Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Malicious URL Blocked popup from Avast


  • This topic is locked This topic is locked
14 replies to this topic

#1 mrebean

mrebean

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 10 August 2011 - 06:17 PM

Greetings :)

I have had a problem with a popup constantly being displayed by the most current version of Avast Free Antivirus.

It will give a long URL and also a file name which is usually cliconfg.exe or mtstocom.exe being the root cause. I have run my usual programs (avast, spybot s&d and malwarebytes), but they are not detecting anything. Below is my dds log for analysis. Help would be greatly appreciated. Many thanks in advance :))

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by jR at 19:00:28 on 2011-08-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5952 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AirPrint\Airprint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Users\jR\AppData\Roaming\cliconfg.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\aol\1258216102\ee\aolsoftware.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\VIA\RAID\vialogsv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
uRun: [SQL Client Configuration Utility EXE] C:\Users\jR\AppData\Roaming\cliconfg.exe
uRun: [COM+] C:\Users\jR\AppData\Roaming\mtstocom.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [<NO NAME>]
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1258216102\ee\AOLSoftware.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112
TCP: Interfaces\{A575E98B-9AFB-4E75-A218-7BD9F7FA3235} : DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [(Default)]
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1258216102\ee\AOLSoftware.exe
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jR\AppData\Roaming\Mozilla\Firefox\Profiles\z94h6nph.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\jR\AppData\Roaming\Mozilla\Firefox\Profiles\z94h6nph.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\jR\AppData\Roaming\Mozilla\Firefox\Profiles\z94h6nph.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\jR\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\jR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\jR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 viamrx64;viamrx64;C:\Windows\system32\DRIVERS\viamrx64.sys --> C:\Windows\system32\DRIVERS\viamrx64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\Airprint.exe -s --> C:\Program Files (x86)\AirPrint\Airprint.exe -s [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-7-23 42184]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-7-7 424264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-3-7 341832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-9 2002728]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-8-27 1403200]
R2 VRAID Log Service;VRAID Log Service;C:\Program Files (x86)\VIA\RAID\vialogsv.exe [2010-6-11 52888]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 JakNDisMP;JakNDisMP;C:\Windows\system32\DRIVERS\JakNDis.sys --> C:\Windows\system32\DRIVERS\JakNDis.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856]
R3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;C:\Windows\system32\DRIVERS\xcbdaVx64.sys --> C:\Windows\system32\DRIVERS\xcbdaVx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" --> C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [?]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-23 2214504]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-24 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-24 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 JakNDis;Jaksta Service;C:\Windows\system32\DRIVERS\JakNDis.sys --> C:\Windows\system32\DRIVERS\JakNDis.sys [?]
S3 leafnets;Leaf Networks Adapter;C:\Windows\system32\DRIVERS\leafnets.sys --> C:\Windows\system32\DRIVERS\leafnets.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-10-3 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-10-3 1145816]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-08-09 12:19:14 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9274FB4-C54B-4A19-9974-900E580E0D1A}\mpengine.dll
2011-08-03 13:51:21 388096 ----a-r- C:\Users\jR\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 05:28:58 -------- d-----w- C:\Users\jR\AppData\Local\{BBE5DF65-1B04-4406-A605-DCB90183605D}
2011-07-26 20:30:52 -------- d-----w- C:\Users\jR\AppData\Local\{FE34D4B1-67D1-4F3B-B6B4-170E75A1E717}
2011-07-26 07:00:07 -------- d-----w- C:\Users\jR\AppData\Roaming\Millennia
2011-07-26 06:39:03 -------- d-----w- C:\Program Files (x86)\Family Tree Maker 2011
2011-07-26 06:39:03 -------- d-----w- C:\Program Files (x86)\BCL Technologies
2011-07-26 05:58:49 -------- d-----w- C:\Users\jR\AppData\Local\Ancestry.com
2011-07-26 05:54:03 -------- d-----w- C:\IExp1.tmp
2011-07-26 05:54:01 -------- d-----w- C:\Windows\RegisteredPackages
2011-07-26 05:54:01 -------- d-----w- C:\IExp0.tmp
2011-07-26 05:54:00 -------- d--h--w- C:\Windows\msdownld.tmp
2011-07-26 05:53:59 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2011-07-26 05:53:53 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-07-26 05:17:55 -------- d-----w- C:\Users\jR\AppData\Local\{8492BE3E-CED8-4EE8-B02F-F40A354C4FD5}
2011-07-23 15:12:41 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-19 00:14:27 -------- d-----w- C:\Users\jR\AppData\Roaming\SUPERAntiSpyware.com
2011-07-19 00:14:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-19 00:14:07 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-19 00:14:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-12 22:29:48 -------- d-----w- C:\Program Files (x86)\NCH Software
2011-07-12 22:26:46 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
.
==================== Find3M ====================
.
2011-08-06 05:31:07 1696 ----a-w- C:\Windows\SysWow64\tmp.reg
2011-07-27 14:25:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 06:17:28 59839 --sh--w- C:\Windows\dtmn.exe
2011-06-22 17:46:51 251392 ----a-w- C:\Windows\SysWow64\Adobee.exe
2011-06-13 21:25:15 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-06-02 18:45:36 256548865 --sh--r- C:\Users\jR\AppData\Roaming\ntkrnlpa.exe
2011-06-02 18:45:36 256548865 --sh--r- C:\Users\jR\AppData\Roaming\mtstocom.exe
2011-06-02 18:45:36 256548865 --sh--r- C:\Users\jR\AppData\Roaming\cliconfg.exe
2011-06-02 18:45:36 256548865 --sh--r- C:\Users\jR\AppData\Roaming\chglogon.exe
2011-06-02 18:45:36 256548865 --sh--r- C:\Users\jR\AppData\Roaming\auditpol.exe
2011-05-30 21:44:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-30 21:44:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-25 06:09:16 1016936 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 19:06:03.65 ===============

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 15 August 2011 - 09:40 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log
  • The Attach.txt log from DDS

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 mrebean

mrebean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 August 2011 - 02:49 AM

Thank you for the reply. Here is the aswMBR.exe log as you requested:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-18 12:35:56
-----------------------------
12:35:56.933 OS Version: Windows x64 6.1.7601 Service Pack 1
12:35:56.933 Number of processors: 4 586 0x1707
12:35:56.934 ComputerName: HOME-PC UserName: jR
12:36:32.237 Initialize success
12:36:32.425 AVAST engine defs: 11081800
12:36:50.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:36:50.650 Disk 0 Vendor: ST315003 CC1H Size: 1430799MB BusType: 8
12:36:50.665 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:36:50.665 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
12:36:50.665 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
12:36:50.665 Disk 2 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 8
12:36:50.775 Disk 0 MBR read successfully
12:36:50.775 Disk 0 MBR scan
12:36:50.790 Disk 0 Windows 7 default MBR code
12:36:50.853 Service scanning
12:36:55.033 Modules scanning
12:36:55.033 Disk 0 trace - called modules:
12:36:55.080 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys iaStorV.sys hal.dll
12:36:55.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800899a060]
12:36:55.080 3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> [0xfffffa80087eccf0]
12:36:55.096 5 PCTCore64.sys[fffff880012f18e4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80082e8050]
12:37:20.431 AVAST engine scan C:\Windows
12:45:42.576 AVAST engine scan C:\Windows\system32
13:05:18.818 AVAST engine scan C:\Windows\system32\drivers
13:14:23.462 AVAST engine scan C:\Users\jR
22:51:26.553 AVAST engine scan C:\ProgramData
23:31:09.067 Scan finished successfully
03:46:52.911 Disk 0 MBR has been saved successfully to "C:\Users\jR\Desktop\MBR.dat"
03:46:52.911 The log file has been saved successfully to "C:\Users\jR\Desktop\aswMBR.txt"


the attach.txt was included in my original post

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 19 August 2011 - 07:48 PM

mrebean:

DDS creates two logs, DDS.txt (which you posted) and Attach.txt (which is the one I still need to see). Run DDS again if you need to and post the Attach.txt log for me, please. Also do this:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.

Please include the following in your next post:
  • The Attach.txt log from DDS
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 mrebean

mrebean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 20 August 2011 - 12:28 AM

Here are new logs you requested:

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/14/2009 3:03:04 AM
System Uptime: 8/19/2011 12:53:17 PM (12 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Burbank
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | CPU 1 | 2834/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1388 GiB total, 118.727 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.239 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 25.181 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 10.43 GiB free.
J: is Removable
K: is Removable
L: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP538: 8/16/2011 8:13:44 PM - Installed Rockstar Games Social Club
RP539: 8/16/2011 8:16:07 PM - Installed Grand Theft Auto IV
RP540: 8/19/2011 1:24:14 PM - Windows Update
.
==== Installed Programs ======================
.
.
µTorrent
abgx360 v1.0.5
Acrobat.com
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Reader 9.3
AdobeColorCommonSetRGB
Air Video Server 2.4.2
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ASIO4ALL
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
BSR Screen Recorder 4
Business Plan Pro 15th Anniversary Edition
calibre
Call of Duty Modern Warfare 2
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.1
Canon MX860 series User Registration
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Digital Photo Professional 3.8
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities Solution Menu
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Creative 3DMIDI Player
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Crysis® 2
D3DX10
DivX Setup
DivX Tech Preview: MKV on Windows 7
Dolby Digital Live Pack
DTS Connect Pack
erLT
ERUNT 1.1j
FastStone Capture 6.7
Folding@home-gpu
foobar2000 v1.1.4
GhostbustersSOS
GOM Player
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
Handbrake 0.9.4
Helium Music Manager 7 (build 8475)
High-Definition Video Playback 10
HiJackThis
HijackThis 2.0.2
ImgBurn
ImTOO iPod Computer Transfer
iPrep v10.1
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 26
JDownloader
Junk Mail filter update
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Lara Croft and the Guardian of Light
Legacy 7.4
Legacy Charting 7.4
LightScribe System Software
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.1.1800
Mavis Beacon Teaches Typing Platinum 20
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 6.0 (x86 en-US)
Mp3tag v2.45
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyMenu 1.2
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NewsLeecher v4.0 Final
NirSoft WebVideoCap
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ooVoo
OpenAL
Orb
Orb Runtime libraries
PC Tools Registry Tool
PDF Settings CS5
Phoenix Viewer 1.5.2.818
PhysX Screen Saver
Platform
Portal 2
PowerISO
PunkBuster Services
PxMergeModule
QuickBooks
QuickBooks Premier: Contractor Edition 2009
Quicken Legal Business Pro 2011
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
ResumeMaker Ultimate
Rockstar Games Social Club
SABnzbd (remove only)
Safari
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 4.1
Snagit 10
SolSuite 2010 v10.2
SoundFont Bank Manager
Splashtop Remote
Spybot - Search & Destroy
Spyware Doctor 8.0
Steam
SupportSoft Assisted Service
Switch Sound File Converter
System Requirements Lab
Tansee iPhone Transfer SMS v1.0.0.0
TeamViewer 5
The Typing of The Dead
The Witcher 2
TuneUp Utilities
TuneUp Utilities Language Pack (en-GB)
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
TypingMaster Pro
UltraVNC 1.0.6.5
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VIA Platform Device Manager
Viewpoint Media Player
Virtual DJ Pro Full - Atomix Productions
VLC media player 1.1.11
WavePad Sound Editor
WBFS Manager 3.0
Win7codecs
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinSCP 4.1.9
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/19/2011 11:39:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vsmraid
8/19/2011 11:39:14 AM, Error: Service Control Manager [7000] - The LMIGuardianSvc service failed to start due to the following error: The system cannot find the file specified.
8/18/2011 5:33:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/17/2011 10:58:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/17/2011 10:51:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8800130f36d, 0xfffff8800372ca88, 0xfffff8800372c2e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081711-30919-01.
8/16/2011 6:43:23 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/16/2011 5:31:09 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
8/16/2011 5:29:39 PM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
8/16/2011 3:31:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
.
==== End Of File ===========================



