Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection consrv.dll


  • This topic is locked This topic is locked
27 replies to this topic

#1 dionan

dionan

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 16 March 2012 - 05:23 AM

Hello, My name is Ewan and I've noticed that my windows firewall would not load nor could I find/enable it in services and my antivirus died. After some searching I found the dreaded consrv.dll on my computer (I'm sure there must be many little infections on there). I am running win 7 64. I have run spybot, ms security essentials and had winpatrol and malwarebytes running. I would appreciate any help in removing problems on my system and guidance running combofix when an advisor recommends.

Thank you

Ewan

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 16 March 2012 - 11:23 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt and paste them into your next post. I don't need to see Extras.txt right now
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt log
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 18 March 2012 - 04:15 AM

Hi and thank you. I've ran both scans - please see attached.

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 18 March 2012 - 09:12 AM

Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Please include the following in your next post:
  • ComboFix log
  • FSS log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 20 March 2012 - 07:49 PM

Hi, combofix says I have avg scanners, but I dont have avg installed, before I exit combofix it pops up a message which says todays date and that it has expired and do I want to run in reduced function mode.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 20 March 2012 - 09:30 PM

Download a new copy of ComboFix from one of the links I gave you, then please try again from the Safe Mode. Ignore any warning you get about AVG, please.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 21 March 2012 - 05:35 AM

Hi there, please find the attached logs

the combofix log is 300k and when i try to upload the forum gives me - Error This file was too big to upload

Used 292.59K of your 512K global upload quota (Max. single file size: 220.88K)

What should I do?

Attached Files

  • Attached File  FSS.txt   1.48KB   3 downloads


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 21 March 2012 - 10:43 AM

Can you post the log as opposed to adding it as an attachment? If it's too big to post, delete the "Snapshot" section.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 21 March 2012 - 10:56 AM

ComboFix 12-03-20.02 - Dionan 21/03/2012 10:09:02.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.12286.10177 [GMT 0:00]
Running from: c:\users\Dionan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 10:12 . 2012-03-21 10:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-03-21 10:12 . 2012-03-21 10:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-21 10:12 . 2012-03-21 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 11:12 . 2012-02-07 23:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AFFAA41-7DA2-4D3B-95C8-65B369225E74}\mpengine.dll
2012-03-18 19:58 . 2012-03-18 20:06 -------- d-----w- c:\programdata\FAForever
2012-03-18 19:58 . 2012-03-18 20:02 -------- d-----w- c:\program files (x86)\Forged Alliance Forever - Lobby
2012-03-17 12:09 . 2012-03-17 12:09 -------- d-----w- c:\users\Dionan\AppData\Roaming\Ascaron Entertainment
2012-03-17 08:50 . 2012-02-07 23:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-16 08:46 . 2012-03-16 08:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4C9F067-0281-43CA-8553-DB6BAA8EB082}\gapaengine.dll
2012-03-16 08:44 . 2012-03-16 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-16 08:44 . 2012-03-16 08:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-16 08:37 . 2012-03-16 08:37 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-15 06:43 . 2012-03-15 06:43 -------- d-----w- c:\program files\Soluto
2012-03-15 03:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:31 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:31 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:31 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:31 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:31 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:31 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 16:55 . 2012-03-10 16:55 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-03-08 16:13 . 2012-03-08 16:16 -------- d-----w- c:\users\Dionan\Heaven
2012-03-08 16:12 . 2012-03-10 16:57 -------- d-----w- c:\users\Dionan\Unigine Heaven
2012-03-08 15:52 . 2012-03-08 15:52 -------- d-----w- c:\programdata\ATI
2012-03-08 15:47 . 2012-03-08 15:47 -------- d-----w- c:\programdata\AMD
2012-03-08 15:47 . 2012-03-08 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 15:47 . 2012-03-08 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-06 22:32 . 2012-03-06 22:32 -------- d-----w- c:\program files (x86)\Microsoft Application Compatibility Toolkit
2012-03-06 16:35 . 1999-09-08 14:56 195856 ----a-r- c:\windows\dsetup32.dll
2012-03-06 16:35 . 1999-09-08 14:51 40208 ----a-r- c:\windows\dsetup.dll
2012-03-05 23:51 . 2012-03-05 23:51 -------- d-----w- c:\users\Dionan\AppData\Roaming\Abyssmedia
2012-02-27 14:06 . 2012-02-27 14:06 -------- d-----w- c:\program files (x86)\Mediafour
2012-02-21 18:00 . 2012-02-21 18:00 -------- d-----w- c:\programdata\VirtualizedApplications
2012-02-21 17:52 . 2012-02-21 17:52 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2012-02-21 15:50 . 2012-02-21 15:50 -------- d-----w- c:\users\Dionan\AppData\Local\SoftGrid Client
2012-02-21 15:49 . 2012-03-21 00:36 -------- d-----w- c:\users\Dionan\AppData\Roaming\SoftGrid Client
2012-02-21 15:48 . 2012-02-22 03:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-02-21 15:47 . 2012-02-21 15:49 -------- d-----w- c:\users\Dionan\AppData\Roaming\TP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:38 . 2010-06-26 00:58 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-03-21 00:38 . 2010-06-26 10:52 25640 ----a-w- c:\windows\gdrv.sys
2012-03-10 15:23 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-26 21:27 . 2010-06-26 22:53 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-08-26 02:01 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-10-03 16:02 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-04-06 01:53 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2011-10-03 15:48 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-10-03 15:35 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-10-03 15:39 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2011-10-03 15:30 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-07-01 09:40 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-12-06 02:13 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-10-03 15:22 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2010-07-07 01:14 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2011-10-03 15:21 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-10-03 15:21 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-08 18:54 . 2012-02-08 18:54 388096 ----a-r- c:\users\Dionan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 18:30 . 2012-02-08 18:29 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 01:31 . 2011-05-19 19:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-01 11:42 . 2010-08-06 17:18 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-01 11:42 . 2012-02-01 11:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-31 12:44 . 2009-12-31 23:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-25 18:56 . 2011-06-13 14:45 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-01-25 04:01 . 2012-01-25 04:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-25 04:01 . 2012-01-25 04:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-25 04:01 . 2012-01-25 04:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-25 04:01 . 2012-01-25 04:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-25 04:01 . 2012-01-25 04:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-25 04:01 . 2012-01-25 04:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-25 04:01 . 2012-01-25 04:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-25 04:01 . 2012-01-25 04:01 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-25 04:01 . 2012-01-25 04:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-25 04:01 . 2012-01-25 04:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-25 04:01 . 2012-01-25 04:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-25 04:01 . 2012-01-25 04:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-25 04:01 . 2012-01-25 04:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-25 04:01 . 2012-01-25 04:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-25 04:01 . 2012-01-25 04:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-25 04:01 . 2012-01-25 04:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-25 04:01 . 2012-01-25 04:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-25 04:01 . 2012-01-25 04:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-25 04:01 . 2012-01-25 04:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-25 04:01 . 2012-01-25 04:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-25 04:01 . 2012-01-25 04:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-25 04:01 . 2012-01-25 04:01 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-25 04:01 . 2012-01-25 04:01 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-25 04:01 . 2012-01-25 04:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-25 04:01 . 2012-01-25 04:01 448512 ----a-w- c:\windows\system32\html.iec
2012-01-25 04:01 . 2012-01-25 04:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-25 04:01 . 2012-01-25 04:01 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-25 04:01 . 2012-01-25 04:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-25 04:01 . 2012-01-25 04:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-25 04:01 . 2012-01-25 04:01 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-25 04:01 . 2012-01-25 04:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-25 04:01 . 2012-01-25 04:01 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-25 04:01 . 2012-01-25 04:01 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-25 04:01 . 2012-01-25 04:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_20.16.41 )))))))))))))))))))))))))))))))))))))))))

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AtiTrayTools"="g:\ati tray\ATI Tray Tools\atitray.exe" [2010-11-13 930816]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-03 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"StartCCC"="g:\ati technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Dionan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.exe [2010-6-26 495632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
ZDWLan Utility.lnk - c:\program files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2011-1-19 483328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [x]
R1 eqgekksr;eqgekksr;c:\windows\system32\drivers\eqgekksr.sys [x]
R1 kyczkifo;kyczkifo;c:\windows\system32\drivers\kyczkifo.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 ALSysIO;ALSysIO;c:\users\Dionan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;g:\bitcomet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz130;cpuz130;c:\users\Dionan\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-11-04 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-21 30528]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;g:\hi-rez studios\HiPatchService.exe [2012-02-20 8704]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RadeonPro Support Service;RadeonPro Support Service;g:\radeonpro\RadeonProSupport.exe [2011-02-10 12800]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TRIXX;TRIXX;c:\users\Dionan\AppData\Local\Temp\TRIXX.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-01-25 547872]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405954760-1696998006-470692607-1000Core.job
- c:\users\Dionan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 14:28]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405954760-1696998006-470692607-1000UA.job
- c:\users\Dionan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 14:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 18:28 414720 ----a-w- c:\users\Dionan\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-01-30 400480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube to MP3 Converter - c:\users\Dionan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dionan\AppData\Roaming\Mozilla\Firefox\Profiles\8h9c13l9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ALAN Wake_is1 - e:\aw\unins000.exe
AddRemove-Alien Breed: Impact_is1 - g:\alien breed impact\unins000.exe
AddRemove-UnityWebPlayer - c:\users\Dionan\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-405954760-1696998006-470692607-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:13,0b,f1,11,ab,e3,b6,3c,c3,bf,ea,16,0e,00,2c,14,9f,cb,ba,47,f4,4e,cb,
de,dd,7c,72,c5,e3,67,08,46,cc,87,64,3e,89,c0,5d,29,f7,bb,8f,3e,12,db,c9,3b,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-405954760-1696998006-470692607-1000\Software\SecuROM\License information*]
"datasecu"=hex:49,50,56,30,94,15,db,98,16,8a,8f,89,18,f4,b8,be,a6,92,95,21,77,
bd,67,07,c8,14,08,8c,5a,00,53,d4,96,dc,ce,a1,7c,e3,bc,6b,3d,c6,cb,5d,50,e1,\
"rkeysecu"=hex:3f,52,ff,fb,f0,84,e2,28,24,f6,9c,06,a5,5f,db,19
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-21 10:18:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 10:18
ComboFix2.txt 2012-02-08 00:01
ComboFix3.txt 2012-02-07 20:21
.
Pre-Run: 6,064,263,168 bytes free
Post-Run: 6,173,769,728 bytes free
.
- - End Of File - - 679D4061C42BC93145829B1183369413

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 21 March 2012 - 09:45 PM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::

Driver::
eqgekksr
kyczkifo
ALSysIO
File::
c:\windows\system32\drivers\eqgekksr.sys
c:\windows\system32\drivers\kyczkifo.sys
c:\users\Dionan\AppData\Local\Temp\ALSysIO64.sys
SecCenter::
{5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
{E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again - ignore any warnings about AVG. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 March 2012 - 05:09 AM

sorry had problems with pc, will post logs in a few hours could not get on internet - don't know if it was my pc or isp

#12 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 March 2012 - 04:15 PM

combofix log file after running script

ComboFix 12-03-27.03 - Dionan 27/03/2012 21:51:25.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.12286.9098 [GMT 1:00]
Running from: c:\users\Dionan\Desktop\ComboFix.exe
Command switches used :: c:\users\Dionan\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Dionan\AppData\Local\Temp\ALSysIO64.sys"
"c:\windows\system32\drivers\eqgekksr.sys"
"c:\windows\system32\drivers\kyczkifo.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Service_ALSysIO
-------\Service_eqgekksr
-------\Service_kyczkifo
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 20:56 . 2012-03-27 20:56 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-03-27 20:56 . 2012-03-27 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-27 20:56 . 2012-03-27 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 13:40 . 2012-03-27 13:40 90112 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-03-27 13:00 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A761536-4B4D-43BB-90EE-EEC3FF935810}\mpengine.dll
2012-03-26 09:34 . 2012-03-26 09:36 -------- d-----w- c:\users\Dionan\AppData\Roaming\NationRed
2012-03-24 16:31 . 2012-03-24 16:31 -------- d-----w- c:\users\Dionan\AppData\Local\CRE
2012-03-24 16:31 . 2012-03-24 16:35 -------- d-----w- c:\users\Dionan\AppData\Local\Conduit
2012-03-24 16:31 . 2012-03-24 16:31 -------- d-----w- c:\program files (x86)\Conduit
2012-03-24 16:22 . 2012-03-24 16:34 -------- d-----w- c:\users\Dionan\AppData\Roaming\GetRightToGo
2012-03-23 17:46 . 2012-03-23 17:47 -------- d-----w- c:\users\Dionan\AppData\Roaming\The Chosen
2012-03-23 17:46 . 2012-03-23 17:46 -------- d-----w- c:\users\Dionan\AppData\Roaming\Frater
2012-03-18 19:58 . 2012-03-18 20:06 -------- d-----w- c:\programdata\FAForever
2012-03-18 19:58 . 2012-03-18 20:02 -------- d-----w- c:\program files (x86)\Forged Alliance Forever - Lobby
2012-03-17 12:09 . 2012-03-17 12:09 -------- d-----w- c:\users\Dionan\AppData\Roaming\Ascaron Entertainment
2012-03-17 08:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-16 08:46 . 2012-03-16 08:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4C9F067-0281-43CA-8553-DB6BAA8EB082}\gapaengine.dll
2012-03-16 08:44 . 2012-03-16 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-16 08:44 . 2012-03-16 08:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-16 08:37 . 2012-03-16 08:37 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-15 06:43 . 2012-03-15 06:43 -------- d-----w- c:\program files\Soluto
2012-03-15 03:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:31 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:31 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:31 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:31 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:31 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:31 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 16:55 . 2012-03-10 16:55 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-03-08 16:13 . 2012-03-08 16:16 -------- d-----w- c:\users\Dionan\Heaven
2012-03-08 16:12 . 2012-03-10 16:57 -------- d-----w- c:\users\Dionan\Unigine Heaven
2012-03-08 15:52 . 2012-03-08 15:52 -------- d-----w- c:\programdata\ATI
2012-03-08 15:47 . 2012-03-08 15:47 -------- d-----w- c:\programdata\AMD
2012-03-08 15:47 . 2012-03-08 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-08 15:47 . 2012-03-08 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-06 22:32 . 2012-03-06 22:32 -------- d-----w- c:\program files (x86)\Microsoft Application Compatibility Toolkit
2012-03-06 16:35 . 1999-09-08 14:56 195856 ----a-r- c:\windows\dsetup32.dll
2012-03-06 16:35 . 1999-09-08 14:51 40208 ----a-r- c:\windows\dsetup.dll
2012-03-05 23:51 . 2012-03-05 23:51 -------- d-----w- c:\users\Dionan\AppData\Roaming\Abyssmedia
2012-02-27 14:06 . 2012-02-27 14:06 -------- d-----w- c:\program files (x86)\Mediafour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 11:50 . 2012-02-01 11:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-26 11:50 . 2010-08-06 17:18 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-21 11:32 . 2010-06-26 00:58 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-03-21 11:32 . 2010-06-26 10:52 25640 ----a-w- c:\windows\gdrv.sys
2012-03-10 15:23 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-08-26 02:01 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-10-03 16:02 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-04-06 01:53 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2011-10-03 15:48 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-10-03 15:35 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-10-03 15:39 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2011-10-03 15:30 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-07-01 09:40 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-12-06 02:13 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-10-03 15:22 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2010-07-07 01:14 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2011-10-03 15:21 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-10-03 15:21 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-08 18:54 . 2012-02-08 18:54 388096 ----a-r- c:\users\Dionan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 18:30 . 2012-02-08 18:29 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 01:31 . 2011-05-19 19:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2009-12-31 23:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-25 18:56 . 2011-06-13 14:45 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-01-25 04:01 . 2012-01-25 04:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-25 04:01 . 2012-01-25 04:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-25 04:01 . 2012-01-25 04:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-25 04:01 . 2012-01-25 04:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-25 04:01 . 2012-01-25 04:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-25 04:01 . 2012-01-25 04:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-25 04:01 . 2012-01-25 04:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-25 04:01 . 2012-01-25 04:01 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-25 04:01 . 2012-01-25 04:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-25 04:01 . 2012-01-25 04:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-25 04:01 . 2012-01-25 04:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-25 04:01 . 2012-01-25 04:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-25 04:01 . 2012-01-25 04:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-25 04:01 . 2012-01-25 04:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-25 04:01 . 2012-01-25 04:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-25 04:01 . 2012-01-25 04:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-25 04:01 . 2012-01-25 04:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-25 04:01 . 2012-01-25 04:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-25 04:01 . 2012-01-25 04:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-25 04:01 . 2012-01-25 04:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-25 04:01 . 2012-01-25 04:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-25 04:01 . 2012-01-25 04:01 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-25 04:01 . 2012-01-25 04:01 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-25 04:01 . 2012-01-25 04:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-25 04:01 . 2012-01-25 04:01 448512 ----a-w- c:\windows\system32\html.iec
2012-01-25 04:01 . 2012-01-25 04:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-25 04:01 . 2012-01-25 04:01 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-25 04:01 . 2012-01-25 04:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-25 04:01 . 2012-01-25 04:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-25 04:01 . 2012-01-25 04:01 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-25 04:01 . 2012-01-25 04:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-25 04:01 . 2012-01-25 04:01 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-25 04:01 . 2012-01-25 04:01 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-25 04:01 . 2012-01-25 04:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-04 10:44 . 2012-02-16 18:13 509952 ----a-w- c:\windows\system32\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-21_10.13.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-26 01:28 . 2012-03-23 13:57 66652 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-23 13:57 55648 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-26 00:59 . 2012-03-23 13:57 20026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-405954760-1696998006-470692607-1000_UserData.bin
- 2010-06-26 00:30 . 2012-03-21 01:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-26 00:30 . 2012-03-27 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-08 23:44 . 2012-03-21 01:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-08 23:44 . 2012-03-27 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 01:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-26 01:14 . 2012-03-21 10:23 1988 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-21 10:13 . 2012-03-21 10:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 20:58 . 2012-03-27 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 20:58 . 2012-03-27 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-21 10:13 . 2012-03-21 10:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-03-27 20:57 281752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-21 10:12 281752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-20 17:43 . 2012-03-27 20:57 4930032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-405954760-1696998006-470692607-1000-12288.dat
- 2011-08-06 16:18 . 2012-03-21 10:12 11146464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-06 16:18 . 2012-03-27 20:57 11146464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-26 09:09 . 2012-03-27 20:57 35138172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-405954760-1696998006-470692607-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AtiTrayTools"="g:\ati tray\ATI Tray Tools\atitray.exe" [2010-11-13 930816]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-03 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"StartCCC"="g:\ati technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Dionan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.exe [2010-6-26 495632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
ZDWLan Utility.lnk - c:\program files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2011-1-19 483328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 atitray;atitray;c:\program files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;g:\bitcomet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz130;cpuz130;c:\users\Dionan\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-11-04 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-21 30528]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;g:\hi-rez studios\HiPatchService.exe [2012-02-20 8704]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RadeonPro Support Service;RadeonPro Support Service;g:\radeonpro\RadeonProSupport.exe [2011-02-10 12800]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TRIXX;TRIXX;c:\users\Dionan\AppData\Local\Temp\TRIXX.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-01-25 547872]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405954760-1696998006-470692607-1000Core.job
- c:\users\Dionan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 14:28]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-405954760-1696998006-470692607-1000UA.job
- c:\users\Dionan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 14:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 18:28 414720 ----a-w- c:\users\Dionan\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-01-30 400480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF23690.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube to MP3 Converter - c:\users\Dionan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dionan\AppData\Roaming\Mozilla\Firefox\Profiles\8h9c13l9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB3&ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
AddRemove-Alien Breed: Impact_is1 - g:\alien breed impact\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-405954760-1696998006-470692607-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:13,0b,f1,11,ab,e3,b6,3c,c3,bf,ea,16,0e,00,2c,14,9f,cb,ba,47,f4,4e,cb,
de,dd,7c,72,c5,e3,67,08,46,cc,87,64,3e,89,c0,5d,29,f7,bb,8f,3e,12,db,c9,3b,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-405954760-1696998006-470692607-1000\Software\SecuROM\License information*]
"datasecu"=hex:49,50,56,30,94,15,db,98,16,8a,8f,89,18,f4,b8,be,a6,92,95,21,77,
bd,67,07,c8,14,08,8c,5a,00,53,d4,96,dc,ce,a1,7c,e3,bc,6b,3d,c6,cb,5d,50,e1,\
"rkeysecu"=hex:3f,52,ff,fb,f0,84,e2,28,24,f6,9c,06,a5,5f,db,19
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-27 22:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 21:03
ComboFix2.txt 2012-03-21 10:18
ComboFix3.txt 2012-02-08 00:01
ComboFix4.txt 2012-02-07 20:21
.
Pre-Run: 5,208,002,560 bytes free
Post-Run: 5,049,159,680 bytes free
.
- - End Of File - - B4B2BD26D590BC831F237CFB97295726

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 27 March 2012 - 04:45 PM

Hi,

Are you able to connect to the internet with this PC now?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 dionan

dionan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 March 2012 - 04:51 PM

yes am just running MBAM and will attach the log, when finished. Virgin media had problems in my area

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 27 March 2012 - 05:05 PM

OK, great! I'll wait for the log.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users