c:\windows\system32\html.iec
2011-04-17 01:46 . 2011-04-17 01:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-17 01:46 . 2011-04-17 01:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-17 01:46 . 2011-04-17 01:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-17 01:46 . 2011-04-17 01:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-17 01:46 . 2011-04-17 01:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-17 01:46 . 2011-04-17 01:46 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-17 01:46 . 2011-04-17 01:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-17 01:46 . 2011-04-17 01:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-17 01:46 . 2011-04-17 01:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-17 01:46 . 2011-04-17 01:46 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-17 01:46 . 2011-04-17 01:46 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-22 17:45 . 2011-03-24 04:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-09_00.41.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-23 05:13 . 2011-07-09 17:56 30376 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-07-09 22:06 45808 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-12 22:01 . 2010-05-12 22:01 59280 c:\windows\System32\drivers\SZKGFS.sys
+ 2009-12-07 21:59 . 2009-12-07 21:59 61328 c:\windows\System32\drivers\SZKG.sys
+ 2009-12-07 21:59 . 2009-12-07 21:59 61328 c:\windows\System32\drivers\is3srv.sys
- 2011-02-23 07:15 . 2011-07-08 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 07:15 . 2011-07-09 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-23 07:15 . 2011-07-08 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-23 07:15 . 2011-07-09 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-07-08 15:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-07-09 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-23 04:50 . 2011-07-08 23:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 04:50 . 2011-07-09 21:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 04:49 . 2011-07-09 22:06 7408 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299831259-2224401898-4077553221-1001_UserData.bin
- 2011-02-23 04:49 . 2011-07-08 04:14 7408 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299831259-2224401898-4077553221-1001_UserData.bin
- 2011-07-08 23:30 . 2011-07-08 23:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-09 17:54 . 2011-07-09 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-09 17:54 . 2011-07-09 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-08 23:30 . 2011-07-08 23:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:34 . 2011-07-09 17:15 135968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:47 . 2011-07-09 17:53 487192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-07-08 23:24 487192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-09 17:15 . 2005-10-20 16:02 163328 c:\windows\ERDNT\7-9-2011\ERDNT.EXE
+ 2011-07-09 20:40 . 2011-07-09 20:40 1441792 c:\windows\temp\word.msp
+ 2009-07-14 04:34 . 2011-07-09 17:12 5981801 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-06-03 01:12 . 2011-07-08 23:24 7234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299831259-2224401898-4077553221-1001-8192.dat
+ 2011-06-03 01:12 . 2011-07-09 17:53 7234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299831259-2224401898-4077553221-1001-8192.dat
+ 2011-07-09 17:15 . 2011-07-09 17:15 5943296 c:\windows\ERDNT\7-9-2011\Users\00000002\UsrClass.dat
+ 2011-07-09 17:15 . 2011-07-09 17:15 5992448 c:\windows\ERDNT\7-9-2011\Users\00000001\ntuser.dat
+ 2011-05-13 01:30 . 2011-07-09 17:20 17061399 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2011-03-24 04:59 . 2011-07-09 17:53 10371220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299831259-2224401898-4077553221-1001-12288.dat
+ 2011-07-09 17:32 . 2011-07-09 17:32 18856960 c:\windows\Installer\123f53.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:10 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
backup=c:\windows\pss\Nuance Cloud Connector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
2011-07-07 20:30 4076544 ----a-w- c:\program files\Anti Trojan Elite\TJEnder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-04-02 13:11 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 11:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-10 01:11 136176 ----atw- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-11-14 21:30 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 18-reminder]
2010-10-27 15:45 333088 ----a-w- c:\program files\Nuance\OmniPage18\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage Preload]
2011-05-10 18:26 2983200 ----a-w- c:\program files\Nuance\OmniPage18\OmniPage18.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller]
2011-04-29 06:38 138528 ----a-w- c:\program files\Nuance\PDF Create 7\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2011-04-29 06:38 606496 ----a-w- c:\program files\Nuance\PDF Create 7\PdfCreate7Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 04:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2011-05-28 01:47 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IBP"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R1 SASDIFSV;SASDIFSV;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 GDV;GDV;c:\users\Michael\AppData\Local\Temp\GDV.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\62BE.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2010-07-08 20480]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R4 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R4 GladFileMonSvc;GladFileMonSvc;c:\program files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R4 VisualWebRipper;Visual Web Ripper;c:\program files\Visual Web Ripper\WebRipperService.exe [2009-10-29 13824]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 MpKslfb0562fc;MpKslfb0562fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12D423D1-A89B-4102-AA00-04C533FD2DE9}\MpKslfb0562fc.sys [2011-07-09 28752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/06/03 19:26];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 13:11 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [2010-11-15 9984]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-03 216064]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 44416]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 176384]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 01:11]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 01:11]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 01:11]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 01:11]
.
2011-06-18 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-06-20 17:04]
.
2011-07-09 c:\windows\Tasks\Windows 7 Manager - Logon Background Changer.job
- c:\program files\Yamicsoft\Windows 7 Manager\LogonBackgroundChanger.exe [2010-10-26 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 207.65.96.5 207.65.96.3 192.168.2.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49737
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\62BE.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2512)
c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
c:\program files\Nuance\Nuance Cloud Connector\GlCopyHandler.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-07-09 18:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-09 22:22
ComboFix2.txt 2011-07-09 00:56
.
Pre-Run: 77,563,334,656 bytes free
Post-Run: 77,506,904,064 bytes free
.
- - End Of File - - 7B7BE7D1C926090BFB9479B54E693C4B
  • 0

