Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/DNSchanger.vj.2 is found by Antivir and is persistent

Started by Eduardotrojan , Sep 28 2011 04:44 PM

  • This topic is locked This topic is locked

#16
Eduardotrojan
Posted 06 October 2011 - 03:40 PM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Zipped file is attached thank you!

Attached Files

  • Attached File  OTL.zip   665.57KB   169 downloads

  • 0

Advertisements

#17
maliprog
Posted 06 October 2011 - 11:23 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#18
Eduardotrojan
Posted 07 October 2011 - 10:37 PM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I ran the scan and the report indicated no threats so there was no log to post.
  • 0

#19
maliprog
Posted 08 October 2011 - 12:29 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

How is your system now? What problems do you have now?
  • 0

#20
Eduardotrojan
Posted 08 October 2011 - 07:10 AM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I still get the message that windows defender is down and I can't manually turn it on. Also, My web browser firefox is continually redirected to spam websites when I do a google search from the toolbar.
  • 0

#21
maliprog
Posted 08 October 2011 - 10:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try latest tools that are design to remove this infection.

Step 1

  • Download AntiZeroAccess to Desktop
  • Double click on it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Type y and press enter to run the scan
  • Please post AntiZeroAccess_Log.txt contents in your next post. This file is saved in the same location as AntiZeroAccess program.

Step 2

Download ESETSirefefRemover.exe malware removal tool while in Normal Mode and follow the prompts as directed.

Report if this tool found and desinfected your machine.


Step 3

Please delete your version of TDSSKiller and download new one. Run it as you did before and post log here for me.

Step 4

Please don't forget to include these items in your reply:

  • AntiZeroAccess log
  • ESETSirefefRemover report findings
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#22
Eduardotrojan
Posted 08 October 2011 - 03:15 PM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
AntiZeroaccess states that this only runs on 32 bit systems and will not let me continue. The ESETsirefefremover opens and closes a dialog box so fast I can't read what it says in there but it does not produce a log or seem to be running properly.

Also, after deleting old TDsskiller and putting in a new one, the scan still says no threats found.

Edited by Eduardotrojan, 08 October 2011 - 03:18 PM.

  • 0

#23
maliprog
Posted 09 October 2011 - 12:06 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Do you have Recovery partition on this machine? Usually brand name systems like DELL, HP, etc. have it.

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.

