lately everytime i use google to search, it redirects me to a new browser. my windows died once already and i fixed it but it still does the redirect.
lately everytime i use google to search, it redirects me to a new browser. my windows died once already and i fixed it but it still does the redirect.
it wont let me edit so...
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Kenan at 10:58:42 on 2011-06-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2637 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
StartupFolder: C:\Users\Kenan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62} : DhcpNameServer = 209.18.47.61 209.18.47.62
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-13 13336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
.
=============== Created Last 30 ================
.
2011-06-26 09:42:42 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-06-25 16:35:48 -------- d-----w- C:\Program Files (x86)\AhnLab
2011-06-25 06:31:43 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-06-25 06:16:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-25 06:16:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-25 06:16:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-25 06:16:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-25 06:16:23 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16:23 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-25 06:16:23 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-25 06:16:23 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-25 06:16:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-25 06:16:23 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-25 06:08:36 -------- d-----w- C:\Games
2011-06-25 05:01:39 -------- d-----w- C:\Windows\System32\catroot2
2011-06-25 04:41:00 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16B96430-4423-4DD0-B5FF-DFCB5A2E7CD3}\mpengine.dll
2011-06-25 04:40:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-25 04:29:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Google
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Deployment
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Apps
2011-06-25 04:03:59 -------- d-sh--w- C:\Recovery
2011-06-25 04:03:58 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 10:59:03.70 ===============
Hi TitanX,
Welcome to Safer Networking. My name is Blottedisk and I will be helping you with your malware issues.
- Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools box to the top right of your topic title and then choosing Suscribe to this Thread (then choose Instant Notification by email). If the button says Unsuscribe from this Thread, then you are already subscribed.
- Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.
Please follow these steps in order:
Step 1 | Please download GMER from one of the following locations and save it to your desktop:
Main Mirror - This version will download a randomly named file (Recommended)
Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
--------------------------------------------------------------------
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Make sure all options are checked except:
- IAT/EAT
- Drives/Partition other than Systemdrive, which is typically C:\
- Show All (This is important, so do not miss it.)
Click the image to enlarge it
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Step 2 | Please download aswMBR to your desktop.
- Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".- Click the Scan button to start scan.
- When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Click the image to enlarge it
Step 3 | Please download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
GMER said it didnt find anything so it was just blank.
everytime i ran the aswmbr and pressed scan i got the blue screen.
and the last one gave me this.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Si
System Product Name: SYX-P55-CD53
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 187):
0x02C09000 \SystemRoot\system32\ntoskrnl.exe
0x031E5000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00C71000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB5000 \SystemRoot\system32\PSHED.dll
0x00CC9000 \SystemRoot\system32\CLFS.SYS
0x00D27000 \SystemRoot\system32\CI.dll
0x00E0F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F19000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F22000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F2C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F5F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6C000 \SystemRoot\System32\drivers\partmgr.sys
0x00F81000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F96000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00C20000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00C4F000 \SystemRoot\System32\drivers\mountmgr.sys
0x0106B000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0125A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01464000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0146D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01497000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x014A2000 \SystemRoot\system32\drivers\fltmgr.sys
0x014EE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01502000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0160D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0150E000 \SystemRoot\System32\Drivers\msrpc.sys
0x017B0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0156C000 \SystemRoot\System32\Drivers\cng.sys
0x017CA000 \SystemRoot\System32\drivers\pcw.sys
0x017DB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018B8000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A01000 \SystemRoot\System32\drivers\tcpip.sys
0x019AA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01200000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x019F4000 \SystemRoot\System32\Drivers\spldr.sys
0x01189000 \SystemRoot\System32\drivers\rdyboost.sys
0x0188B000 \SystemRoot\System32\Drivers\mup.sys
0x0189D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E5000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01030000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02EEB000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x02F83000 \SystemRoot\System32\Drivers\Null.SYS
0x02F8C000 \SystemRoot\System32\Drivers\Beep.SYS
0x02F93000 \SystemRoot\System32\drivers\vga.sys
0x02FA1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FC6000 \SystemRoot\System32\drivers\watchdog.sys
0x02FD6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02FDF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02FE8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02FF1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02E11000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E2F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E3C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02E4C000 \SystemRoot\system32\drivers\afd.sys
0x02ED6000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03ED5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03F1A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F23000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F49000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F58000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F90000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03FA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E0C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E17000 \SystemRoot\System32\drivers\discache.sys