Advertisements

#11
ali.B
Posted 10 July 2011 - 02:10 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\62BE.tmp
c:\users\Michael\AppData\Local\Temp\GDV.exe

Driver::
GDV
MEMSWEEP2


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#12
quasarn01
Posted 10 July 2011 - 07:19 AM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I closed everything up and ran combofix and my 'puter threw up the BSOD... So, I restarted in Safe Mode/without networking... Ran combofix and log is attached below... I have the MEMORY.DUMP File available and it's 300k+ if you wanna look at it... I'll send as attachment if you wanna see it...
*************************************************************************************************


ComboFix 11-07-09.02 - Michael 07/10/2011 7:45.4.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2477 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Michael\AppData\Local\Temp\GDV.exe"
"c:\windows\system32\62BE.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_GDV
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 12:16 . 2011-07-10 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 05:42 . 2011-07-10 05:42 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{691B3C5E-A936-400E-AC32-A19C352E8B44}\MpKsl10d11917.sys
2011-07-10 05:42 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{691B3C5E-A936-400E-AC32-A19C352E8B44}\mpengine.dll
2011-07-10 02:18 . 2011-07-10 02:18 -------- d-----w- c:\users\Michael\AppData\Roaming\WeatherBug
2011-07-09 21:48 . 2011-07-10 12:20 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-07-09 18:31 . 2011-07-09 18:31 -------- d-----w- C:\STOPZilla_v5.0.82.1-StreamingClub.net
2011-07-09 17:33 . 2011-07-09 17:33 -------- d-----w- c:\program files\STOPzilla!
2011-07-09 17:33 . 2011-07-09 21:03 -------- d-----w- c:\programdata\STOPzilla!
2011-07-09 17:33 . 2011-07-09 17:33 -------- d-----w- c:\program files\Common Files\iS3
2011-07-08 21:59 . 2011-07-08 21:59 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-07-08 21:59 . 2011-07-08 21:59 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-07-08 21:59 . 2011-07-08 21:59 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-07-08 21:59 . 2011-07-08 21:59 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-07-08 21:59 . 2011-07-08 21:59 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-07-08 21:59 . 2011-07-08 21:59 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-07-08 21:59 . 2011-07-08 21:59 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-07-08 21:59 . 2011-07-08 21:59 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-07-08 21:59 . 2011-07-08 21:59 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-07-08 21:59 . 2011-07-08 21:59 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-07-08 21:59 . 2011-07-08 21:59 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-07-08 21:59 . 2011-07-08 21:59 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-07-08 16:54 . 2011-07-08 16:54 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2011-07-08 16:54 . 2011-07-08 16:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-08 16:32 . 2011-07-08 16:32 -------- d-----w- c:\program files\ESET
2011-07-08 15:15 . 2011-07-08 15:16 -------- d-----w- c:\program files\ERUNT
2011-07-07 23:29 . 2011-07-07 23:29 -------- d-----w- C:\MGADiagToolOutput
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-07-07 23:28 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\programdata\Malwarebytes
2011-07-07 23:28 . 2011-07-07 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 16:20 . 2011-07-07 16:20 -------- d-----w- c:\program files\Loaris
2011-07-07 12:38 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-07 11:07 . 2011-07-07 11:08 -------- d-----w- c:\users\Michael\Pavark
2011-07-06 04:30 . 2011-07-06 04:31 -------- d-----w- C:\CubeCart.v5
2011-07-06 03:20 . 2011-07-06 03:20 -------- d-----w- c:\program files\Artisteer 3
2011-07-06 02:35 . 2011-07-06 02:35 -------- d-----w- c:\program files\Apple Software Update
2011-07-05 12:43 . 2011-07-05 12:43 -------- d--h--w- c:\users\Michael\AppData\Roaming\Addons
2011-07-04 15:00 . 2011-07-04 15:00 -------- d-----w- C:\TrafficGenBundle
2011-07-01 16:33 . 2011-07-01 16:33 1811848 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-01 01:09 . 2011-07-01 01:09 -------- d--h--w- c:\users\Michael\AppData\Roaming\ResearchRankings
2011-06-30 16:57 . 2011-07-06 02:22 -------- d-----w- c:\users\Mike
2011-06-30 05:27 . 2011-07-07 02:27 -------- d-----w- C:\Artisteer themes
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Roaming\Artisteer
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Roaming\Apple Computer
2011-06-30 05:16 . 2011-06-30 05:16 -------- d--h--w- c:\users\Michael\AppData\Local\Apple Computer
2011-06-30 04:58 . 2011-06-07 09:04 154424 ----a-w- C:\ChVID.exe
2011-06-30 04:57 . 2011-07-07 02:40 -------- d-----w- C:\Artisteer.3.0.0.32906