Combofix log:

ComboFix 11-08-19.02 - jR 08/20/2011 0:44.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5624 [GMT -4:00]
Running from: c:\users\jR\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jR\AppData\Roaming\auditpol.exe
c:\users\jR\AppData\Roaming\chglogon.exe
c:\users\jR\AppData\Roaming\chrtmp
c:\users\jR\AppData\Roaming\cliconfg.exe
c:\users\jR\AppData\Roaming\jRlog.dat
c:\users\jR\AppData\Roaming\mtstocom.exe
c:\users\jR\AppData\Roaming\ntkrnlpa.exe
c:\users\jR\AppData\Roaming\SQLite3.dll
c:\users\jR\AppData\Roaming\WinDefence
c:\users\jR\FW_WRT610N_2.00.00.05_20090710_code.bin
c:\users\jR\ia_remove.sh1376.tmp
c:\users\jR\ia_remove.sh7993.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Adobee.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
c:\windows\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-19 17:24 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74D97C86-6A72-4985-A01A-AD317538EABD}\mpengine.dll
2011-08-17 00:53 . 2011-08-17 00:55 -------- d-----w- c:\users\jR\AppData\Local\Rockstar Games
2011-08-17 00:40 . 2011-08-17 00:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-17 00:38 . 2011-08-17 00:38 -------- d-----w- c:\windows\SysWow64\xlive
2011-08-17 00:38 . 2011-08-17 00:38 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-08-17 00:13 . 2011-08-17 00:16 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-08-11 07:02 . 2011-08-11 07:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-08-03 13:51 . 2011-08-03 13:51 388096 ----a-r- c:\users\jR\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-26 07:00 . 2011-07-26 07:00 -------- d-----w- c:\users\jR\AppData\Roaming\Millennia
2011-07-26 05:58 . 2011-07-26 05:58 -------- d-----w- c:\users\jR\AppData\Local\Ancestry.com
2011-07-26 05:54 . 2011-07-26 05:54 -------- d-----w- C:\IExp1.tmp
2011-07-26 05:54 . 2011-07-26 05:54 -------- d-----w- C:\IExp0.tmp
2011-07-26 05:54 . 2011-07-26 06:39 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-26 05:53 . 2011-07-26 05:53 -------- d-----w- c:\program files (x86)\Windows Media Components
2011-07-26 05:53 . 2011-07-26 05:53 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-07-23 15:12 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-23 15:12 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-21 22:22 . 2011-07-21 22:23 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 01:58 . 2010-01-29 02:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-20 01:58 . 2009-11-20 00:06 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-20 01:57 . 2010-06-03 00:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-08-18 03:42 . 2009-11-20 00:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-18 03:42 . 2010-05-19 00:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-18 03:41 . 2010-05-19 00:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-15 16:54 . 2011-05-15 01:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-10 19:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 23:52 . 2010-10-03 21:16 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-10-03 21:16 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-11-30 15:24 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-01-04 22:28 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:36 . 2010-01-04 22:29 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-01-04 22:29 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-01-04 22:29 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-01-04 22:29 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-01-04 22:29 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-03 06:17 . 2011-07-03 06:17 59839 --sh--w- c:\windows\dtmn.exe
2011-06-13 21:25 . 2011-06-13 21:25 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2011-06-11 03:07 . 2011-07-12 22:42 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-30 21:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-30 21:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-30 21:35 . 2011-05-30 21:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-30 21:35 . 2011-05-30 21:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-30 21:35 . 2011-05-30 21:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-30 21:35 . 2011-05-30 21:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-30 21:35 . 2011-05-30 21:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-30 21:35 . 2011-05-30 21:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-30 21:35 . 2011-05-30 21:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-30 21:35 . 2011-05-30 21:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-30 21:35 . 2011-05-30 21:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-30 21:35 . 2011-05-30 21:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-30 21:35 . 2011-05-30 21:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-30 21:35 . 2011-05-30 21:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-30 21:35 . 2011-05-30 21:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-30 21:35 . 2011-05-30 21:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-30 21:35 . 2011-05-30 21:35 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-30 21:35 . 2011-05-30 21:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-30 21:35 . 2011-05-30 21:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-30 21:35 . 2011-05-30 21:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-30 21:35 . 2011-05-30 21:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-30 21:35 . 2011-05-30 21:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-30 21:35 . 2011-05-30 21:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-30 21:35 . 2011-05-30 21:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-30 21:35 . 2011-05-30 21:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-30 21:35 . 2011-05-30 21:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-30 21:35 . 2011-05-30 21:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-30 21:35 . 2011-05-30 21:35 448512 ----a-w- c:\windows\system32\html.iec
