iexplorer.exe infected help!.

Status
Not open for further replies.
C

Cyxee

New member
So i recently contracted malware which was called System Restore, it posed as a windows application yet was asking for a payment to be made. After some googling i found a guide and followed it, it has been successful however im left with iexplorer.exe running 24/7 despite me not having Internet explorer open.
A link to the guide ive used = http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery. i followed their instructions and used all there tools and some others. These include MBAM, MS security essentials, ive used a registry cleaner (my bad.) spybot and Rkill (bleeping computer app). So the initial virus which was a system restore poser has been eliminated however i now have iexplorer.exe on 24/7 help please.

ANother link cotaining info about the malware i contracted. http://www.spywareremovalhelp.org/spyware-removal-help/how-to-get-rid-of-fake-windows-restore-virus.html.

Any help would be appreciated im pretty sure my iexplorer.exe is infected.
 
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!! :thumbup:
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

GMER

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the logs created by DDS and GMER. :)
 
Hey thanks for the help, anyways heres what you've requested :santa:
Other log should be attached to this message.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Steven at 23:43:27 on 2011-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6134.4057 [GMT 11:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com.au/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program files\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{145D26AA-2997-42BB-9E56-802EBB4619D7} : DhcpNameServer = 7.254.254.254
TCP: Interfaces\{18231C3B-8D00-4CBA-93DB-C293EAC62737} : DhcpNameServer = 10.1.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-1-23 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-7 1153368]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-7 2228008]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-9-8 741224]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-2 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-5-5 8192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-2 136176]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-11-01 09:08:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3ADCF90-0D86-4DAA-836D-1E7B0F1CBE60}\offreg.dll
2011-11-01 08:23:11 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-01 08:23:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-01 06:07:35 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B6C6E8A-D5D1-4BE9-B4E8-0722790D0CCC}\gapaengine.dll
2011-11-01 06:07:29 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{838BD038-29AE-4ABF-9C98-6440C71D5D18}\mpengine.dll
2011-11-01 06:05:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-01 06:05:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-01 06:03:41 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3ADCF90-0D86-4DAA-836D-1E7B0F1CBE60}\mpengine.dll
2011-11-01 04:16:22 -------- d-----w- C:\Program Files\ATI
2011-10-30 11:35:03 -------- d-----w- C:\Program Files\CCleaner
2011-10-23 01:52:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-15 07:51:58 -------- d--h--w- C:\ProgramData\Common Files
2011-10-15 07:31:45 -------- d-----w- C:\ProgramData\MFAData
2011-10-15 07:31:10 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-14 04:31:22 -------- d-----w- C:\Program Files (x86)\Orcs Must Die!
2011-10-13 07:52:35 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 07:52:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 07:52:04 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 07:52:04 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 07:52:04 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 07:51:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 07:51:00 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 07:51:00 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 07:51:00 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-06 05:53:05 -------- d-----w- C:\Program Files (x86)\FIFA 12
.
==================== Find3M ====================
.
2011-10-31 12:14:19 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-31 12:14:19 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-31 10:47:37 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-30 05:06:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 09:53:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-14 00:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 00:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 00:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 00:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 00:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-11 04:11:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-11 04:11:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-24 10:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-08-24 10:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
============= FINISH: 23:51:13.43 ===============
 
Regarding the GMER instruction picture, everything except services, registry, files, ADS and C:\ are all greyed out. I cannot actually tick them, however i continued with the scan anyways, its attached
 
Hi Cyxee,

I see you are running a 64bit system. Please do the following...


Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------
 
Here you go :laugh:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-02 02:05:34
-----------------------------
02:05:34.584 OS Version: Windows x64 6.1.7601 Service Pack 1
02:05:34.584 Number of processors: 8 586 0x1A05
02:05:34.585 ComputerName: STEVEN-PC UserName: Steven
02:05:36.516 Initialize success
02:10:12.923 AVAST engine defs: 11110102
02:10:16.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
02:10:16.607 Disk 0 Vendor: WDC_WD8088AADS-32L5B1 01.01A01 Size: 771416MB BusType: 3
02:10:16.615 Disk 0 MBR read successfully
02:10:16.617 Disk 0 MBR scan
02:10:16.621 Disk 0 Windows 7 default MBR code
02:10:16.624 Disk 0 MBR hidden
02:10:16.627 Service scanning
02:10:17.290 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:10:17.826 Modules scanning
02:10:17.830 Disk 0 trace - called modules:
02:10:17.834 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80066c8334]<<
02:10:17.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006608790]
02:10:17.843 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80063ad520]
02:10:17.849 5 ACPI.sys[fffff880011a67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80063c9680]
02:10:17.854 \Driver\atapi[0xfffffa800639b9e0] -> IRP_MJ_CREATE -> 0xfffffa80062462c0
02:10:19.956 AVAST engine scan C:\Windows
02:10:22.255 AVAST engine scan C:\Windows\system32
02:11:45.040 AVAST engine scan C:\Windows\system32\drivers
02:11:55.075 AVAST engine scan C:\Users\Steven
02:13:32.851 File: C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f **INFECTED** Win32:Rootkit-gen [Rtk]
02:20:00.105 AVAST engine scan C:\ProgramData
02:22:22.355 Scan finished successfully
02:23:50.642 Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
02:23:50.645 The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
 