2011-06-28 23:36 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 23:36 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 23:36 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 23:36 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 23:36 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 23:36 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 23:36 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 23:36 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 23:36 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 23:36 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 03:16 . 2011-07-06 02:10 -------- d-----w- c:\users\Michael\AppData\Local\Google
2011-06-26 10:57 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Local\JollyBear
2011-06-26 10:57 . 2011-06-26 10:57 -------- d--h--w- c:\programdata\JollyBear
2011-06-25 03:07 . 2011-06-25 03:07 -------- d--h--w- c:\users\Michael\AppData\Roaming\JonathanLeger.com
2011-06-25 03:07 . 2011-06-25 03:07 -------- d--h--w- c:\users\Michael\AppData\Local\JonathanLeger.com
2011-06-25 03:05 . 2011-07-06 02:18 -------- d-----w- c:\program files\InstantArticleWizard
2011-06-25 02:39 . 2011-06-26 01:36 -------- d--h--w- c:\users\Michael\AppData\Roaming\Article Marketing Robot
2011-06-22 17:45 . 2011-06-22 17:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 17:45 . 2011-06-22 17:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 14:36 . 2011-06-22 14:36 -------- d--h--w- c:\users\Michael\AppData\Roaming\Publish Providers
2011-06-22 14:35 . 2011-06-22 14:40 -------- d--h--w- c:\users\Michael\AppData\Roaming\Sony
2011-06-22 14:35 . 2011-06-22 14:35 -------- d--h--w- c:\users\Michael\AppData\Local\Sony
2011-06-22 04:51 . 2011-06-08 17:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-22 04:51 . 2011-06-08 17:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-22 04:51 . 2011-06-08 17:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-22 04:51 . 2011-01-11 23:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-06-22 04:51 . 2011-06-08 17:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-22 04:51 . 2011-06-25 02:15 -------- d--h--w- c:\programdata\LogMeIn
2011-06-22 04:51 . 2011-06-25 02:15 -------- d-----w- c:\program files\LogMeIn
2011-06-21 11:55 . 2011-06-21 12:12 -------- d--h--w- c:\users\Michael\AppData\Local\Visual Web Ripper
2011-06-21 11:50 . 2011-06-21 11:55 -------- d--h--w- c:\programdata\Visual Web Ripper
2011-06-21 11:50 . 2011-06-21 11:50 -------- d-----w- c:\windows\system32\Visual Web Ripper
2011-06-21 11:49 . 2011-06-21 11:55 -------- d-----w- c:\program files\Visual Web Ripper
2011-06-20 18:57 . 2011-07-06 18:20 -------- d-----w- C:\download
2011-06-20 18:39 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Local\bhw
2011-06-20 18:39 . 2011-06-20 18:39 -------- d-----w- c:\program files\S3 Ripper
2011-06-20 17:05 . 2011-06-20 17:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-19 18:32 . 2011-07-06 02:07 -------- d-----w- c:\programdata\FLEXnet
2011-06-18 17:46 . 2011-07-06 02:14 -------- d-----w- C:\widgets
2011-06-18 14:14 . 2011-06-20 17:16 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-18 13:59 . 2011-06-20 17:14 -------- d-----w- c:\programdata\Hitman Pro
2011-06-18 11:29 . 2011-07-06 02:18 -------- d-----w- c:\programdata\PopCapv1005
2011-06-16 19:01 . 2010-03-12 22:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2011-06-16 19:01 . 2005-08-03 20:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2011-06-16 19:01 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2011-06-15 22:28 . 2011-06-15 22:39 -------- d-----w- C:\ZazzleStoreBuilder
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-14 21:24 . 2011-06-14 21:24 -------- d--h--w- c:\users\Michael\AppData\Roaming\TorrentEasy
2011-06-14 21:24 . 2011-06-14 21:24 -------- d--h--w- c:\programdata\TorrentEasy
2011-06-14 21:03 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-14 21:03 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-14 21:02 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-14 20:31 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-14 20:31 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-14 20:31 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-14 20:31 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-14 20:31 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 20:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 20:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 20:28 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 20:28 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 20:28 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-13 17:01 . 2011-07-06 02:19 -------- d-----w- c:\users\Michael\AppData\Roaming\PopCapv1005eni
2011-06-12 12:06 . 2011-06-13 15:24 -------- d--h--w- c:\programdata\PopCap Games
2011-06-12 11:57 . 2011-06-12 12:03 -------- d-----w- c:\program files\Popcap Game Collection
2011-06-12 02:28 . 2011-07-06 02:06 -------- d-----w- C:\GoClickCashV4
2011-06-10 13:03 . 2011-07-06 02:10 -------- d-----w- C:\themes
2011-06-10 12:35 . 2011-07-06 02:14 -------- d-----w- C:\wordpress-3.1.3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 02:18 . 2011-02-25 05:40 18944 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-07-10 02:18 . 2011-02-25 05:40 11264 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-07-01 13:21 . 2011-05-21 12:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2011-02-23 06:16 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-03 23:23 . 2010-03-26 07:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-03 23:23 . 2011-05-03 10:44 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-27 17:56 . 2011-05-27 17:56 2 --shatr- c:\windows\winstart.bat
2011-04-29 06:25 . 2011-04-29 06:25 32768 ----a-w- c:\windows\system32\ZnMacroUIRes.enu
2011-04-22 19:14 . 2011-05-25 02:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-17 01:46 . 2011-04-17 01:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-17 01:46 . 2011-04-17 01:46 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-17 01:46 . 2011-04-17 01:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-17 01:46 . 2011-04-17 01:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-17 01:46 . 2011-04-17 01:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-17 01:46 . 2011-04-17 01:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-17 01:46 . 2011-04-17 01:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-17 01:46 . 2011-04-17 01:46 367104 ----a-w- c:\windows\system32\html.iec
2011-04-17 01:46 . 2011-04-17 01:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-17 01:46 . 2011-04-17 01:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-17 01:46 . 2011-04-17 01:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-17 01:46 . 2011-04-17 01:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-17 01:46 . 2011-04-17 01:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-17 01:46 . 2011-04-17 01:46 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-17 01:46 . 2011-04-17 01:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-17 01:46 . 2011-04-17 01:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-17 01:46 . 2011-04-17 01:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-17 01:46 . 2011-04-17 01:46 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-17 01:46 . 2011-04-17 01:46 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-22 17:45 . 2011-03-24 04:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-09_00.41.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-23 05:13 . 2011-07-09 17:56 30376 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-07-10 11:17 46610 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-12 22:01 . 2010-05-12 22:01 59280 c:\windows\System32\drivers\SZKGFS.sys
+ 2009-12-07 21:59 . 2009-12-07 21:59 61328 c:\windows\System32\drivers\SZKG.sys
+ 2009-12-07 21:59 . 2009-12-07 21:59 61328 c:\windows\System32\drivers\is3srv.sys
- 2011-02-23 07:15 . 2011-07-08 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 07:15 . 2011-07-09 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 07:15 . 2011-07-09 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-23 07:15 . 2011-07-08 15:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-07-08 15:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-07-09 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-23 04:50 . 2011-07-10 11:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-23 04:50 . 2011-07-08 23:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-23 04:49 . 2011-07-09 22:06 7408 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299831259-2224401898-4077553221-1001_UserData.bin
- 2011-02-23 04:49 . 2011-07-08 04:14 7408 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299831259-2224401898-4077553221-1001_UserData.bin
- 2011-07-08 23:30 . 2011-07-08 23:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-09 17:54 . 2011-07-10 12:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-09 17:54 . 2011-07-10 12:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-08 23:30 . 2011-07-08 23:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:34 . 2011-07-09 17:15 135968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:47 . 2011-07-09 17:53 487192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-07-08 23:24 487192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-09 17:15 . 2005-10-20 16:02 163328 c:\windows\ERDNT\7-9-2011\ERDNT.EXE
+ 2009-07-14 04:34 . 2011-07-09 17:12 5981801 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-03 01:12 . 2011-07-09 17:53 7234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299831259-2224401898-4077553221-1001-8192.dat
- 2011-06-03 01:12 . 2011-07-08 23:24 7234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299831259-2224401898-4077553221-1001-8192.dat
+ 2011-07-09 17:15 . 2011-07-09 17:15 5943296 c:\windows\ERDNT\7-9-2011\Users\00000002\UsrClass.dat