2011-05-30 21:35 . 2011-05-30 21:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-30 21:35 . 2011-05-30 21:35 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-30 21:35 . 2011-05-30 21:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-30 21:35 . 2011-05-30 21:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-30 21:35 . 2011-05-30 21:35 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-30 21:35 . 2011-05-30 21:35 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-30 21:35 . 2011-05-30 21:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-30 21:35 . 2011-05-30 21:35 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-30 21:35 . 2011-05-30 21:35 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-30 21:35 . 2011-05-30 21:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-25 06:09 . 2011-04-08 03:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-04-08 03:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-08 03:19 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2009-09-27 23:22 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-02 06:30 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 06:30 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 06:09 . 2011-04-08 03:19 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-25 06:09 . 2011-04-08 03:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2010-10-25 06:46 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 06:09 . 2011-06-02 06:30 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 06:09 . 2011-06-02 06:30 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 06:09 . 2011-02-17 08:38 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 06:09 . 2011-06-02 06:30 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-02 06:30 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 06:09 . 2011-06-02 06:30 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2011-06-02 06:30 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 06:09 . 2011-06-02 06:30 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 06:09 . 2011-06-02 06:30 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2011-06-02 06:30 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2011-06-02 06:30 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-02 06:30 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 06:09 . 2011-06-02 06:30 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-02 06:30 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-02 06:30 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-02 06:30 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-25 06:09 . 2011-02-17 08:38 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2010-10-25 06:46 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-24 23:14 . 2009-11-14 08:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 03:45 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:45 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:45 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:45 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:45 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-14 4922760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"HostManager"="c:\program files (x86)\Common Files\AOL\1258216102\ee\AOLSoftware.exe" [2010-03-08 41800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-14 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"CTxfiHlp"=CTXFIHLP.EXE
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R2 VRAID Log Service;VRAID Log Service;c:\program files (x86)\VIA\RAID\vialogsv.exe [2008-09-24 52888]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-24 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [x]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PORTIO64;PORTIO64;c:\users\jR\Desktop\360.flash_112810\Jungle-Flasher-V0.1.76-beta-166-\JungleFlasher v0.1.76 Beta (166)\portio64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AirPrint;AirPrint;c:\program files (x86)\AirPrint\Airprint.exe [2011-04-20 234784]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-07-07 424264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-03-08 341832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-27 1403200]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaVx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\At5.job
- c:\windows\dtmn.exe [2011-07-03 06:17]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 22:22]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 22:22]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281375695-2186419646-4241709522-1001Core.job
- c:\users\jR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-17 19:21]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281375695-2186419646-4241709522-1001UA.job
- c:\users\jR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-17 19:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\jR\AppData\Roaming\Mozilla\Firefox\Profiles\z94h6nph.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SQL Client Configuration Utility EXE - c:\users\jR\AppData\Roaming\cliconfg.exe
Wow6432Node-HKCU-Run-COM+ - c:\users\jR\AppData\Roaming\mtstocom.exe
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,16,85,ff,c7,b6,36,46,97,8d,7d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,16,85,ff,c7,b6,36,46,97,8d,7d,\
.
[HKEY_USERS\S-1-5-21-281375695-2186419646-4241709522-1001\Software\SecuROM\License information*]
"datasecu"=hex:97,cc,7c,c8,48,78,2b,18,d3,46,48,c7,cd,68,cb,05,3d,29,4d,49,2f,
81,d5,fc,26,84,79,6e,4b,ff,1f,2d,a3,80,d8,cc,45,98,a9,3e,e4,94,9a,d5,64,d5,\
"rkeysecu"=hex:0d,aa,ad,03,12,22,e8,a4,72,75,d7,5e,f7,10,c4,9c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e5,36,a1,13,f6,d1,2d,78,d4,40,a2,f8,6e,3f,a8,f4,aa,31,3e,d8,ed,
56,09,5c,82,37,64,29,90,32,5c,ef,4e,98,0d,08,0d,3c,d5,5d,1c,a7,71,d9,60,f1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e5,36,a1,13,f6,d1,2d,78,d4,40,a2,f8,6e,3f,a8,f4,aa,31,3e,d8,ed,
56,09,5c,82,37,64,29,90,32,5c,ef,4e,98,0d,08,0d,3c,d5,5d,1c,a7,71,d9,60,f1,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-20 01:02:52
ComboFix-quarantined-files.txt 2011-08-20 05:02
.
Pre-Run: 129,173,454,848 bytes free
Post-Run: 128,823,250,944 bytes free
.
- - End Of File - - B1875FA771B70FB455B204C980A8637C

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 20 August 2011 - 10:06 AM

mrebean:

Posted Image Go to the Control Panel
  • In the search bar enter Show hidden
  • In the main window click on Folder Options > Show hidden files and folders
  • Change the setting under Hidden files and folders to Show hidden files, folders, or drives
  • Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan the following files:
virscan.org
Virus Total

Click on Browse, and upload the following file for analysis:
c:\windows\dtmn.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Please include the following in your next post:
  • File analysis results

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 mrebean

mrebean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 20 August 2011 - 01:01 PM

1st attempt said already scanned:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: ec823afdd6ed4b222f5e59283874193e
Date first seen: 2011-08-13 14:50:15 (UTC)
Date last seen: 2011-08-13 14:50:15 (UTC)
Detection ratio: 4/43

What do you wish to do?



2nd attempt:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: dtmn.exe

Submission date:
2011-08-20 17:49:09 (UTC)

Current status: finished

Result:
4/ 44 (9.1%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.20.01 2011.08.20 Trojan/Win32.FakeAV
AntiVir 7.11.13.154 2011.08.19 -
Antiy-AVL 2.0.3.7 2011.08.20 -
Avast 4.8.1351.0 2011.08.20 -
Avast5 5.0.677.0 2011.08.20 -
AVG 10.0.0.1190 2011.08.20 -
BitDefender 7.2 2011.08.20 -
ByteHero 1.0.0.1 2011.08.20 -
CAT-QuickHeal 11.00 2011.08.20 -
ClamAV 0.97.0.0 2011.08.20 -
Commtouch 5.3.2.6 2011.08.20 -
Comodo 9807 2011.08.20 -
DrWeb 5.0.2.03300 2011.08.20 -
Emsisoft 5.1.0.10 2011.08.20 -
eSafe 7.0.17.0 2011.08.18 Win32.Artemis
eTrust-Vet 36.1.8511 2011.08.19 -
F-Prot 4.6.2.117 2011.08.20 -
F-Secure 9.0.16440.0 2011.08.20 -
Fortinet 4.2.257.0 2011.08.20 -
GData 22 2011.08.20 -
Ikarus T3.1.1.107.0 2011.08.20 -
Jiangmin 13.0.900 2011.08.20 -
K7AntiVirus 9.110.5037 2011.08.20 -
Kaspersky 9.0.0.837 2011.08.20 -
McAfee 5.400.0.1158 2011.08.20 -
McAfee-GW-Edition 2010.1D 2011.08.20 -
Microsoft 1.7604 2011.08.20 -
NOD32 6396 2011.08.20 -
Norman 6.07.10 2011.08.20 -
nProtect 2011-08-20.01 2011.08.20 -
Panda 10.0.3.5 2011.08.20 -
PCTools 8.0.0.5 2011.08.20 -
Prevx 3.0 2011.08.20 -
Rising 23.71.03.03 2011.08.18 -
Sophos 4.68.0 2011.08.20 -
SUPERAntiSpyware 4.40.0.1006 2011.08.20 -
Symantec 20111.2.0.82 2011.08.20 WS.Reputation.1
TheHacker 6.7.0.1.282 2011.08.20 -
TrendMicro 9.500.0.1008 2011.08.17 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.20 -
VBA32 3.12.16.4 2011.08.19 suspected of Trojan.Downloader.gen.h
VIPRE 10222 2011.08.20 -
ViRobot 2011.8.20.4631 2011.08.20 -
VirusBuster 14.0.178.2 2011.08.20 -
Additional information
MD5 : ec823afdd6ed4b222f5e59283874193e
SHA1 : 76a1b006e2db9c510764306390cb0e862bc22a9d
SHA256: 456a240425cec4d13f2109c90c1f87fb59ff65ce43d0d1581916cbce6364c3e9

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 20 August 2011 - 08:37 PM

mrebean:

How is your computer running now? Please do this next:

Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 mrebean

mrebean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 August 2011 - 12:34 PM

results of eset:

C:\Program Files (x86)\The Witcher 2\bin\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Qoobox\Quarantine\C\Users\jR\AppData\Roaming\auditpol.exe.vir probably a variant of Win32/Injector.HVO trojan
C:\Qoobox\Quarantine\C\Users\jR\AppData\Roaming\chglogon.exe.vir probably a variant of Win32/Injector.HVO trojan
C:\Qoobox\Quarantine\C\Users\jR\AppData\Roaming\cliconfg.exe.vir probably a variant of Win32/Injector.HVO trojan
C:\Qoobox\Quarantine\C\Users\jR\AppData\Roaming\mtstocom.exe.vir probably a variant of Win32/Injector.HVO trojan
C:\Qoobox\Quarantine\C\Users\jR\AppData\Roaming\ntkrnlpa.exe.vir probably a variant of Win32/Injector.HVO trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Adobee.exe.vir a variant of Win32/Injector.HEO trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir Win32/PrcView application
C:\Users\jR\Documents\wii.stuff\SDUSB-Loader_v1.5\Wii usb loader\WBFS GUI\wbfs_inteligent_gui_v5.exe Win32/Packed.Autoit.E.Gen application
C:\Users\jR\Downloads\SmitfraudFix.exe multiple threats
C:\Users\jR\Downloads\MUSIC\best.of.dance.now.2010\VA-The_Very_Best_Of_Now_Dance_2010-3CD-2010-BPM.rar probably a variant of Win32/Agent.HDSUTAX trojan
C:\Users\jR\Downloads\MUSIC\va_best.of.trance.100.2010\VA-Best_Of_Trance_100_2010-4CD-2010-SSR.1.rar probably a variant of MSIL/Injector.CF trojan
C:\Users\jR\Downloads\MUSIC\va_best.of.trance.100.2010\VA-Best_Of_Trance_100_2010-4CD-2010-SSR.2.rar probably a variant of Win32/Agent.GXCJUGF trojan
C:\Users\jR\Downloads\MUSIC\va_best.of.trance.100.2010\VA-Best_Of_Trance_100_2010-4CD-2010-SSR.rar a variant of Win32/Injector.DQS trojan
C:\Users\jR\Downloads\MUSIC\wmc2011\CSI Miami S09E17 HDTV XviD-LOL [eztv].rar a variant of Win32/Injector.FJS trojan
C:\Users\jR\Downloads\SmitfraudFix\Process.exe Win32/PrcView application
C:\Users\jR\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Users\jR\Downloads\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\Users\jR\Downloads\SOFTWARE\FalconFour's Ultimate Boot CD v2.0\Falcon4_UBCD.iso multiple threats
C:\Users\jR\Downloads\SOFTWARE\Family Tree Maker 2011\Family Tree Maker 2011.msi a variant of Win32/HiddenStart.A application
C:\Users\jR\Downloads\SOFTWARE\Hiren's BootCD 13.2\Hirens.BootCD.13.2.iso Win32/PSWTool.KonBoot.A application
C:\Users\jR\Downloads\SOFTWARE\turbotax.home.and.business.2009\Intuit TurboTax Home and Business 2009 Lz0\Intuit TurboTax Home and Business 2009 Lz0\lz03p901\lz03p901.iso multiple threats
C:\Users\jR\Downloads\VIDEO.GAMES\Wii\wbfs_inteligent_gui_v6\wbfs_inteligent_gui_v6.exe Win32/Packed.Autoit.E.Gen application
C:\Users\jR\VIDEO.GAME\xbox.360\DosFlash_V1.8_se7ensins.com\JungleFlasher v0.1.66 Beta\PortIO32_Installer_v5\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
C:\Users\jR\VIDEO.GAME\xbox.360\JungleFlasher\_old\JungleFlasher.0.1.66.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\C_Backup\copy.sd.card\autorun.inf Win32/AutoRun.Delf.CJ worm
F:\Passport\e\Moms\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
F:\Passport\e\Moms\Documents and Settings\Barb\Shared\WinRar 4.1 Pro (with CRACK).zip multiple threats
G:\Misc Programs\Hirens Boot CD 8.3\Hiren's.BootCD.8.3.iso probably a variant of Win32/TrojanDownloader.Agent.IPMCVMF trojan
G:\Misc Programs\payroll07\PenSoft.Payroll.Plus.2007.v3.07.0033-ARN.part01.rar probably a variant of Win32/Agent.GMKRORD trojan
G:\Video Game Stuff\xbox_stuff\Halo.2.Dvd5.Kit.Readnfo.Xbox-IND.The_Snip3r.rar probably a variant of Win32/Agent.NMDAZIM trojan
G:\Video Game Stuff\xbox_stuff\halo2_dvd5\Halo2DVD5-GGS.rar probably a variant of Win32/Agent.NMDAZIM trojan

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 21 August 2011 - 09:06 PM

mrebean:

Posted ImageYour logs indicate that you are using cracks and/or keygens. We don't support software piracy on this forum so, while I’ll deal with your current problem, any further help will be based on you not being seen to involve yourself with such practices in the future. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. If you install the cracked software, you are running executable files from dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\Program Files (x86)\The Witcher 2\bin\paul.dll
C:\Users\jR\Downloads\SmitfraudFix.exe
C:\Users\jR\Downloads\MUSIC\best.of.dance.now.2010\VA-The_Very_Best_Of_Now_Dance_2010-3CD-2010-BPM.rar
C:\Users\jR\Downloads\MUSIC\va_best.of.trance.100.2010\VA-Best_Of_Trance_100_2010-4CD-2010-SSR.1.rar
C:\Users\jR\Downloads\MUSIC\va_best.of.trance.100.2010\VA-Best_Of_Trance_100_2010-4CD-2010-SSR.2.rar
C:\Users\jR\Downloads\MUSIC\va_best.of.trance.100.2010\VA-Best_Of_Trance_100_2010-4CD-2010-SSR.rar
C:\Users\jR\Downloads\MUSIC\wmc2011\CSI Miami S09E17 HDTV XviD-LOL [eztv].rar
C:\Users\jR\Downloads\SmitfraudFix\Process.exe
C:\Users\jR\Downloads\SmitfraudFix\restart.exe
C:\Users\jR\Downloads\SmitfraudFix\SmitfraudFix.zip
C:\Users\jR\Downloads\SOFTWARE\FalconFour's Ultimate Boot CD v2.0\Falcon4_UBCD.iso
C:\Users\jR\Downloads\SOFTWARE\Family Tree Maker 2011\Family Tree Maker 2011.msi
C:\Users\jR\Downloads\SOFTWARE\Hiren's BootCD 13.2\Hirens.BootCD.13.2.iso
C:\Users\jR\Downloads\SOFTWARE\turbotax.home.and.business.2009\Intuit TurboTax Home and Business 2009 Lz0\Intuit TurboTax Home and Business 2009 Lz0\lz03p901\lz03p901.iso
C:\Users\jR\Downloads\VIDEO.GAMES\Wii\wbfs_inteligent_gui_v6\wbfs_inteligent_gui_v6.exe
C:\Users\jR\VIDEO.GAME\xbox.360\DosFlash_V1.8_se7ensins.com\JungleFlasher v0.1.66 Beta\PortIO32_Installer_v5\PortIO32.exe
C:\Users\jR\VIDEO.GAME\xbox.360\JungleFlasher\_old\JungleFlasher.0.1.66.Beta.rar
F:\C_Backup\copy.sd.card\autorun.inf
F:\Passport\e\Moms\Documents and Settings\Barb\Shared\WinRar 4.1 Pro (with CRACK).zip
G:\Misc Programs\Hirens Boot CD 8.3\Hiren's.BootCD.8.3.iso
G:\Misc Programs\payroll07\PenSoft.Payroll.Plus.2007.v3.07.0033-ARN.part01.rar
G:\Video Game Stuff\xbox_stuff\Halo.2.Dvd5.Kit.Readnfo.Xbox-IND.The_Snip3r.rar
G:\Video Game Stuff\xbox_stuff\halo2_dvd5\Halo2DVD5-GGS.rar

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • How is the computer running?
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 mrebean

mrebean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 22 August 2011 - 02:13 AM

Status: Pop up malicious url warning seems to have ceased as of now


Here is the updated ComboFix log:


ComboFix 11-08-19.02 - jR 08/22/2011 1:18.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.3455 [GMT -4:00]
Running from: c:\users\jR\Desktop\ComboFix.exe
Command switches used :: c:\users\jR\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jR\AppData\Local\Temp\rdDB48.tmp\____mmfp.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 05:30 . 2011-08-22 05:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-22 05:30 . 2011-08-22 05:30 -------- d-----w- c:\users\Mcx1-HOME-PC\AppData\Local\temp
2011-08-22 05:30 . 2011-08-22 05:30 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-08-22 05:30 . 2011-08-22 05:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 02:46 . 2011-08-21 02:46 -------- d-----w- c:\program files (x86)\ESET
2011-08-20 05:43 . 2011-08-20 05:43 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic
2011-08-19 17:24 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74D97C86-6A72-4985-A01A-AD317538EABD}\mpengine.dll
2011-08-17 00:53 . 2011-08-17 00:55 -------- d-----w- c:\users\jR\AppData\Local\Rockstar Games
2011-08-17 00:40 . 2011-08-17 00:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-08-17 00:38 . 2011-08-17 00:38 -------- d-----w- c:\windows\SysWow64\xlive
2011-08-17 00:38 . 2011-08-17 00:38 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-08-17 00:13 . 2011-08-17 00:16 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-08-11 07:02 . 2011-08-11 07:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-08-03 13:51 . 2011-08-03 13:51 388096 ----a-r- c:\users\jR\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-26 07:00 . 2011-07-26 07:00 -------- d-----w- c:\users\jR\AppData\Roaming\Millennia
2011-07-26 05:58 . 2011-07-26 05:58 -------- d-----w- c:\users\jR\AppData\Local\Ancestry.com
2011-07-26 05:54 . 2011-07-26 05:54 -------- d-----w- C:\IExp1.tmp
2011-07-26 05:54 . 2011-07-26 05:54 -------- d-----w- C:\IExp0.tmp
2011-07-26 05:54 . 2011-07-26 06:39 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-26 05:53 . 2011-07-26 05:53 -------- d-----w- c:\program files (x86)\Windows Media Components
2011-07-26 05:53 . 2011-07-26 05:53 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-07-23 15:12 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-23 15:12 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 01:58 . 2010-01-29 02:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-20 01:58 . 2009-11-20 00:06 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-20 01:57 . 2010-06-03 00:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-08-18 03:42 . 2009-11-20 00:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-18 03:42 . 2010-05-19 00:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-18 03:41 . 2010-05-19 00:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-15 16:54 . 2011-05-15 01:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-10 19:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 23:52 . 2010-10-03 21:16 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-10-03 21:16 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-11-30 15:24 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-01-04 22:28 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:36 . 2010-01-04 22:29 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-01-04 22:29 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-01-04 22:29 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-01-04 22:29 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-01-04 22:29 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-03 06:17 . 2011-07-03 06:17 59839 --sh--w- c:\windows\dtmn.exe
2011-06-13 21:25 . 2011-06-13 21:25 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2011-06-11 03:07 . 2011-07-12 22:42 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-30 21:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-30 21:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-30 21:35 . 2011-05-30 21:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-30 21:35 . 2011-05-30 21:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-30 21:35 . 2011-05-30 21:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-30 21:35 . 2011-05-30 21:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-30 21:35 . 2011-05-30 21:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-30 21:35 . 2011-05-30 21:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-30 21:35 . 2011-05-30 21:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-30 21:35 . 2011-05-30 21:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-30 21:35 . 2011-05-30 21:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-30 21:35 . 2011-05-30 21:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-30 21:35 . 2011-05-30 21:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-30 21:35 . 2011-05-30 21:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-30 21:35 . 2011-05-30 21:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-30 21:35 . 2011-05-30 21:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-30 21:35 . 2011-05-30 21:35 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-30 21:35 . 2011-05-30 21:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-30 21:35 . 2011-05-30 21:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-30 21:35 . 2011-05-30 21:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-30 21:35 . 2011-05-30 21:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-30 21:35 . 2011-05-30 21:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-30 21:35 . 2011-05-30 21:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-30 21:35 . 2011-05-30 21:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-30 21:35 . 2011-05-30 21:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-30 21:35 . 2011-05-30 21:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-30 21:35 . 2011-05-30 21:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-30 21:35 . 2011-05-30 21:35 448512 ----a-w- c:\windows\system32\html.iec
2011-05-30 21:35 . 2011-05-30 21:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-30 21:35 . 2011-05-30 21:35 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-30 21:35 . 2011-05-30 21:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-30 21:35 . 2011-05-30 21:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-30 21:35 . 2011-05-30 21:35 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-30 21:35 . 2011-05-30 21:35 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-30 21:35 . 2011-05-30 21:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-30 21:35 . 2011-05-30 21:35 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-30 21:35 . 2011-05-30 21:35 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-30 21:35 . 2011-05-30 21:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-25 06:09 . 2011-04-08 03:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-04-08 03:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-08 03:19 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 06:09 . 2009-09-27 23:22 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-06-02 06:30 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-06-02 06:30 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 06:09 . 2011-04-08 03:19 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-25 06:09 . 2011-04-08 03:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2010-10-25 06:46 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 06:09 . 2011-06-02 06:30 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 06:09 . 2011-06-02 06:30 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 06:09 . 2011-02-17 08:38 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 06:09 . 2011-06-02 06:30 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-06-02 06:30 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 06:09 . 2011-06-02 06:30 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 06:09 . 2011-06-02 06:30 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 06:09 . 2011-06-02 06:30 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 06:09 . 2011-06-02 06:30 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 06:09 . 2011-06-02 06:30 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 06:09 . 2011-06-02 06:30 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-06-02 06:30 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 06:09 . 2011-06-02 06:30 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-02 06:30 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 06:09 . 2011-06-02 06:30 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2011-06-02 06:30 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-25 06:09 . 2011-02-17 08:38 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-25 06:09 . 2010-10-25 06:46 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-24 23:14 . 2009-11-14 08:18 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 03:45 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:45 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:45 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:45 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:45 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-20_04.58.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-21 03:41 . 2011-08-21 03:41 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-08-19 15:38 . 2011-08-19 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-22 05:32 . 2011-08-22 05:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-19 15:38 . 2011-08-19 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-22 05:32 . 2011-08-22 05:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-08-19 07:58 508028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-22 05:31 508028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-17 00:39 . 2011-08-17 00:39 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-08-17 00:39 . 2011-08-17 00:39 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-08-21 03:41 . 2011-08-21 03:41 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 05:53 . 2011-08-19 07:58 23139124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-281375695-2186419646-4241709522-1001-12288.dat
+ 2010-06-13 05:53 . 2011-08-22 05:31 23139124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-281375695-2186419646-4241709522-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-14 4922760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"HostManager"="c:\program files (x86)\Common Files\AOL\1258216102\ee\AOLSoftware.exe" [2010-03-08 41800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-14 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"CTxfiHlp"=CTXFIHLP.EXE
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-24 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [x]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PORTIO64;PORTIO64;c:\users\jR\Desktop\360.flash_112810\Jungle-Flasher-V0.1.76-beta-166-\JungleFlasher v0.1.76 Beta (166)\portio64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AirPrint;AirPrint;c:\program files (x86)\AirPrint\Airprint.exe [2011-04-20 234784]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-07-07 424264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-03-08 341832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-27 1403200]
S2 VRAID Log Service;VRAID Log Service;c:\program files (x86)\VIA\RAID\vialogsv.exe [2008-09-24 52888]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaVx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-22 c:\windows\Tasks\At5.job
- c:\windows\dtmn.exe [2011-07-03 06:17]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 22:22]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 22:22]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281375695-2186419646-4241709522-1001Core.job
- c:\users\jR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-17 19:21]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-281375695-2186419646-4241709522-1001UA.job
- c:\users\jR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-17 19:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\jR\AppData\Roaming\Mozilla\Firefox\Profiles\z94h6nph.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,16,85,ff,c7,b6,36,46,97,8d,7d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,16,85,ff,c7,b6,36,46,97,8d,7d,\
.
[HKEY_USERS\S-1-5-21-281375695-2186419646-4241709522-1001\Software\SecuROM\License information*]
"datasecu"=hex:97,cc,7c,c8,48,78,2b,18,d3,46,48,c7,cd,68,cb,05,3d,29,4d,49,2f,
81,d5,fc,26,84,79,6e,4b,ff,1f,2d,a3,80,d8,cc,45,98,a9,3e,e4,94,9a,d5,64,d5,\
"rkeysecu"=hex:0d,aa,ad,03,12,22,e8,a4,72,75,d7,5e,f7,10,c4,9c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e5,36,a1,13,f6,d1,2d,78,d4,40,a2,f8,6e,3f,a8,f4,aa,31,3e,d8,ed,
56,09,5c,82,37,64,29,90,32,5c,ef,4e,98,0d,08,0d,3c,d5,5d,1c,a7,71,d9,60,f1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e5,36,a1,13,f6,d1,2d,78,d4,40,a2,f8,6e,3f,a8,f4,aa,31,3e,d8,ed,
56,09,5c,82,37,64,29,90,32,5c,ef,4e,98,0d,08,0d,3c,d5,5d,1c,a7,71,d9,60,f1,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-08-22 01:44:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-22 05:44
ComboFix2.txt 2011-08-20 05:02
.
Pre-Run: 136,670,273,536 bytes free
Post-Run: 137,486,827,520 bytes free
.
- - End Of File - - 2C4A384CF84BBA2D342B11ED5644B7D5

Edited by mrebean, 22 August 2011 - 02:23 AM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 22 August 2011 - 08:51 PM

mrebean:

Your logs look good. All I have left for you is a software update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • aswMBR
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 mrebean

mrebean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 August 2011 - 10:31 AM

everything seems fine.

a big THANK YOU for all your help :) have a great day

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 23 August 2011 - 09:20 PM

You're welcome, mrebean. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 26 August 2011 - 08:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users