  • 0

#24
Eduardotrojan
Posted 09 October 2011 - 10:13 AM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1555
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 145):
0x02419000 \SystemRoot\system32\ntoskrnl.exe
0x02931000 \SystemRoot\system32\hal.dll
0x00605000 \SystemRoot\system32\kdcom.dll
0x0060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064A000 \SystemRoot\system32\PSHED.dll
0x0065E000 \SystemRoot\system32\CLFS.SYS
0x006BB000 \SystemRoot\system32\CI.dll
0x00806000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EE000 \SystemRoot\system32\drivers\acpi.sys
0x00944000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00957000 \SystemRoot\system32\drivers\pci.sys
0x00987000 \SystemRoot\System32\drivers\partmgr.sys
0x0099C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AC000 \SystemRoot\system32\drivers\volmgr.sys
0x0076D000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C0000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D3000 \SystemRoot\system32\drivers\atapi.sys
0x009DB000 \SystemRoot\system32\drivers\ataport.SYS
0x007D3000 \SystemRoot\system32\drivers\msahci.sys
0x007DD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C05000 \SystemRoot\system32\drivers\ndis.sys
0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E00000 \SystemRoot\System32\drivers\tcpip.sys
0x00F76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01180000 \SystemRoot\system32\drivers\volsnap.sys
0x011C4000 \SystemRoot\System32\Drivers\Tpkd.sys
0x011E7000 \SystemRoot\System32\Drivers\spldr.sys
0x00FA2000 \SystemRoot\System32\Drivers\mup.sys
0x00FB4000 \SystemRoot\System32\drivers\ecache.sys
0x00FE0000 \SystemRoot\system32\drivers\disk.sys
0x00DC8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011EF000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BAF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00BBC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02007000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02A26000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02B09000 \SystemRoot\System32\drivers\watchdog.sys
0x02B19000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02B25000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02B6B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03007000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x03496000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x034D9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x034EB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x034FB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x0351B000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03530000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03547000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0359E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x035B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EFB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x035C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x035EC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02F41000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02F54000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x035F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02F5D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F96000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02B7C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02B9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02BD0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02BE0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00BC5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00BDD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x035FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0360D000 \SystemRoot\system32\DRIVERS\ks.sys
0x03641000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0364C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0365C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x036A4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x036B8000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x03731000 \SystemRoot\system32\DRIVERS\portcls.sys
0x0376C000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0378F000 \SystemRoot\system32\drivers\ksthunk.sys
0x03795000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x037B9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x037C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x037DF000 \SystemRoot\System32\Drivers\Null.SYS
0x037F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00BF0000 \SystemRoot\System32\drivers\vga.sys
0x0700D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x07032000 \SystemRoot\system32\DRIVERS\OA008Vid.sys
0x0707E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x07087000 \SystemRoot\system32\DRIVERS\OA008Ufd.sys
0x070AE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x070B7000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x070DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x070EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x070FB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x07104000 \SystemRoot\system32\DRIVERS\tdx.sys
0x07121000 \SystemRoot\system32\DRIVERS\smb.sys
0x0713C000 \SystemRoot\system32\drivers\afd.sys
0x071A7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x071EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0720E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0722C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0723B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07256000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x072A3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x072AF000 \SystemRoot\System32\Drivers\dfsc.sys
0x072CC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x072F0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x072FE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0730A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x07314000 \SystemRoot\System32\drivers\Dxapi.sys
0x07320000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x07333000 \SystemRoot\system32\drivers\luafv.sys
0x07355000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x18A07000 \SystemRoot\system32\drivers\spsys.sys
0x18AA1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x18AB5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x18AE9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x18AF4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x18B0C000 \SystemRoot\system32\drivers\HTTP.sys
0x18BAF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x18BD8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0738E000 \SystemRoot\system32\drivers\mrxdav.sys
0x073B5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x18E0C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x18E55000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x18E74000 \SystemRoot\System32\DRIVERS\srv2.sys
0x18EA6000 \SystemRoot\System32\DRIVERS\srv.sys
0x18F39000 \SystemRoot\system32\drivers\peauth.sys
0x19409000 \SystemRoot\System32\Drivers\fastfat.SYS
0x1943E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x19449000 \SystemRoot\System32\drivers\tcpipreg.sys
0x19459000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77920000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
552 csrss.exe
592 C:\Windows\System32\wininit.exe
612 csrss.exe
652 C:\Windows\System32\services.exe
684 C:\Windows\System32\winlogon.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
1044 C:\Windows\System32\audiodg.exe
1088 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\SLsvc.exe
1152 C:\Windows\System32\svchost.exe
1256 C:\Program Files\Dell\DellDock\DockLogin.exe
1372 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\spoolsv.exe
1664 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
1692 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1708 C:\Windows\System32\svchost.exe
1900 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
1912 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1928 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1972 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1992 C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
2024 C:\Windows\System32\dldocoms.exe
2032 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1292 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\svchost.exe
2076 C:\Windows\SysWOW64\PSIService.exe
2104 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2180 C:\Windows\System32\svchost.exe
2240 C:\Windows\System32\svchost.exe
2292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2344 C:\Windows\System32\SearchIndexer.exe
2448 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2672 C:\Windows\System32\taskeng.exe
2580 C:\Windows\System32\svchost.exe
2692 C:\Windows\System32\svchost.exe
848 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1476 WmiPrvSE.exe
3308 C:\Windows\System32\taskeng.exe
3324 C:\Windows\System32\dwm.exe
3380 C:\Windows\explorer.exe
3556 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3564 C:\Windows\System32\M-AudioTaskBarIcon64.exe
3584 C:\Windows\System32\hkcmd.exe
3592 C:\Windows\System32\igfxpers.exe
3600 C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
3612 C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
3644 C:\Windows\System32\igfxsrvc.exe
3772 C:\Program Files\Dell\DellDock\DellDock.exe
3796 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3804 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3812 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3828 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
3880 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3892 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3908 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
3920 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
4092 C:\Windows\System32\wbem\unsecapp.exe
3552 C:\Program Files\iPod\bin\iPodService.exe
1328 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4416 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1656 C:\Users\Eddie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!



Im not sure what Recovery Partition is. I have system restore I know that. Is there a way to check for Recovery Partition?
  • 0

#25
maliprog
Posted 09 October 2011 - 11:58 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Please remove your version of Combofix and download new one. Run it as you did last time and post log here for me.
  • 0

Advertisements

#26
Eduardotrojan
Posted 10 October 2011 - 11:29 AM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
new combofix log. Avira still finds the same virus after the computer was rebooted.

ComboFix 11-10-10.01 - Eddie 10/10/2011 12:44:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2211 [GMT -4:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 16:56 . 2011-10-10 16:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA3B0395-488E-4B1F-9E73-72599595F463}\offreg.dll
2011-10-10 16:56 . 2011-10-10 16:56 -------- d-----we c:\windows\system64
2011-10-10 16:55 . 2011-10-10 16:57 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2011-10-10 16:55 . 2011-10-10 16:55 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-10 16:55 . 2011-10-10 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 21:14 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA3B0395-488E-4B1F-9E73-72599595F463}\mpengine.dll
2011-10-07 14:06 . 2011-10-07 14:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-02 01:30 . 2011-10-02 01:30 -------- d-----w- C:\_OTM
2011-09-29 21:05 . 2011-09-29 21:05 -------- d-----w- C:\_OTL
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 19:32 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 17:51 . 2011-09-28 17:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 17:49 . 2011-09-28 22:33 -------- d-----w- c:\programdata\Lavasoft
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 14:10 . 2011-09-06 14:10 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-28 04:30 . 2011-08-28 04:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31 . 2011-08-10 16:25 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:24 . 2011-08-10 16:24 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 11:23 . 2011-08-10 16:24 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 11:23 . 2011-08-10 16:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 11:23 . 2011-08-10 16:24 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 11:04 . 2011-08-10 16:25 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-23 11:00 . 2011-08-10 16:24 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 16:25 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 16:24 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-23 10:59 . 2011-08-10 16:24 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-23 10:31 . 2011-08-10 16:24 479232 ----a-w- c:\windows\system32\html.iec
2011-07-23 10:03 . 2011-08-10 16:24 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-07-23 09:50 . 2011-08-10 16:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:48 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 09:27 . 2011-08-10 16:24 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"FAStartup"="" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-06-18 77824]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
.
c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [2007-10-05 34032]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 1044720]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-03-07 2360584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2009-02-11 634888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MemoryCardManager"="c:\program files (x86)\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"dldomon.exe"="c:\program files (x86)\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-10 13:04:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 17:04
ComboFix2.txt 2011-10-04 14:26
ComboFix3.txt 2011-10-04 01:18
ComboFix4.txt 2011-09-30 19:28
ComboFix5.txt 2011-10-10 16:40
.
Pre-Run: 168,263,733,248 bytes free
Post-Run: 168,323,887,104 bytes free
.
- - End Of File - - 597C54F61E5F3798DD8D099A94D7E590
  • 0

#27
maliprog
Posted 10 October 2011 - 11:38 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Combofix did remove some part of infection but major is still on your system.

Step 1

Can you please write me what infection Avira finds and where. Write anything you can see please.

Step 2

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

C:\|GAC_32;true;true;true /FP
C:\|GAC_64;true;true;true /FP

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

  • 0

#28
Eduardotrojan
Posted 11 October 2011 - 06:40 AM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Avira says TR/DNSchanger.vj.2 is found in file C:\Windows\assembly\tmp\U\80000032.@ and that is the only message that pops up. I will post OTL log shortly.
  • 0

#29
Eduardotrojan
Posted 11 October 2011 - 10:13 AM

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL Log.