0x03E26000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E44000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E55000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03EA2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04044000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x10084000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10D16000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0405A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10D18000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10D5E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x10D6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10DC5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x10000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x10057000 \SystemRoot\system32\DRIVERS\serenum.sys
0x10063000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x10DE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0414E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x10073000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04172000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0400F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x1007F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0460E000 \SystemRoot\system32\DRIVERS\ks.sys
0x04651000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04663000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x046BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05823000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05A7F000 \SystemRoot\system32\drivers\portcls.sys
0x05ABC000 \SystemRoot\system32\drivers\drmk.sys
0x05ADE000 \SystemRoot\system32\drivers\ksthunk.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05AE4000 \SystemRoot\System32\drivers\Dxapi.sys
0x05AF0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05AFE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05B0A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05B13000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05B26000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05B43000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05B45000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05B53000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05B6C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05B75000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05B83000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05B90000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05BAB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x05BB9000 \SystemRoot\system32\drivers\luafv.sys
0x046D2000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05BDC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
0x05BE5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0470C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04724000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x0472B000 \SystemRoot\system32\drivers\HTTP.sys
0x0401E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x015DF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06079000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x060A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x060F4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06117000 \SystemRoot\system32\drivers\peauth.sys
0x061BD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x061C8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06000000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06830000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06898000 \SystemRoot\System32\DRIVERS\srv.sys
0x0692E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77A10000 \Windows\System32\ntdll.dll
0x47E70000 \Windows\System32\smss.exe
0xFFD30000 \Windows\System32\apisetschema.dll
0xFFD30000 \Windows\System32\apisetschema.dll
0x77910000 \Windows\System32\user32.dll
0xFFCF0000 \Windows\System32\imm32.dll
0xFFC10000 \Windows\System32\oleaut32.dll
0xFFC00000 \Windows\System32\nsi.dll
0xFFBF0000 \Windows\System32\lpk.dll
0xFFB10000 \Windows\System32\advapi32.dll
0x77BE0000 \Windows\System32\normaliz.dll
0xFF8B0000 \Windows\System32\iertutil.dll
0x77BD0000 \Windows\System32\psapi.dll
0xFF6A0000 \Windows\System32\ole32.dll
0xFF600000 \Windows\System32\msvcrt.dll
0xFF480000 \Windows\System32\urlmon.dll
0x777F0000 \Windows\System32\kernel32.dll
0xFF460000 \Windows\System32\sechost.dll
0xFF330000 \Windows\System32\rpcrt4.dll
0xFF220000 \Windows\System32\msctf.dll
0xFF040000 \Windows\System32\setupapi.dll
0xFF020000 \Windows\System32\imagehlp.dll
0xFEFA0000 \Windows\System32\shlwapi.dll
0xFEF00000 \Windows\System32\comdlg32.dll
0xFEEB0000 \Windows\System32\Wldap32.dll
0xFEE10000 \Windows\System32\clbcatq.dll
0xFE080000 \Windows\System32\shell32.dll
0xFE030000 \Windows\System32\ws2_32.dll
0xFDF00000 \Windows\System32\wininet.dll
0xFDE90000 \Windows\System32\gdi32.dll
0xFDE10000 \Windows\System32\difxapi.dll
0xFDD40000 \Windows\System32\usp10.dll
0xFDBD0000 \Windows\System32\crypt32.dll
0xFDB60000 \Windows\System32\KernelBase.dll
0xFDB20000 \Windows\System32\cfgmgr32.dll
0xFDA80000 \Windows\System32\comctl32.dll
0xFDA60000 \Windows\System32\devobj.dll
0xFDA20000 \Windows\System32\wintrust.dll
0xFDA10000 \Windows\System32\msasn1.dll
0x776F0000 \Windows\SysWOW64\normaliz.dll
Processes (total 56):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
496 csrss.exe
580 csrss.exe
588 C:\Windows\System32\wininit.exe
664 C:\Windows\System32\services.exe
688 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\nvvsvc.exe
1000 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\svchost.exe
700 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\nvvsvc.exe
1340 C:\Windows\System32\svchost.exe
1424 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1684 C:\Windows\System32\dwm.exe
1720 C:\Windows\explorer.exe
1988 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\taskhost.exe
1048 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\taskeng.exe
1240 C:\Windows\System32\svchost.exe
1568 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2228 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2280 C:\Windows\System32\svchost.exe
2328 C:\Program Files\Intel\TurboBoost\TurboBoost.exe
2488 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2776 WmiPrvSE.exe
2984 WUDFHost.exe
3084 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3108 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3148 C:\Program Files\Windows Sidebar\sidebar.exe
3412 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3420 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3608 WmiPrvSE.exe
3792 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3824 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3844 C:\Windows\System32\svchost.exe
2196 C:\Windows\System32\SearchIndexer.exe
3320 C:\Windows\System32\SearchProtocolHost.exe
3476 C:\Program Files\Windows Media Player\wmpnetwk.exe
2752 C:\Windows\System32\SearchFilterHost.exe
3936 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3716 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3600 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4460 C:\Windows\SysWOW64\ctfmon.exe
4924 C:\Users\Kenan\Desktop\MBRCheck.exe
4932 C:\Windows\System32\conhost.exe
4964 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x0000000a`1f500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`1f600000 (NTFS)
PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA3AA
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 92953A81AD1CC9184F426D1342D3BB6F9C82196A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Please download Combofix from either of the links below and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
- Right-click and choose "Run as administrator" on Combofix.exe & follow the prompts. When finished, it will produce a report for you.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
i didnt know windows defender was up, but it still worked.
ComboFix 11-06-27.03 - Kenan 06/27/2011 21:28:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2673 [GMT -6:00]
Running from: c:\users\Kenan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenan\AppData\Local\Temp\D5E4.tmp
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 03:30 . 2011-06-28 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-28 03:27 . 2011-06-28 03:27 -------- d-----w- C:\32788R22FWJFW
2011-06-27 09:31 . 2011-06-27 11:36 -------- d-----w- c:\windows\system32\Wat
2011-06-27 09:31 . 2011-06-27 11:36 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-26 17:20 . 2011-06-28 00:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-26 17:20 . 2011-06-26 17:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-26 17:14 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-26 17:14 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-26 17:14 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-26 17:14 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-26 17:14 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-26 17:14 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-26 17:14 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 17:13 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-26 17:13 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\programdata\AVAST Software
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\program files\AVAST Software
2011-06-26 17:12 . 2011-06-26 17:12 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-06-26 17:12 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-06-26 16:57 . 2011-06-26 16:57 -------- d-----w- c:\program files (x86)\ERUNT
2011-06-26 09:42 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-25 16:35 . 2011-06-25 16:35 -------- d-----w- c:\program files (x86)\AhnLab
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2011-06-25 06:17 . 2011-06-25 06:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-25 06:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-25 06:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-25 06:08 . 2011-06-25 06:08 -------- d-----w- C:\Games
2011-06-25 05:01 . 2011-06-28 00:22 -------- d-----w- c:\windows\system32\catroot2
2011-06-25 04:42 . 2011-06-25 04:42 -------- d-----w- c:\program files\Google
2011-06-25 04:41 . 2011-06-25 04:42 -------- d-----w- c:\program files (x86)\Google
2011-06-25 04:41 . 2011-06-20 14:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16B96430-4423-4DD0-B5FF-DFCB5A2E7CD3}\mpengine.dll
2011-06-25 04:40 . 2011-05-25 01:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-25 04:04 . 2011-06-27 22:29 -------- d-----w- c:\users\Kenan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-25 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002Core.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002UA.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-06-27 21:35:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 03:35
.
Pre-Run: 925,125,455,872 bytes free
Post-Run: 924,344,553,472 bytes free
.
- - End Of File - - 1A0F551E6DE3A7A9B2B2915C73B18266
Apparently Combofix didn't catch everithing it should.
Please use the instructions on this page to change your DNS servers to use OpenDNS:
OpenDNS Instructions for Win7
After this, flush the DNS cache and web browser cache as recommended.
When finished, please run Combofix again and post the log.