Hi Cyxee,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Right-click and Run as Administrator TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------
 
This malware is now starting to duplicate my emails and also redirecting me sometimes to other websites, It also resends me emails ive already received lol wtf?, anyways hope you can help :P
 
Hi Cyxee,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
 
Hope this helps :P

ComboFix 09-09-20.01 - steven1 09/21/2009 16:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1483 [GMT 10:00]
Running from: d:\program files\Mozilla firefox\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1413d.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Frag great bend logo
2009-09-20 03:12 . 2009-09-20 03:13 -------- d-----w- c:\documents and settings\steven1\Application Data\Open Ooze
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\program files\Open Ooze
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\program files\Circle Develoement
2009-09-20 03:12 . 2009-09-20 03:12 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-19 06:09 . 2009-09-19 06:20 76580 ----a-w- c:\windows\War3Unin.dat
2009-09-19 06:09 . 2009-09-19 06:17 2829 ----a-w- c:\windows\War3Unin.pif
2009-09-19 06:09 . 2009-09-19 06:17 139264 ----a-w- c:\windows\War3Unin.exe
2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\windows\system32\Futuremark
2009-09-16 06:10 . 2008-09-17 05:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-09-16 06:10 . 2009-09-16 06:10 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-09-14 09:02 . 2009-09-14 09:02 -------- d-----w- c:\documents and settings\steven1\Application Data\DivX
2009-09-09 08:01 . 2009-09-09 08:09 -------- d-----w- c:\program files\RS2Bot
2009-09-09 08:01 . 2009-09-21 06:25 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-06 07:14 . 2009-09-06 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-06 07:08 . 2009-09-16 06:12 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-06 07:08 . 2009-09-16 06:12 -------- d-----w- c:\documents and settings\steven1\Application Data\SystemRequirementsLab
2009-09-06 07:01 . 2009-09-20 22:25 253400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-06 06:37 . 2009-09-06 08:21 -------- d-----w- c:\documents and settings\steven1\Local Settings\Application Data\Rockstar Games
2009-09-06 06:33 . 2009-09-06 06:33 -------- d-----w- c:\windows\ServicePackFiles
2009-09-06 06:23 . 2009-09-06 06:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-06 06:18 . 2009-09-06 06:18 -------- d-----w- c:\windows\system32\xlive
2009-09-06 06:18 . 2009-09-06 06:50 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-06 05:13 . 2009-09-06 05:13 -------- d-----w- c:\program files\MSBuild
2009-09-04 09:11 . 2009-09-04 09:11 -------- d-----w- c:\documents and settings\steven1\Local Settings\Application Data\Oblivion
2009-09-03 06:15 . 2009-09-19 05:30 45 ----a-w- c:\documents and settings\steven1\jagex_runescape_preferences2.dat
2009-08-30 13:16 . 2009-08-30 13:24 -------- d-----w- C:\OutputFolder
2009-08-30 13:15 . 2007-04-12 04:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-08-30 13:15 . 2006-09-26 03:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-08-30 13:15 . 2009-08-31 08:47 -------- d-----w- c:\program files\Allok MPEG4 Converter
2009-08-30 10:15 . 2009-08-30 10:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-30 10:15 . 2009-08-30 10:15 -------- d-----w- c:\program files\Common Files\Real
2009-08-30 10:15 . 2009-08-30 10:15 -------- d-----w- c:\program files\Real
2009-08-29 10:13 . 2009-08-29 10:13 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-29 10:13 . 2009-08-29 10:13 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 06:04 . 2008-04-08 13:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 12:55 . 2009-08-12 05:54 23 ----a-w- c:\windows\popcinfot.dat
2009-09-19 14:30 . 2009-07-09 07:23 -------- d-----w- c:\documents and settings\steven1\Application Data\uTorrent
2009-09-19 11:13 . 2009-07-09 12:02 -------- d-----w- c:\program files\Garena
2009-09-19 06:03 . 2009-07-24 07:06 37 ----a-w- c:\documents and settings\steven1\jagex_runescape_preferences.dat
2009-09-16 06:10 . 2008-04-08 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 10:27 . 2009-07-08 05:42 72696 ----a-w- c:\documents and settings\steven1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 14:26 . 2009-07-10 10:28 -------- d-----w- c:\documents and settings\steven1\Application Data\LimeWire
2009-09-02 21:56 . 2008-04-08 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-02 06:52 . 2008-04-08 13:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 11:03 . 2009-07-10 10:27 -------- d-----w- c:\program files\LimeWire
2009-08-26 08:20 . 2009-07-24 07:17 -------- d-----w- c:\program files\Java
2009-08-18 12:30 . 2009-08-18 12:30 -------- d-----w- c:\program files\IVT Corporation
2009-08-18 11:56 . 2009-08-18 11:56 28760 ----a-w- c:\windows\system32\BsTrace1.dll
2009-08-18 10:43 . 2009-08-18 10:43 -------- d-----w- c:\program files\DIFX
2009-08-18 10:43 . 2009-08-18 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-16 17:04 . 2009-08-16 17:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-16 17:04 . 2009-08-16 17:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-16 17:03 . 2009-08-16 17:03 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-16 17:03 . 2009-08-16 17:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-16 17:03 . 2009-08-16 17:03 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-16 17:03 . 2009-08-16 17:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-16 17:03 . 2009-08-16 17:03 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-16 17:03 . 2009-08-16 17:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-16 17:03 . 2009-08-16 17:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-16 17:03 . 2009-08-16 17:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-16 17:03 . 2009-08-16 17:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-16 17:03 . 2009-08-16 17:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 17:02 . 2009-08-16 17:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 14:57 . 2009-06-09 20:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 14:57 . 2009-06-09 20:03 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 14:57 . 2009-06-09 20:03 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 14:57 . 2009-06-09 20:03 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 14:57 . 2008-04-08 12:43 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 14:57 . 2008-04-08 12:43 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 14:57 . 2008-04-08 12:43 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 14:57 . 2008-04-08 12:43 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 14:57 . 2008-04-08 12:43 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-16 14:57 . 2008-04-08 12:43 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 14:57 . 2008-04-08 12:43 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-15 11:42 . 2009-08-15 11:42 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 11:39 . 2009-08-15 11:39 -------- d--h--r- c:\documents and settings\steven1\Application Data\SecuROM
2009-08-13 11:37 . 2009-08-13 11:26 -------- d-----w- c:\documents and settings\steven1\Application Data\TeamViewer
2009-08-13 11:33 . 2009-08-13 11:33 -------- d-----w- c:\program files\TeamViewer
2009-08-13 09:56 . 2009-08-13 09:56 -------- d-----w- c:\documents and settings\steven1\Application Data\com.adobe.ExMan
2009-08-13 06:08 . 2009-08-13 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-13 05:59 . 2009-08-13 05:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-12 22:23 . 2009-07-31 06:15 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-12 22:23 . 2009-07-31 06:15 -------- d-----w- c:\program files\TortoiseSVN
2009-08-11 02:35 . 2009-07-10 12:03 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-09 03:41 . 2009-07-11 03:02 -------- d-----w- c:\documents and settings\steven1\Application Data\Auslogics
2009-08-07 09:51 . 2009-08-07 09:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 09:51 . 2009-08-07 09:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 03:08 . 2009-08-07 03:08 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-31 06:53 . 2009-07-31 06:53 -------- d-----w- c:\documents and settings\steven1\Application Data\TortoiseSVN
2009-07-31 06:31 . 2009-07-31 06:31 -------- d-----w- c:\program files\Sun
2009-07-31 06:27 . 2009-07-31 06:27 -------- d-----w- c:\documents and settings\steven1\Application Data\Subversion
2009-07-24 19:23 . 2009-07-24 07:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 07:07 . 2009-07-17 07:07 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-07-12 10:44 . 2009-07-12 10:44 22328 ----a-w- c:\documents and settings\steven1\Application Data\PnkBstrK.sys
2009-07-11 05:05 . 2009-07-11 05:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-03 23:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-09-06 306088]
"interidle"="c:\docume~1\steven1\APPLIC~1\OPENOO~1\Tickeggs.exe" [2009-09-20 663552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-06 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-06 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-06 455168]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-27 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-30 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-16 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-16 86016]
"bend logo clock film"="c:\documents and settings\All Users\Application Data\Frag great bend logo\Copy Safe.exe" [2009-09-21 819200]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

[HKLM\~\startupfolder\C:^Documents and Settings^steven1^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\steven1\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\insurgency\\hl2.exe"=
"d:\\Program files\\Steam\\Steam.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\source sdk base 2007\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Program files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"d:\\Program files\\Steam\\steamapps\\nigga21\\team fortress 2\\hl2.exe"=
"d:\\Program files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [4/8/2008 10:39 PM 1275584]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
S3 cpuz130;cpuz130;\??\c:\docume~1\steven1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\steven1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\steven1\LOCALS~1\Temp\FFR296.tmp --> c:\docume~1\steven1\LOCALS~1\Temp\FFR296.tmp [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\A553F99F90A46ECF.job
- c:\docume~1\steven1\applic~1\openoo~1\Book 4 owns.exe [2009-09-20 03:13]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\steven1\Application Data\Mozilla\Firefox\Profiles\aqzow3ck.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\steven1\LOCALS~1\Temp\FFR296.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-413027322-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:4f,99,dc,36,83,ec,d4,46,eb,d2,f5,2e,94,de,d8,68,c4,7a,26,82,a7,
57,ba,c3,84,2b,a0,cc,91,71,83,15,f7,3d,25,fa,d0,45,27,2d,dc,0f,6c,fe,ce,24,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-21 16:45
ComboFix-quarantined-files.txt 2009-09-21 06:45

Pre-Run: 68,337,336,320 bytes free
Post-Run: 68,375,846,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

294 --- E O F --- 2008-04-08 13:44
 
Hi Cyxee,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: 
    File::
c:\docume~1\steven1\applic~1\openoo~1\Book 4 owns.exe
c:\windows\system32\BsTrace1.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"interidle"=-

Driver::
GarenaPEngine
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Here you go :P,

"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 NLNdisMP;NLNdisMP; [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service; [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-05-31 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Empires Mod 2.24d - c:\program files (x86)\Steam\UninstalEmpires.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670721475-2207048279-2083128198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,31,74,18,35,9a,34,a1,3c,67,73,b0,9b,fd,7d,b7,a3,74,14,4a,6c,
62,0c,c1,04,73,3c,7e,bb,bb,40,00,3e,32,fc,29,8b,25,cb,56,5c,cc,e8,35,9c,19,\
"rkeysecu"=hex:1a,af,80,93,39,55,c8,4d,93,ee,46,31,08,6c,78,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SteamService.exe"
"ComponentVersion"="1.5.31.0"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Steam.exe1"
"ComponentVersion"="1.0.968.628"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-04 03:19:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-03 16:19
ComboFix2.txt 2009-09-21 06:45
.
Pre-Run: 88,821,305,344 bytes free
Post-Run: 88,721,883,136 bytes free
.
- - End Of File - - AF3D966F9301D197D2166E2D78308801
 
Hi,

It looks like only part of the ComboFix log was posted. Can you make sure that you were able to post all of the log that was created? :)
 
ComboFix 11-11-03.05 - Steven 04/11/2011 16:42:05.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6134.4319 [GMT 11:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
Command switches used :: c:\users\Steven\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\docume~1\steven1\applic~1\openoo~1\Book 4 owns.exe"
"c:\windows\system32\BsTrace1.dll"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 06:13 . 2011-11-04 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 08:23 . 2011-11-01 09:17 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-01 08:23 . 2011-11-01 09:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-01 06:07 . 2011-11-01 06:07 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B6C6E8A-D5D1-4BE9-B4E8-0722790D0CCC}\gapaengine.dll
2011-11-01 06:07 . 2011-10-06 10:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{838BD038-29AE-4ABF-9C98-6440C71D5D18}\mpengine.dll
2011-11-01 06:05 . 2011-11-01 06:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-01 06:05 . 2011-11-01 08:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-01 06:03 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3ADCF90-0D86-4DAA-836D-1E7B0F1CBE60}\mpengine.dll
2011-11-01 04:23 . 2011-11-01 04:23 -------- d-----w- c:\programdata\ATI
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\program files\ATI
2011-10-30 11:35 . 2011-11-01 05:54 -------- d-----w- c:\program files\CCleaner
2011-10-30 11:34 . 2011-10-31 04:41 -------- d-----w- c:\program files\Google
2011-10-23 01:52 . 2011-11-01 05:53 -------- d-----w- c:\program files (x86)\AMD APP
2011-10-15 07:51 . 2011-10-15 07:51 -------- d--h--w- c:\programdata\Common Files
2011-10-15 07:31 . 2011-10-15 16:28 -------- d-----w- c:\programdata\MFAData
2011-10-15 07:31 . 2011-10-16 03:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-14 04:31 . 2011-10-14 04:38 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-13 07:52 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 07:52 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 07:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 07:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 07:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-06 05:53 . 2011-11-01 05:54 -------- d-----w- c:\program files (x86)\FIFA 12
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 16:26 . 2011-05-16 04:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-02 16:26 . 2010-03-07 00:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-02 16:24 . 2010-10-12 05:28 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 05:06 . 2011-06-13 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 09:53 . 2011-05-16 04:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-14 00:47 . 2011-09-14 00:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 00:47 . 2011-09-14 00:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 00:47 . 2011-09-14 00:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 00:38 . 2011-09-14 00:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 00:38 . 2011-09-14 00:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-11 04:15 . 2011-09-11 04:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 448512 ----a-w- c:\windows\system32\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-11 04:15 . 2011-09-11 04:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-11 04:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-11 04:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-03-09 04:55 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2011-03-09 04:40 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-07 10:11 . 2011-09-07 10:11 3584 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-08-24 10:19 . 2011-08-24 10:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 10:18 . 2011-08-24 10:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_15.58.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 07:06 . 2011-11-04 05:07 69148 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-04 05:07 30328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 07:02 . 2011-11-04 05:07 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670721475-2207048279-2083128198-1000_UserData.bin
- 2010-01-23 07:02 . 2011-11-03 15:59 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670721475-2207048279-2083128198-1000_UserData.bin
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-04 06:15 . 2011-11-04 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-04 06:15 . 2011-11-04 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-11-03 15:47 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-04 06:14 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-12 14:12 . 2011-11-04 06:14 19971023 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670721475-2207048279-2083128198-1000-12288.dat
- 2011-02-12 14:12 . 2011-11-03 15:47 19971023 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670721475-2207048279-2083128198-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-07 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 NLNdisMP;NLNdisMP; [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service; [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-05-31 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670721475-2207048279-2083128198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,31,74,18,35,9a,34,a1,3c,67,73,b0,9b,fd,7d,b7,a3,74,14,4a,6c,
62,0c,c1,04,73,3c,7e,bb,bb,40,00,3e,32,fc,29,8b,25,cb,56,5c,cc,e8,35,9c,19,\
"rkeysecu"=hex:1a,af,80,93,39,55,c8,4d,93,ee,46,31,08,6c,78,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SteamService.exe"
"ComponentVersion"="1.5.31.0"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Steam.exe1"
"ComponentVersion"="1.0.968.628"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-04 17:43:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 06:43
ComboFix2.txt 2011-11-03 16:19
ComboFix3.txt 2009-09-21 06:45
.
Pre-Run: 88,763,260,928 bytes free
Post-Run: 88,642,154,496 bytes free
.
- - End Of File - - A214E0AF69395A7B9B27945D6C4E2ACB
 
Hi Cyxee,

I see that you have Malwarebytes on your system. Please run Malwarebytes, update it and then run a Quick Scan. A log will be produced that I will need to see in your next reply.
---------------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.


  1. Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the Back button.
  14. Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner. :)
 
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8082

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

4/11/2011 10:47:43 PM
mbam-log-2011-11-04 (22-47-43).txt

Scan type: Quick scan
Objects scanned: 185536
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f a variant of Win32/Kryptik.USY trojan
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd Java/Agent.DW trojan
C:\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc multiple threats
C:\Users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
 
Hi Cyxee,

P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
--------------
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: 
    File::
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f	
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd	
C:\Users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc	
C:\Users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll	

Driver::
NLNdisMP
NLNdisPT
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
ComboFix 11-11-05.01 - Steven 05/11/2011 18:38:37.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6134.3977 [GMT 11:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
Command switches used :: c:\users\Steven\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f"
"c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd"
"c:\users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc"
"c:\users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steven\AppData\Local\Temp\~DBB0.tmp
c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\522f31f7-5abd2f8f
c:\users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53ed4abb-4ae0d6dd
c:\users\Steven\AppData\Roaming\Auslogics\Rescue\Boost Speed\111015185748350.rsc
c:\users\Steven\Desktop\Games\Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NLNdisMP
-------\Service_NLNdisPT
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 08:14 . 2011-11-05 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 11:50 . 2011-11-04 11:50 -------- d-----w- c:\program files (x86)\ESET
2011-11-04 11:21 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B9B1DF4-06CB-47C7-8639-8285FBD958B1}\mpengine.dll
2011-11-04 07:16 . 2011-11-04 07:16 -------- d-----w- c:\programdata\ATI
2011-11-04 07:16 . 2011-11-04 07:16 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-04 07:16 . 2011-11-04 07:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-01 08:23 . 2011-11-01 09:17 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-01 08:23 . 2011-11-01 09:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-01 06:07 . 2011-11-01 06:07 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B6C6E8A-D5D1-4BE9-B4E8-0722790D0CCC}\gapaengine.dll
2011-11-01 06:07 . 2011-10-06 10:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{838BD038-29AE-4ABF-9C98-6440C71D5D18}\mpengine.dll
2011-11-01 06:05 . 2011-11-01 06:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-01 06:05 . 2011-11-01 08:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\program files\ATI
2011-10-30 11:35 . 2011-11-01 05:54 -------- d-----w- c:\program files\CCleaner
2011-10-30 11:34 . 2011-10-31 04:41 -------- d-----w- c:\program files\Google
2011-10-19 11:14 . 2011-10-19 11:14 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-10-15 07:51 . 2011-10-15 07:51 -------- d--h--w- c:\programdata\Common Files
2011-10-15 07:31 . 2011-10-15 16:28 -------- d-----w- c:\programdata\MFAData
2011-10-15 07:31 . 2011-10-16 03:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-14 04:31 . 2011-10-14 04:38 -------- d-----w- c:\program files (x86)\Orcs Must Die!
2011-10-13 07:52 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 07:52 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 07:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 07:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 07:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 07:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 07:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:10 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-10-12 20:08 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-10-12 19:44 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:38 . 2011-10-12 19:38 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-12 19:31 . 2011-10-12 19:31 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-10-12 19:29 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-12 05:16 . 2011-10-12 05:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-12 05:16 . 2011-10-12 05:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-12 05:14 . 2011-10-12 05:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 09:42 . 2011-05-16 04:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-04 09:42 . 2010-03-07 00:53 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-04 09:39 . 2010-10-12 05:28 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 05:06 . 2011-06-13 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 09:53 . 2011-05-16 04:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-12 20:14 . 2011-09-08 17:34 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-12 20:04 . 2011-09-08 17:24 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-12 19:54 . 2011-03-09 04:40 4960768 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-12 19:44 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:39 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:33 . 2011-09-08 17:08 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:29 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-14 00:47 . 2011-09-14 00:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 00:38 . 2011-09-14 00:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 00:38 . 2011-09-14 00:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-11 04:15 . 2011-09-11 04:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-11 04:15 . 2011-09-11 04:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-11 04:15 . 2011-09-11 04:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-11 04:15 . 2011-09-11 04:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-11 04:15 . 2011-09-11 04:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-11 04:15 . 2011-09-11 04:15 448512 ----a-w- c:\windows\system32\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-11 04:15 . 2011-09-11 04:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-11 04:15 . 2011-09-11 04:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-11 04:15 . 2011-09-11 04:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-11 04:15 . 2011-09-11 04:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-11 04:15 . 2011-09-11 04:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-11 04:15 . 2011-09-11 04:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-11 04:15 . 2011-09-11 04:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-11 04:15 . 2011-09-11 04:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-11 04:15 . 2011-09-11 04:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-11 04:15 . 2011-09-11 04:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-11 04:15 . 2011-09-11 04:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-11 04:15 . 2011-09-11 04:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-11 04:15 . 2011-09-11 04:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-11 04:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-11 04:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-07 10:11 . 2011-09-07 10:11 3584 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-08-24 10:19 . 2011-08-24 10:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-08-24 10:18 . 2011-08-24 10:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_15.58.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-23 07:06 . 2011-11-05 04:05 69404 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-05 08:25 30376 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 07:02 . 2011-11-05 04:05 20516 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670721475-2207048279-2083128198-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-11-04 07:15 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-23 01:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-12 19:39 . 2011-10-12 19:39 58880 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\coinst.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 31744 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiuxpag.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 40960 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiuxp64.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 29184 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiu9pag.dll
+ 2011-10-12 19:29 . 2011-10-12 19:29 38912 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiu9p64.dll
+ 2009-06-22 15:34 . 2009-06-22 15:34 51200 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ATIODCLI.exe
+ 2011-10-12 20:07 . 2011-10-12 20:07 21504 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atimuixx.dll
+ 2011-10-12 19:16 . 2011-10-12 19:16 54784 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atimpc64.dll
+ 2011-10-12 19:16 . 2011-10-12 19:16 53760 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atimpc32.dll
+ 2011-10-12 19:31 . 2011-10-12 19:31 14336 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiglpxx.dll
+ 2011-10-12 19:30 . 2011-10-12 19:30 32768 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atigktxx.dll
+ 2011-10-12 19:30 . 2011-10-12 19:30 39936 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atig6txx.dll
+ 2011-10-12 19:31 . 2011-10-12 19:31 17408 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atig6pxx.dll
+ 2011-10-12 20:07 . 2011-10-12 20:07 59392 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiedu64.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 51200 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalrt64.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 46080 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalrt.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 44544 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalcl64.dll
+ 2011-10-12 19:46 . 2011-10-12 19:46 44032 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticalcl.dll
+ 2011-10-12 19:28 . 2011-10-12 19:28 53248 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ati2erec.dll
+ 2011-10-12 20:07 . 2011-10-12 20:07 43520 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ati2edxx.dll
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{EFABB945-0D32-C208-897A-F611F63A19D4}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}\ARPPRODUCTICON.exe
+ 2011-11-04 07:16 . 2011-11-04 07:16 88102 c:\windows\Installer\{6681A016-C62A-DD7B-7F56-25B1A55CE12A}\ARPPRODUCTICON.exe
+ 2011-11-04 07:16 . 2011-11-04 07:16 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
- 2011-10-23 01:52 . 2011-10-23 01:52 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
+ 2011-11-04 07:16 . 2011-11-04 07:16 88102 c:\windows\Installer\{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{34962E5E-FAC1-D8DF-7070-AA2B58971E31}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
- 2011-10-23 01:51 . 2011-10-23 01:51 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}\ARPPRODUCTICON.exe
+ 2011-11-04 07:15 . 2011-11-04 07:15 88102 c:\windows\Installer\{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}\ARPPRODUCTICON.exe
- 2011-10-25 09:53 . 2011-10-25 09:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-03-17 17:51 . 2011-03-17 17:51 3929 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atipblag.dat
+ 2011-11-05 08:18 . 2011-11-05 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 15:48 . 2011-11-03 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-05 08:18 . 2011-11-05 08:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2011-10-23 01:50 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-04 07:15 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-23 01:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-11-04 07:15 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-10-12 20:07 . 2011-10-12 20:07 278528 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\Oemdspif.dll
+ 2011-10-12 20:08 . 2011-10-12 20:08 120320 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atitmm64.dll
+ 2011-10-12 20:08 . 2011-10-12 20:08 356352 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atipdlxx.dll
+ 2011-10-12 20:08 . 2011-10-12 20:08 423424 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atipdl64.dll
+ 2010-08-27 18:33 . 2010-08-27 18:33 332800 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ATIODE.exe
+ 2011-10-12 19:30 . 2011-10-12 19:30 317952 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atikmpag.sys
+ 2011-08-17 19:48 . 2011-08-17 19:48 237701 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiicdxx.dat
+ 2011-10-12 20:09 . 2011-10-12 20:09 204288 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiesrxx.exe
+ 2011-10-12 20:10 . 2011-10-12 20:10 487936 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atieclxx.exe
+ 2011-10-12 20:10 . 2011-10-12 20:10 466944 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\ATIDEMGX.dll
+ 2011-10-12 20:13 . 2011-10-12 20:13 867328 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticfx64.dll
+ 2011-10-12 20:14 . 2011-10-12 20:14 736768 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticfx32.dll
+ 2009-05-11 21:35 . 2009-05-11 21:35 118784 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atibtmon.exe
+ 2011-10-12 20:14 . 2011-10-12 20:14 159744 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiapfxx.exe
+ 2011-10-12 19:31 . 2011-10-12 19:31 335872 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiadlxy.dll
+ 2011-10-12 19:31 . 2011-10-12 19:31 479744 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiadlxx.dll
+ 2011-08-17 19:48 . 2011-08-17 19:48 237701 c:\windows\system32\atiicdxx.dat
+ 2009-07-14 05:01 . 2011-11-05 08:17 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-03 15:47 266728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-25 19:29 . 2011-10-25 19:29 395776 c:\windows\Installer\32a88.msi
+ 2011-10-25 19:29 . 2011-10-25 19:29 747008 c:\windows\Installer\32a83.msi
+ 2011-03-14 19:37 . 2011-03-14 19:37 528896 c:\windows\Installer\32a79.msi
+ 2011-10-25 19:29 . 2011-10-25 19:29 629248 c:\windows\Installer\32a6d.msi
+ 2011-11-05 07:37 . 2011-11-05 07:37 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-10-12 19:33 . 2011-10-12 19:33 4174848 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumdva.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 1828864 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumdmv.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 4289024 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumdag.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 1113088 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumd6v.dll
+ 2011-10-12 19:44 . 2011-10-12 19:44 4023296 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumd6a.dll
+ 2011-10-12 19:38 . 2011-10-12 19:38 5431808 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atiumd64.dll
+ 2011-10-12 19:54 . 2011-10-12 19:54 4960768 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atidxx64.dll
+ 2011-10-12 20:04 . 2011-10-12 20:04 4231680 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atidxx32.dll
+ 2011-10-12 19:45 . 2011-10-12 19:45 9877504 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticaldd64.dll
+ 2011-10-12 19:42 . 2011-10-12 19:42 8391680 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\aticaldd.dll
+ 2011-10-25 19:26 . 2011-10-25 19:26 1649152 c:\windows\Installer\32a98.msi
+ 2011-10-25 19:34 . 2011-10-25 19:34 1478656 c:\windows\Installer\32a93.msi
+ 2011-10-25 19:31 . 2011-10-25 19:31 1891328 c:\windows\Installer\32a7e.msi
+ 2011-10-25 19:25 . 2011-10-25 19:25 6775808 c:\windows\Installer\32a74.msi
+ 2011-11-05 07:37 . 2011-11-05 07:37 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-10-25 09:53 . 2011-10-25 09:53 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-05 07:37 . 2011-11-05 07:37 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-12 20:04 . 2011-10-12 20:04 18630656 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atioglxx.dll
+ 2011-10-12 20:20 . 2011-10-12 20:20 24629760 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atio6axx.dll
+ 2011-10-12 20:56 . 2011-10-12 20:56 10207232 c:\windows\system32\DriverStore\FileRepository\c7127455.inf_amd64_neutral_94721924b461fc06\B126747\atikmdag.sys
+ 2011-02-12 14:12 . 2011-11-05 08:17 20097400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670721475-2207048279-2083128198-1000-12288.dat
+ 2011-10-25 19:31 . 2011-10-25 19:31 14551040 c:\windows\Installer\32aa0.msi
+ 2011-10-25 19:29 . 2011-10-25 19:29 11220480 c:\windows\Installer\32a8e.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-07 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgxMjcyMTI5LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=c51935e7290147d1b51a318208d6f413-fc70ac1aa2831a2da741ce90e5e26694bc3ef001" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-05-31 367456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 09:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 22:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF20937.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{31E8F9C9-9A88-4306-AA6A-8016A68E03F3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\dqntwlcx.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670721475-2207048279-2083128198-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,31,74,18,35,9a,34,a1,3c,67,73,b0,9b,fd,7d,b7,a3,74,14,4a,6c,
62,0c,c1,04,73,3c,7e,bb,bb,40,00,3e,32,fc,29,8b,25,cb,56,5c,cc,e8,35,9c,19,\
"rkeysecu"=hex:1a,af,80,93,39,55,c8,4d,93,ee,46,31,08,6c,78,d9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SteamService.exe"
"ComponentVersion"="1.5.31.0"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Steam.exe1"
"ComponentVersion"="1.0.968.628"
"ProductVersion"="1.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-05 19:44:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 08:44
ComboFix2.txt 2011-11-04 06:43
ComboFix3.txt 2011-11-03 16:19
ComboFix4.txt 2009-09-21 06:45
.
Pre-Run: 79,372,320,768 bytes free
Post-Run: 75,238,346,752 bytes free
.
- - End Of File - - 7EEF23D65327AF617C4EFE54B954AB65
 
Status
Not open for further replies.
Back
Top