OTL logfile created on: 10/11/2011 8:41:49 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Eddie\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.90% Memory free
8.11 Gb Paging File | 6.38 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 156.36 Gb Free Space | 55.17% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.75 Gb Free Space | 52.90% Space Free | Partition Type: NTFS

Computer Name: EDDIES-DELL | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
PRC - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/02 17:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/03/07 15:16:26 | 001,934,600 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/03/07 15:16:26 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/11 12:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 22:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/07 15:17:04 | 000,088,840 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2009/03/07 15:16:30 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2009/03/07 15:15:28 | 000,234,248 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
MOD - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
MOD - [2007/09/06 16:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldoscw.dll
MOD - [2007/08/01 04:15:51 | 000,077,906 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocfg.dll
MOD - [2007/05/03 11:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldodatr.dll
MOD - [2007/04/09 09:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\DLDOptp.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocats.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/20 04:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 04:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 12:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldocoms.exe -- (dldo_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/30 18:37:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 18:37:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/21 15:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 04:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/11 09:47:50 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausbft.sys -- (MAUSBFT)
DRV:64bit: - [2009/02/10 05:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 05:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/26 03:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 02:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 11:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 05:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/16 05:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 05:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 05:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eddie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 22:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/01 22:27:31 | 000,000,000 | ---D | M]

[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2011/10/09 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions
[2011/05/13 16:48:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/10/09 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/18 00:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" File not found
O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4256B9A-C8A6-44DB-8C18-7B71AE3A41C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 13:04:39 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\temp
[2011/10/10 12:57:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/10 12:56:45 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/10 12:39:06 | 004,250,579 | R--- | C] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/08 17:17:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\tdsskiller
[2011/10/08 17:01:22 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/05 12:32:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 10:26:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/01 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\GooredFix Backups
[2011/10/01 21:30:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/30 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/29 17:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/28 18:38:06 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 17:57:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/28 17:57:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 17:57:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 17:57:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/09/28 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 15:32:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 13:51:42 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/28 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/04 14:50:58 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2009/07/04 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2009/07/04 14:50:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2009/07/04 14:50:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2009/07/04 14:50:56 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2009/07/04 14:50:56 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2009/07/04 14:50:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2009/07/04 14:50:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2009/07/04 14:50:55 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2009/07/04 14:50:55 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2009/07/04 14:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2009/07/04 14:50:55 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2009/07/04 14:50:54 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/11 08:37:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 08:13:55 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/11 08:13:55 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/11 08:13:55 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/11 08:07:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 08:07:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 08:07:04 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 12:39:17 | 004,250,579 | R--- | M] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/09 23:08:04 | 000,000,732 | ---- | M] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/10/09 12:09:38 | 000,080,384 | ---- | M] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:37 | 000,648,214 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:47 | 001,539,630 | ---- | M] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/08 17:01:23 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:05:48 | 098,668,152 | ---- | M] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:58 | 000,002,316 | ---- | M] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:04 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/05 12:54:50 | 408,035,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/05 12:33:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 11:42:52 | 000,633,966 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/10/04 11:13:26 | 000,000,486 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/10/02 19:15:35 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/09/30 13:05:02 | 000,044,544 | ---- | M] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 13:51:41 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/27 22:42:21 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/09/13 22:03:14 | 000,094,256 | ---- | M] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg

========== Files Created - No Company Name ==========

[2011/10/10 12:34:13 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 12:09:36 | 000,080,384 | ---- | C] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:32 | 000,648,214 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:43 | 001,539,630 | ---- | C] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/07 10:04:27 | 098,668,152 | ---- | C] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:57 | 000,002,316 | ---- | C] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:03 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/04 11:42:49 | 000,633,966 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/09/30 13:11:02 | 000,000,732 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/09/28 17:57:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/28 17:57:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/28 17:57:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/28 17:57:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/28 17:57:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 22:42:21 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/09/13 22:03:12 | 000,094,256 | ---- | C] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/06/29 13:45:10 | 000,220,539 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/29 13:45:10 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/09/27 23:57:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/17 13:58:40 | 000,157,465 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/02/04 17:54:46 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/01/25 22:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\wklnhst.dat
[2010/01/25 22:05:26 | 000,000,486 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 19:28:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 19:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 19:27:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 12:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2009/07/04 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2009/07/04 14:50:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2009/07/04 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2009/07/04 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2009/07/04 14:50:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2009/07/04 14:50:57 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2009/07/04 14:50:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2009/07/04 14:50:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2009/07/04 14:50:54 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2009/07/04 14:37:12 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/06/29 22:30:26 | 000,044,544 | ---- | C] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 02:07:23 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/06/21 01:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/20 23:44:34 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/07 15:17:04 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/03/07 15:16:30 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/03/07 15:15:28 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/12/09 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\968 Series
[2009/10/26 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Amazon
[2010/02/06 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Digidesign
[2010/03/14 13:09:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Facebook
[2010/02/04 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Sling Media
[2010/02/04 18:36:17 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Structure
[2010/01/25 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Template
[2010/12/03 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Windows Live Writer
[2011/10/10 12:55:38 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\|GAC_32;true;true;true /FP >
[2011/10/11 08:07:05 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\CustomMarshalers
[2008/01/20 23:12:14 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_32\ehexthost32
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\ISymWrapper
[2006/11/02 11:07:25 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Microsoft.Ink
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\mscorlib
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\napcrypt
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\naphlpr
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\PresentationCore
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\System.Data
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\System.Data.OracleClient
[2011/02/05 00:19:47 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_32\System.Data.SQLite
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\System.EnterpriseServices
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\System.Printing
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\System.Transactions
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_32\System.Web
[2011/09/18 10:46:09 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32
[2011/09/18 10:45:51 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers
[2011/09/18 10:45:49 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\ISymWrapper
[2011/09/18 10:46:03 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc
[2011/09/18 10:46:03 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler
[2011/09/18 10:45:50 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib
[2011/09/18 10:46:09 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\PresentationCore
[2011/09/18 10:45:53 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data
[2011/09/18 10:45:50 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
[2011/09/18 10:46:09 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\System.Printing
[2011/09/18 10:46:08 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions

< C:\|GAC_64;true;true;true /FP >
[2011/10/11 08:07:05 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64
[2006/11/02 11:07:25 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\BDATunePIA
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\CustomMarshalers
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\ISymWrapper
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\mcstoredb
[2006/11/02 11:07:25 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\mcupdate
[2006/11/02 11:07:25 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Mcx2Dvcs
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Microsoft.Ink
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\mscorlib
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\napcrypt
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\naphlpr
[2006/11/02 11:07:25 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Ink
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\Policy.1.7.Microsoft.Ink
[2006/11/02 11:07:25 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\PresentationCore
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\System.Data
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\System.Data.OracleClient
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\System.EnterpriseServices
[2006/11/02 11:07:24 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\System.Printing
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\System.Transactions
[2006/11/02 09:33:54 | 000,000,000 | R--D | M] -- C:\Windows\assembly\GAC_64\System.Web
[2011/09/18 10:46:36 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64
[2011/09/18 10:46:17 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers
[2011/09/18 10:46:14 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper
[2011/09/18 10:46:28 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc
[2011/09/18 10:46:29 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler
[2011/09/18 10:46:15 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib
[2011/09/18 10:46:36 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\PresentationCore
[2011/09/18 10:46:18 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data
[2011/09/18 10:46:15 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices
[2011/09/18 10:46:35 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\System.Printing
[2011/09/18 10:46:33 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

#30
maliprog
Posted 11 October 2011 - 11:39 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

I have asked other experts about your case to see easiest solution. I'll come back with answer as soon as possible. Stay toned...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP