Darkassasinr
2011-04-15, 20:35
I originally started this thread: http://forums.spybot.info/showthread.php?p=399769#post399769
but it got closed due to inactivity, I apologize for the wait, here are my combofix and DDS logs:
ComboFix 11-04-14.03 - Ryan 5/2011 Fri 10:30:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4061.2588 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\XSxS
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-15 17:05 . 2011-04-15 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 16:26 . 2011-04-15 16:27 -------- d-----w- C:\32788R22FWJFW
2011-04-15 00:08 . 2011-04-15 00:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-14 00:00 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 23:59 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 23:59 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 23:59 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-04-13 23:59 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-04-13 23:59 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-04-13 23:59 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-04-13 23:59 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-04-13 23:59 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-04-13 23:59 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-13 23:57 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 23:57 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 23:57 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 23:57 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-09 05:05 . 2011-04-09 05:05 -------- d-----w- c:\users\Ryan\AppData\Roaming\vlc
2011-04-08 00:31 . 2011-04-08 00:31 -------- d-----w- c:\windows\system32\SPReview
2011-04-08 00:30 . 2011-04-08 00:30 -------- d-----w- c:\windows\system32\EventProviders
2011-04-08 00:25 . 2010-11-20 13:27 3650560 ----a-w- c:\windows\system32\MSVidCtl.dll
2011-04-08 00:24 . 2010-11-20 13:27 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-04-08 00:23 . 2010-11-20 13:27 24064 ----a-w- c:\windows\system32\sisbkup.dll
2011-04-08 00:22 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDUS.DLL
2011-04-08 00:19 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-08 00:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-08 00:19 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-08 00:18 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-08 00:18 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-08 00:18 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-08 00:18 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-07 02:51 . 2011-04-07 02:51 -------- d-----w- c:\windows\SysWow64\Wat
2011-04-07 02:51 . 2011-04-07 02:51 -------- d-----w- c:\windows\system32\Wat
2011-04-07 02:39 . 2011-04-07 02:39 -------- d-----w- c:\program files (x86)\Intel
2011-04-07 02:35 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-07 02:35 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-07 02:35 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-07 02:35 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-04-07 02:35 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-04-07 01:44 . 2011-04-07 01:44 -------- d-----w- c:\program files (x86)\Pidgin
2011-04-07 01:33 . 2011-04-07 01:33 -------- d-----w- c:\users\Ryan\AppData\Local\Secunia PSI
2011-04-07 01:33 . 2011-04-07 01:33 -------- d-----w- c:\program files (x86)\Secunia
2011-04-03 09:50 . 2011-04-03 09:50 -------- d-----w- c:\windows\SysWow64\Adobe
2011-04-02 08:37 . 2011-04-02 08:37 -------- d-----w- c:\program files (x86)\ERUNT
2011-04-02 07:57 . 2011-04-02 07:57 -------- d-----w- c:\program files\CCleaner
2011-04-02 07:52 . 2011-04-02 07:52 388096 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 07:52 . 2011-04-02 07:52 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-02 07:45 . 2011-04-02 07:45 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 07:45 . 2011-04-02 07:45 -------- d-----w- c:\program files\Java
2011-04-02 01:08 . 2011-04-02 01:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-04-02 01:08 . 2011-04-02 01:08 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-04-02 01:08 . 2011-04-02 01:08 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-04-02 01:07 . 2011-04-02 01:07 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2011-04-02 01:06 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 01:06 . 2011-04-02 01:06 -------- d-----w- c:\programdata\Malwarebytes
2011-04-02 01:06 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 01:06 . 2011-04-02 01:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-25 20:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-25 20:56 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-25 20:56 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-25 20:56 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-25 20:56 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-25 20:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-25 20:56 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-25 20:56 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-21 04:57 . 2011-03-21 04:57 -------- d--h--w- c:\programdata\CanonBJ
2011-03-21 04:57 . 2010-04-24 11:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-03-21 04:57 . 2010-04-24 11:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-03-21 04:56 . 2011-03-21 04:56 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-03-21 04:56 . 2009-04-03 22:01 1321984 ----a-w- c:\windows\system32\CNC250C.dll
2011-03-21 04:56 . 2009-04-03 22:00 92672 ----a-w- c:\windows\system32\CNC250I.dll
2011-03-21 04:56 . 2009-03-11 17:36 328192 ----a-w- c:\windows\system32\CNC250L.dll
2011-03-21 04:56 . 2009-03-11 17:34 303104 ----a-w- c:\windows\SysWow64\CNC250L.dll
2011-03-21 04:56 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-03-21 04:56 . 2009-04-03 21:57 106496 ----a-w- c:\windows\SysWow64\CNC250U.dll
2011-03-21 04:56 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2011-03-21 04:55 . 2010-04-24 11:00 336896 ----a-w- c:\windows\system32\CNMLM9W.DLL
2011-03-21 04:55 . 2009-02-04 19:18 104960 ----a-w- c:\windows\system32\CNC250O.dll
2011-03-21 04:55 . 2009-03-18 15:10 244736 ----a-w- c:\windows\system32\CNMIU9W.DLL
2011-03-21 04:55 . 2011-03-21 04:55 -------- d--h--w- c:\program files\CanonBJ
2011-03-18 17:54 . 2011-03-18 17:56 -------- d-----w- c:\users\Ryan\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 00:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-08 00:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 15:04 . 2010-07-11 04:15 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-18 04:33 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-02-06 16:35 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-18 04:33 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:57 . 2011-03-06 18:11 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:55 . 2010-03-18 04:33 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-18 04:33 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-18 04:33 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-18 04:33 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 03:40 . 2011-03-13 19:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-01-17 05:14 . 2010-03-04 01:54 362784 ----a-w- c:\windows\system32\guard64.dll
2011-01-17 05:14 . 2010-03-04 01:54 285480 ----a-w- c:\windows\SysWow64\guard32.dll
2011-01-17 05:14 . 2010-03-04 01:54 89840 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-17 05:14 . 2010-03-04 01:54 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-17 05:14 . 2010-03-04 01:54 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-17 05:14 . 2010-03-04 01:54 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-18 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-8 12862]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-11-8 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1893882320-4169476230-959854676-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 17:54]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1893882320-4169476230-959854676-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 17:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-04-02 8866120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\dfp6hgll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.forumsx.net
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-15 11:09:44
ComboFix-quarantined-files.txt 2011-04-15 17:09
.
Pre-Run: 18,409,861,120 bytes free
Post-Run: 18,311,958,528 bytes free
.
- - End Of File - - 6F3883D24E73EABEB6E6414D5B72506E
DDS Log --------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Ryan at 11:24:13.78 on 04/15/2011 Fri
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4061.2317 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\EeeStorageUploader.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ryan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
AppInit_DLLs-X64: C:\Windows\System32\guard64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\dfp6hgll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.forumsx.net
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-6 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-17 280408]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-3-3 250008]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-3-3 39888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-11-8 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-11-8 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-17 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-17 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-6 42184]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-17 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-7-8 140800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-25 138752]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-4-27 57344]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-3-17 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-6 1255736]
.
=============== Created Last 30 ================
.
2011-04-15 16:27:46 98816 ----a-w- C:\Windows\sed.exe
2011-04-15 16:27:46 89088 ----a-w- C:\Windows\MBR.exe
2011-04-15 16:27:46 256512 ----a-w- C:\Windows\PEV.exe
2011-04-15 16:27:46 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-13 23:59:59 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-04-13 23:59:59 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-04-13 23:59:32 605552 ----a-w- C:\Windows\System32\winload.exe
2011-04-13 23:59:32 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-04-13 23:59:32 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-04-13 23:59:32 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-04-13 23:59:31 642944 ----a-w- C:\Windows\System32\winload.efi
2011-04-13 23:59:31 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-04-13 23:59:31 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-04-13 23:57:32 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-13 23:57:31 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-13 23:57:31 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-13 23:57:31 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-08 00:31:35 -------- d-----w- C:\Windows\System32\SPReview
2011-04-08 00:30:55 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-08 00:25:59 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
2011-04-08 00:24:59 689152 ----a-w- C:\Windows\System32\FXSSVC.exe
2011-04-08 00:23:59 95232 ----a-w- C:\Windows\System32\cca.dll
2011-04-08 00:22:59 8192 ----a-w- C:\Windows\System32\KBDCZ1.DLL
2011-04-08 00:19:08 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-04-08 00:19:08 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-08 00:19:08 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-04-08 00:18:56 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-04-08 00:18:47 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-04-08 00:18:15 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-08 00:18:14 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-07 02:51:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-07 02:51:25 -------- d-----w- C:\Windows\System32\Wat
2011-04-07 02:35:58 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-04-07 02:35:58 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-04-07 02:35:58 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-07 02:35:58 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-07 02:35:51 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-04-07 01:44:04 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-04-07 01:33:35 -------- d-----w- C:\Users\Ryan\AppData\Local\Secunia PSI
2011-04-07 01:33:23 -------- d-----w- C:\Program Files (x86)\Secunia
2011-04-03 09:50:21 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-04-02 07:57:15 -------- d-----w- C:\Program Files\CCleaner
2011-04-02 07:52:02 388096 ----a-r- C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 07:52:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-04-02 07:45:54 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-04-02 01:08:44 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-04-02 01:08:44 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-04-02 01:08:44 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-04-02 01:07:06 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-04-02 01:06:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 01:06:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-02 01:06:24 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-02 01:06:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-25 20:56:41 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-25 20:56:40 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-25 20:56:40 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-25 20:56:39 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-25 20:56:39 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 20:56:39 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-25 20:56:39 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-25 20:56:39 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-21 04:57:04 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-03-21 04:57:04 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-03-21 04:56:42 92672 ----a-w- C:\Windows\System32\CNC250I.dll
2011-03-21 04:56:42 328192 ----a-w- C:\Windows\System32\CNC250L.dll
2011-03-21 04:56:42 303104 ----a-w- C:\Windows\SysWow64\CNC250L.dll
2011-03-21 04:56:42 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2011-03-21 04:56:42 1321984 ----a-w- C:\Windows\System32\CNC250C.dll
2011-03-21 04:56:41 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2011-03-21 04:56:41 106496 ----a-w- C:\Windows\SysWow64\CNC250U.dll
2011-03-21 04:55:42 336896 ----a-w- C:\Windows\System32\CNMLM9W.DLL
2011-03-21 04:55:30 104960 ----a-w- C:\Windows\System32\CNC250O.dll
2011-03-21 04:55:29 244736 ----a-w- C:\Windows\System32\CNMIU9W.DLL
2011-03-18 17:54:57 -------- d-----w- C:\Users\Ryan\AppData\Local\Google
.
==================== Find3M ====================
.
2011-04-08 00:42:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-08 00:42:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-23 15:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 14:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 13:31:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-01-17 05:14:28 362784 ----a-w- C:\Windows\System32\guard64.dll
2011-01-17 05:14:26 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-01-17 05:14:24 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-01-17 05:14:24 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-01-17 05:14:24 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
.
============= FINISH: 11:25:40.61 ===============
Edit
;)
[I] Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.http://forums.spybot.info/showpost.php?p=401222&postcount=7
but it got closed due to inactivity, I apologize for the wait, here are my combofix and DDS logs:
ComboFix 11-04-14.03 - Ryan 5/2011 Fri 10:30:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4061.2588 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\XSxS
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-15 17:05 . 2011-04-15 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 16:26 . 2011-04-15 16:27 -------- d-----w- C:\32788R22FWJFW
2011-04-15 00:08 . 2011-04-15 00:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-14 00:00 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 23:59 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 23:59 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 23:59 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-04-13 23:59 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-04-13 23:59 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-04-13 23:59 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-04-13 23:59 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-04-13 23:59 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-04-13 23:59 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-13 23:57 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 23:57 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 23:57 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 23:57 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-09 05:05 . 2011-04-09 05:05 -------- d-----w- c:\users\Ryan\AppData\Roaming\vlc
2011-04-08 00:31 . 2011-04-08 00:31 -------- d-----w- c:\windows\system32\SPReview
2011-04-08 00:30 . 2011-04-08 00:30 -------- d-----w- c:\windows\system32\EventProviders
2011-04-08 00:25 . 2010-11-20 13:27 3650560 ----a-w- c:\windows\system32\MSVidCtl.dll
2011-04-08 00:24 . 2010-11-20 13:27 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-04-08 00:23 . 2010-11-20 13:27 24064 ----a-w- c:\windows\system32\sisbkup.dll
2011-04-08 00:22 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDUS.DLL
2011-04-08 00:19 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-08 00:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-08 00:19 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-08 00:18 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-08 00:18 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-08 00:18 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-08 00:18 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-07 02:51 . 2011-04-07 02:51 -------- d-----w- c:\windows\SysWow64\Wat
2011-04-07 02:51 . 2011-04-07 02:51 -------- d-----w- c:\windows\system32\Wat
2011-04-07 02:39 . 2011-04-07 02:39 -------- d-----w- c:\program files (x86)\Intel
2011-04-07 02:35 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-07 02:35 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-07 02:35 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-07 02:35 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-04-07 02:35 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-04-07 01:44 . 2011-04-07 01:44 -------- d-----w- c:\program files (x86)\Pidgin
2011-04-07 01:33 . 2011-04-07 01:33 -------- d-----w- c:\users\Ryan\AppData\Local\Secunia PSI
2011-04-07 01:33 . 2011-04-07 01:33 -------- d-----w- c:\program files (x86)\Secunia
2011-04-03 09:50 . 2011-04-03 09:50 -------- d-----w- c:\windows\SysWow64\Adobe
2011-04-02 08:37 . 2011-04-02 08:37 -------- d-----w- c:\program files (x86)\ERUNT
2011-04-02 07:57 . 2011-04-02 07:57 -------- d-----w- c:\program files\CCleaner
2011-04-02 07:52 . 2011-04-02 07:52 388096 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 07:52 . 2011-04-02 07:52 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-02 07:45 . 2011-04-02 07:45 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 07:45 . 2011-04-02 07:45 -------- d-----w- c:\program files\Java
2011-04-02 01:08 . 2011-04-02 01:08 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-04-02 01:08 . 2011-04-02 01:08 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-04-02 01:08 . 2011-04-02 01:08 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-04-02 01:07 . 2011-04-02 01:07 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2011-04-02 01:06 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 01:06 . 2011-04-02 01:06 -------- d-----w- c:\programdata\Malwarebytes
2011-04-02 01:06 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 01:06 . 2011-04-02 01:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-25 20:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-25 20:56 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-25 20:56 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-25 20:56 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-25 20:56 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-25 20:56 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-25 20:56 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-25 20:56 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-21 04:57 . 2011-03-21 04:57 -------- d--h--w- c:\programdata\CanonBJ
2011-03-21 04:57 . 2010-04-24 11:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-03-21 04:57 . 2010-04-24 11:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-03-21 04:56 . 2011-03-21 04:56 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-03-21 04:56 . 2009-04-03 22:01 1321984 ----a-w- c:\windows\system32\CNC250C.dll
2011-03-21 04:56 . 2009-04-03 22:00 92672 ----a-w- c:\windows\system32\CNC250I.dll
2011-03-21 04:56 . 2009-03-11 17:36 328192 ----a-w- c:\windows\system32\CNC250L.dll
2011-03-21 04:56 . 2009-03-11 17:34 303104 ----a-w- c:\windows\SysWow64\CNC250L.dll
2011-03-21 04:56 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-03-21 04:56 . 2009-04-03 21:57 106496 ----a-w- c:\windows\SysWow64\CNC250U.dll
2011-03-21 04:56 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2011-03-21 04:55 . 2010-04-24 11:00 336896 ----a-w- c:\windows\system32\CNMLM9W.DLL
2011-03-21 04:55 . 2009-02-04 19:18 104960 ----a-w- c:\windows\system32\CNC250O.dll
2011-03-21 04:55 . 2009-03-18 15:10 244736 ----a-w- c:\windows\system32\CNMIU9W.DLL
2011-03-21 04:55 . 2011-03-21 04:55 -------- d--h--w- c:\program files\CanonBJ
2011-03-18 17:54 . 2011-03-18 17:56 -------- d-----w- c:\users\Ryan\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 00:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-08 00:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 15:04 . 2010-07-11 04:15 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-18 04:33 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-02-06 16:35 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-18 04:33 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:57 . 2011-03-06 18:11 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:55 . 2010-03-18 04:33 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-18 04:33 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-18 04:33 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-18 04:33 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 03:40 . 2011-03-13 19:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-01-17 05:14 . 2010-03-04 01:54 362784 ----a-w- c:\windows\system32\guard64.dll
2011-01-17 05:14 . 2010-03-04 01:54 285480 ----a-w- c:\windows\SysWow64\guard32.dll
2011-01-17 05:14 . 2010-03-04 01:54 89840 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-17 05:14 . 2010-03-04 01:54 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-17 05:14 . 2010-03-04 01:54 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-17 05:14 . 2010-03-04 01:54 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-18 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-8 12862]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
SRS Premium Sound.lnk - c:\windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-11-8 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1893882320-4169476230-959854676-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 17:54]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1893882320-4169476230-959854676-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-18 17:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-04-02 8866120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\dfp6hgll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.forumsx.net
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-15 11:09:44
ComboFix-quarantined-files.txt 2011-04-15 17:09
.
Pre-Run: 18,409,861,120 bytes free
Post-Run: 18,311,958,528 bytes free
.
- - End Of File - - 6F3883D24E73EABEB6E6414D5B72506E
DDS Log --------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Ryan at 11:24:13.78 on 04/15/2011 Fri
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4061.2317 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ASUS\Asus WebStorage\EeeStorageUploader.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ryan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
AppInit_DLLs-X64: C:\Windows\System32\guard64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\dfp6hgll.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.forumsx.net
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-6 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-17 280408]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-3-3 250008]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-3-3 39888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-11-8 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-11-8 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-17 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-17 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-6 42184]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-17 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-7-8 140800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-25 138752]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-4-27 57344]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-3-17 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-6 1255736]
.
=============== Created Last 30 ================
.
2011-04-15 16:27:46 98816 ----a-w- C:\Windows\sed.exe
2011-04-15 16:27:46 89088 ----a-w- C:\Windows\MBR.exe
2011-04-15 16:27:46 256512 ----a-w- C:\Windows\PEV.exe
2011-04-15 16:27:46 161792 ----a-w- C:\Windows\SWREG.exe
2011-04-13 23:59:59 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-04-13 23:59:59 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-04-13 23:59:32 605552 ----a-w- C:\Windows\System32\winload.exe
2011-04-13 23:59:32 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-04-13 23:59:32 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-04-13 23:59:32 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-04-13 23:59:31 642944 ----a-w- C:\Windows\System32\winload.efi
2011-04-13 23:59:31 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-04-13 23:59:31 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-04-13 23:57:32 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-13 23:57:31 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-13 23:57:31 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-13 23:57:31 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-08 00:31:35 -------- d-----w- C:\Windows\System32\SPReview
2011-04-08 00:30:55 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-08 00:25:59 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
2011-04-08 00:24:59 689152 ----a-w- C:\Windows\System32\FXSSVC.exe
2011-04-08 00:23:59 95232 ----a-w- C:\Windows\System32\cca.dll
2011-04-08 00:22:59 8192 ----a-w- C:\Windows\System32\KBDCZ1.DLL
2011-04-08 00:19:08 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-04-08 00:19:08 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-08 00:19:08 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-04-08 00:18:56 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-04-08 00:18:47 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-04-08 00:18:15 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-08 00:18:14 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-07 02:51:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-07 02:51:25 -------- d-----w- C:\Windows\System32\Wat
2011-04-07 02:35:58 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-04-07 02:35:58 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-04-07 02:35:58 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-07 02:35:58 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-07 02:35:51 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-04-07 01:44:04 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-04-07 01:33:35 -------- d-----w- C:\Users\Ryan\AppData\Local\Secunia PSI
2011-04-07 01:33:23 -------- d-----w- C:\Program Files (x86)\Secunia
2011-04-03 09:50:21 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-04-02 07:57:15 -------- d-----w- C:\Program Files\CCleaner
2011-04-02 07:52:02 388096 ----a-r- C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-02 07:52:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-04-02 07:45:54 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-04-02 01:08:44 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-04-02 01:08:44 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-04-02 01:08:44 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-04-02 01:07:06 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-04-02 01:06:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 01:06:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-02 01:06:24 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-02 01:06:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-25 20:56:41 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-25 20:56:40 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-25 20:56:40 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-25 20:56:39 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-25 20:56:39 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 20:56:39 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-25 20:56:39 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-25 20:56:39 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-21 04:57:04 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-03-21 04:57:04 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-03-21 04:56:42 92672 ----a-w- C:\Windows\System32\CNC250I.dll
2011-03-21 04:56:42 328192 ----a-w- C:\Windows\System32\CNC250L.dll
2011-03-21 04:56:42 303104 ----a-w- C:\Windows\SysWow64\CNC250L.dll
2011-03-21 04:56:42 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2011-03-21 04:56:42 1321984 ----a-w- C:\Windows\System32\CNC250C.dll
2011-03-21 04:56:41 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2011-03-21 04:56:41 106496 ----a-w- C:\Windows\SysWow64\CNC250U.dll
2011-03-21 04:55:42 336896 ----a-w- C:\Windows\System32\CNMLM9W.DLL
2011-03-21 04:55:30 104960 ----a-w- C:\Windows\System32\CNC250O.dll
2011-03-21 04:55:29 244736 ----a-w- C:\Windows\System32\CNMIU9W.DLL
2011-03-18 17:54:57 -------- d-----w- C:\Users\Ryan\AppData\Local\Google
.
==================== Find3M ====================
.
2011-04-08 00:42:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-08 00:42:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-23 15:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 14:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 13:31:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-01-17 05:14:28 362784 ----a-w- C:\Windows\System32\guard64.dll
2011-01-17 05:14:26 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-01-17 05:14:24 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-01-17 05:14:24 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-01-17 05:14:24 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
.
============= FINISH: 11:25:40.61 ===============
Edit
;)
[I] Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.http://forums.spybot.info/showpost.php?p=401222&postcount=7