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
ComboFix 11-06-27.04 - Kenan 06/28/2011 10:00:09.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2549 [GMT -6:00]
Running from: c:\users\Kenan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenan\AppData\Local\Temp\FCD4.tmp
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 12:31 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-06-28 12:30 . 2011-04-22 20:16 696592 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-06-28 09:58 . 2011-06-28 16:46 -------- d-----w- C:\e47ed717fa00f93366d3444833
2011-06-27 17:14 . 2010-03-04 07:57 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-27 17:14 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-06-27 10:00 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-06-27 10:00 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-06-27 10:00 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-06-27 09:59 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-06-27 09:59 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-06-27 09:31 . 2011-06-28 16:45 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-27 09:31 . 2011-06-28 16:45 -------- d-----w- c:\windows\system32\Wat
2011-06-26 17:20 . 2011-06-28 11:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-26 17:20 . 2011-06-26 17:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-26 17:14 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-26 17:14 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-26 17:14 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-26 17:14 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-26 17:14 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-26 17:14 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-26 17:14 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 17:13 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-26 17:13 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\programdata\AVAST Software
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\program files\AVAST Software
2011-06-26 17:12 . 2011-06-26 17:12 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-06-26 17:12 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-06-26 16:57 . 2011-06-26 16:57 -------- d-----w- c:\program files (x86)\ERUNT
2011-06-26 09:42 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-25 16:35 . 2011-06-25 16:35 -------- d-----w- c:\program files (x86)\AhnLab
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2011-06-25 06:17 . 2011-06-25 06:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-25 06:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-25 06:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-25 06:08 . 2011-06-25 06:08 -------- d-----w- C:\Games
2011-06-25 05:01 . 2011-06-28 14:55 -------- d-----w- c:\windows\system32\catroot2
2011-06-25 04:42 . 2011-06-25 04:42 -------- d-----w- c:\program files\Google
2011-06-25 04:41 . 2011-06-25 04:42 -------- d-----w- c:\program files (x86)\Google
2011-06-25 04:41 . 2011-06-20 14:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16B96430-4423-4DD0-B5FF-DFCB5A2E7CD3}\mpengine.dll
2011-06-25 04:40 . 2011-05-25 01:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-25 04:04 . 2011-06-28 15:48 -------- d-----w- c:\users\Kenan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-25 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002Core.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002UA.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-06-28 10:15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 16:15
ComboFix2.txt 2011-06-28 03:35
.
Pre-Run: 922,985,054,208 bytes free
Post-Run: 922,499,575,808 bytes free
.
- - End Of File - - 70876211DE6AC8BCA4A0E8A0FC14798C
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
When finished, please also run and post a new DDS log
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
the malwarebytes got nothing....
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6972
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/28/2011 8:27:02 PM
mbam-log-2011-06-28 (20-27-02).txt
Scan type: Quick scan
Objects scanned: 164137
Time elapsed: 1 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
and the DDS
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Kenan at 20:29:18 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2556 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Kenan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62} : DhcpNameServer = 209.18.47.61 209.18.47.62
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-6-26 42184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-13 13336]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
.
=============== Created Last 30 ================
.
2011-06-29 02:25:25 -------- d-----w- C:\Users\Kenan\AppData\Roaming\Malwarebytes
2011-06-29 02:25:10 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-29 02:25:10 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-29 02:25:07 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-29 02:25:07 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-06-28 16:25:55 6334 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-06-28 16:11:18 -------- d-----w- C:\$RECYCLE.BIN
2011-06-28 16:06:45 -------- d-----w- C:\Users\Kenan\AppData\Local\Diagnostics
2011-06-28 16:06:06 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16A9C3C0-26AA-465D-8CEA-654CBD243255}\mpengine.dll
2011-06-28 15:58:32 98816 ----a-w- C:\Windows\sed.exe
2011-06-28 15:58:32 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-28 15:58:32 256512 ----a-w- C:\Windows\PEV.exe
2011-06-28 15:58:32 208896 ----a-w- C:\Windows\MBR.exe
2011-06-28 12:30:59 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-28 09:58:48 -------- d-----w- C:\e47ed717fa00f93366d3444833
2011-06-27 17:14:39 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-27 17:14:38 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2011-06-27 10:00:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-06-27 10:00:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-06-27 10:00:03 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-27 09:59:57 395776 ----a-w- C:\Windows\System32\webio.dll
2011-06-27 09:59:35 112000 ----a-w- C:\Windows\System32\consent.exe
2011-06-27 09:31:43 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-27 09:31:43 -------- d-----w- C:\Windows\System32\Wat
2011-06-26 17:20:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-26 17:20:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-26 17:14:23 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-06-26 17:14:21 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-26 17:13:30 40112 ----a-w- C:\Windows\avastSS.scr
2011-06-26 17:13:25 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-26 17:13:25 -------- d-----w- C:\Program Files\AVAST Software
2011-06-26 17:12:27 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-06-26 17:12:27 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-06-26 09:42:42 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-06-25 16:35:48 -------- d-----w- C:\Program Files (x86)\AhnLab
2011-06-25 06:31:43 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-06-25 06:16:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-25 06:16:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-25 06:16:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-25 06:16:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-25 06:16:23 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16:23 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-25 06:16:23 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-25 06:16:23 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-25 06:16:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-25 06:16:23 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-25 06:08:36 -------- d-----w- C:\Games
2011-06-25 05:01:39 -------- d-----w- C:\Windows\System32\catroot2
2011-06-25 04:40:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-25 04:29:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Google
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Deployment
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Apps
2011-06-25 04:03:59 -------- d-----w- C:\Recovery
2011-06-25 04:03:58 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 20:31:13.76 ===============