+ 2011-07-09 17:15 . 2011-07-09 17:15 5992448 c:\windows\ERDNT\7-9-2011\Users\00000001\ntuser.dat
+ 2011-05-13 01:30 . 2011-07-09 17:20 17061399 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2011-03-24 04:59 . 2011-07-09 17:53 10371220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3299831259-2224401898-4077553221-1001-12288.dat
+ 2011-07-09 17:32 . 2011-07-09 17:32 18856960 c:\windows\Installer\123f53.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:10 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
backup=c:\windows\pss\Nuance Cloud Connector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 02:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
2011-07-07 20:30 4076544 ----a-w- c:\program files\Anti Trojan Elite\TJEnder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-04-02 13:11 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 11:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-10 01:11 136176 ----atw- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-11-14 21:30 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 18-reminder]
2010-10-27 15:45 333088 ----a-w- c:\program files\Nuance\OmniPage18\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage Preload]
2011-05-10 18:26 2983200 ----a-w- c:\program files\Nuance\OmniPage18\OmniPage18.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller]
2011-04-29 06:38 138528 ----a-w- c:\program files\Nuance\PDF Create 7\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2011-04-29 06:38 606496 ----a-w- c:\program files\Nuance\PDF Create 7\PdfCreate7Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 04:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2011-05-28 01:47 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IBP"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R1 MpKsl10d11917;MpKsl10d11917;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{691B3C5E-A936-400E-AC32-A19C352E8B44}\MpKsl10d11917.sys [2011-07-10 28752]
R1 MpKslfb0562fc;MpKslfb0562fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12D423D1-A89B-4102-AA00-04C533FD2DE9}\MpKslfb0562fc.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Michael\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/06/03 19:26];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 13:11 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [2010-11-15 9984]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-03 216064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2010-07-08 20480]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 176384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R4 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R4 GladFileMonSvc;GladFileMonSvc;c:\program files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R4 VisualWebRipper;Visual Web Ripper;c:\program files\Visual Web Ripper\WebRipperService.exe [2009-10-29 13824]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 44416]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 01:11]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 01:11]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 01:11]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299831259-2224401898-4077553221-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 01:11]
.
2011-06-18 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-06-20 17:04]
.
2011-07-10 c:\windows\Tasks\Windows 7 Manager - Logon Background Changer.job
- c:\program files\Yamicsoft\Windows 7 Manager\LogonBackgroundChanger.exe [2010-10-26 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 207.65.96.5 207.65.96.3 192.168.2.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37af0h1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49737
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(964)
c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
c:\program files\Nuance\Nuance Cloud Connector\GlCopyHandler.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2011-07-10 08:37:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-10 12:37
ComboFix2.txt 2011-07-09 22:22
ComboFix3.txt 2011-07-09 00:56
.
Pre-Run: 77,247,389,696 bytes free
Post-Run: 76,857,401,344 bytes free
.
- - End Of File - - 75570CB2BB270BE0BEA8D8D0ADAD58D7
  • 0

#13
ali.B
Posted 10 July 2011 - 11:31 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
still getting redirected ?
  • 0

#14
quasarn01
Posted 10 July 2011 - 11:38 AM

quasarn01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Yes sir... Still being redirected... Here are a couple of landing sites that come up afer going to google and searching for nothing in particular... I made sure I scrolled down on google to ensure that I wasn't hitting a google ad site...

http://www.shopica.c...0.4e19e294.2dd5

http://star.feedsmix...ubid=itcg-20342
  • 0

#15
ali.B
Posted 10 July 2011 - 11:50 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

If TDSSKiller fails to run in normal mode try it in Safe mode.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP