Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

possible rootkit in computer

Started by hambergwm , May 08 2013 04:21 PM

  • Please log in to reply

#1
hambergwm
Posted 08 May 2013 - 04:21 PM

hambergwm

    New Member

  • Member
  • Pip
  • 1 posts
hello,back in February my computer would be stuck loading windows...i used my system restore discs hoping that would resolve the issue,sometimes it would be stuck on the loading screen,sometimes it would actually load up,but had overall slow performance.I gave up until a couple days ago and started to try and get it running again.I booted it up and it went to a blank blue screen. i did another system restore and downloaded avast and malware bytes to scan for viruses.both antivirus programs said no threats were found.No problems have come up yet,but I'm not quite convinced it's up to par yet.sorry if my description isn't very informative I'm pretty computer illiterate.all help is appreciated.thank you.

OTL logfile created on: 5/8/2013 1:49:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mike\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.80% Memory free
8.19 Gb Paging File | 6.43 Gb Available in Paging File | 78.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 435.76 Gb Free Space | 93.56% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.40 Gb Free Space | 99.33% Space Free | Partition Type: FAT32

Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/08 13:49:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Downloads\OTL.exe
PRC - [2013/05/08 12:39:08 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/05/01 16:33:29 | 004,858,456 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/01 16:33:29 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/09 23:58:15 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/09/27 16:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 14:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/08/16 17:17:56 | 002,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/08 12:39:08 | 004,284,976 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/04/09 23:58:18 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2007/09/27 16:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
MOD - [2007/08/28 23:14:10 | 000,759,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/01 16:33:29 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 15:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/29 10:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 19:50:58 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/02 08:44:28 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/01 16:34:06 | 001,025,808 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/01 16:34:06 | 000,378,432 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/01 16:34:06 | 000,065,336 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/01 16:34:06 | 000,064,288 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/01 16:34:06 | 000,059,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2013/05/01 16:34:05 | 000,080,816 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/01 16:34:05 | 000,033,400 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2008/06/27 01:02:00 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/06/10 20:13:00 | 000,264,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/04/27 15:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 19:14:40 | 000,062,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/07 19:46:44 | 000,051,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/03/25 16:51:16 | 001,487,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 16:47:06 | 000,294,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 16:45:44 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/01/30 03:46:24 | 000,062,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/17 20:31:30 | 000,320,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/18 15:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/23 17:47:28 | 000,020,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2006/06/18 22:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...s=PTB&M=P-7805u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...s=PTB&M=P-7805u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...s=PTB&M=P-7805u
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...s=PTB&M=P-7805u
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...s=PTB&M=P-7805u
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...s=PTB&M=P-7805u
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {2A611961-E304-4340-BD3A-DD7B4FDCFD9A}
IE - HKCU\..\SearchScopes\{2A611961-E304-4340-BD3A-DD7B4FDCFD9A}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/07 19:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/07 19:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/07 19:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2013/05/07 19:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B6A1B4-5E29-4103-BB55-13C479A15456}: DhcpNameServer = 74.128.17.114 74.128.19.102
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW2_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW2_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ef17bdb4-b784-11e2-9796-001d72f56fa9}\Shell\AutoRun\command - "" = E:\RunClubSanDisk.exe -- [2011/07/19 10:24:34 | 000,110,592 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/08 12:39:49 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\League of Legends
[2013/05/08 12:39:15 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\PMB Files
[2013/05/08 12:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/05/08 12:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/05/08 12:38:52 | 000,000,000 | ---D | C] -- C:\Users\mike\.swt
[2013/05/08 11:41:20 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes
[2013/05/08 11:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/08 11:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/08 11:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/07 22:02:46 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Google
[2013/05/07 22:02:46 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Google
[2013/05/07 21:46:52 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Symantec
[2013/05/07 21:46:32 | 000,000,000 | R--D | C] -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/07 21:46:32 | 000,000,000 | R--D | C] -- C:\Users\mike\Searches
[2013/05/07 21:46:32 | 000,000,000 | R--D | C] -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/07 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Identities
[2013/05/07 21:46:16 | 000,000,000 | R--D | C] -- C:\Users\mike\Contacts
[2013/05/07 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\VirtualStore
[2013/05/07 21:45:46 | 000,000,000 | ---D | C] -- C:\Windows\options
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\AppData\Local\Temporary Internet Files
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Templates
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Start Menu
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\SendTo
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Recent
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\PrintHood
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\NetHood
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Documents\My Videos
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Documents\My Pictures
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Documents\My Music
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\My Documents
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Local Settings
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\AppData\Local\History
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Cookies
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\Application Data
[2013/05/07 21:45:31 | 000,000,000 | -HSD | C] -- C:\Users\mike\AppData\Local\Application Data
[2013/05/07 21:45:30 | 000,000,000 | --SD | C] -- C:\Users\mike\AppData\Roaming\Microsoft
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Videos
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Saved Games
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Pictures
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Music
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Links
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Favorites
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Downloads
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Documents
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\Desktop
[2013/05/07 21:45:30 | 000,000,000 | R--D | C] -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/07 21:45:30 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData
[2013/05/07 21:45:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Temp
[2013/05/07 21:45:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Microsoft
[2013/05/07 21:45:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Media Center Programs
[2013/05/07 21:45:30 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
[2013/05/07 21:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2013/05/07 21:30:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/07 21:22:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/05/07 20:40:53 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/05/07 19:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/07 19:33:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/07 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/07 19:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/07 19:21:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Mozilla
[2013/05/07 19:21:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Mozilla
[2013/05/07 19:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/07 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/07 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/07 19:02:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/05/07 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\MFAData
[2013/05/07 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/05/07 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Avg2013
[2013/05/07 19:01:53 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Adobe

========== Files - Modified Within 30 Days ==========

[2013/05/08 13:14:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 13:14:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 12:30:35 | 000,692,496 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/08 12:30:35 | 000,594,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/08 12:30:35 | 000,100,972 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/08 11:41:04 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/07 22:02:25 | 000,000,975 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/07 21:49:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Gateway_P-7805u_N-A_INVALID.MRK
[2013/05/07 21:49:38 | 000,001,527 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/05/07 21:40:00 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/05/07 21:27:32 | 000,295,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/07 20:17:15 | 000,000,732 | ---- | M] () -- C:\Users\mike\AppData\Local\d3d9caps64.dat
[2013/05/07 19:35:10 | 000,000,680 | ---- | M] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2013/05/07 19:34:29 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/07 19:34:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/07 19:30:26 | 116,651,696 | ---- | M] () -- C:\Users\mike\Desktop\avast_free_antivirus_setup.exe
[2013/05/07 19:21:10 | 000,000,914 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/07 19:21:10 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/07 19:14:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/07 19:14:18 | 4289,601,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/02 08:44:28 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/01 16:34:06 | 001,025,808 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/01 16:34:06 | 000,378,432 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/01 16:34:06 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/01 16:34:06 | 000,064,288 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/01 16:34:06 | 000,059,144 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/05/01 16:34:05 | 000,080,816 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/01 16:34:05 | 000,033,400 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/01 16:33:35 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/01 16:33:11 | 000,287,840 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/05/08 11:41:04 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/08 11:41:01 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/07 22:02:25 | 000,000,975 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/07 21:49:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Gateway_P-7805u_N-A_INVALID.MRK
[2013/05/07 21:46:41 | 000,000,951 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/07 21:46:34 | 000,000,981 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/07 21:46:32 | 000,000,976 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/05/07 21:46:16 | 000,000,917 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013/05/07 21:45:51 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\BAE.dll
[2013/05/07 21:45:45 | 4289,601,536 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/07 21:45:34 | 000,000,732 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps64.dat
[2013/05/07 21:45:30 | 000,000,258 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/07 21:45:30 | 000,000,240 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/07 19:34:32 | 000,000,680 | ---- | C] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2013/05/07 19:34:29 | 000,378,432 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/07 19:34:29 | 000,033,400 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/07 19:34:29 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/07 19:34:28 | 001,025,808 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/07 19:34:28 | 000,064,288 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/07 19:34:28 | 000,059,144 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/05/07 19:34:27 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/07 19:34:24 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/07 19:34:23 | 000,287,840 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2013/05/07 19:34:23 | 000,080,816 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/07 19:34:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/07 19:23:55 | 116,651,696 | ---- | C] () -- C:\Users\mike\Desktop\avast_free_antivirus_setup.exe
[2013/05/07 19:21:10 | 000,000,914 | ---- | C] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/07 19:21:10 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/07 19:21:10 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2008/01/20 19:50:30 | 012,895,744 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/01/20 19:51:15 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2008/01/20 19:48:44 | 000,890,368 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/20 19:49:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP