incognitoguy
Members-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by incognitoguy
-
Hello, it seems that MBAM can't catch it. Here are the relevant logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Yang at 21:29:07 on 2012-03-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.3962 [GMT -5:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\windows\SysWOW64\svchost.exe -k netsvcs C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared Files\brs.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k bthsvcs C:\windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\StarCraft II\Versions\Base21029\SC2.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\SysWOW64\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN uStart Page = hxxp://lenovo.msn.com mStart Page = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spotify] "C:\Users\Yang\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [snp2uvc] C:\windows\vsnp2uvc.exe mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\34963736F67423936353 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\35247413532373 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\C4965784F6D656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\E416E6369764C656473686562723 : DhcpNameServer = 192.168.1.254 192.168.100.100 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [snp2uvc] C:\windows\vsnp2uvc.exe mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\74m69dyo.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 1b499069-3cb4-41ff-b58c-64298c5e9f74 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader, . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?] R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-24 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-17 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-24 2253120] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-24 2656280] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?] R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] R3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\system32\DRIVERS\btwdpan.sys --> C:\windows\system32\DRIVERS\btwdpan.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?] R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\system32\DRIVERS\jmccgp.sys --> C:\windows\system32\DRIVERS\jmccgp.sys [?] R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\system32\Drivers\jmcam.sys --> C:\windows\system32\Drivers\jmcam.sys [?] R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\system32\Drivers\jmcam_lo.sys --> C:\windows\system32\Drivers\jmcam_lo.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?] S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/11/24 11:34:20;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-03-07 17:18:09 33856 ---ha-w- C:\windows\System32\hamachi.sys 2012-03-07 17:18:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-03-06 20:14:00 -------- d-----w- C:\Users\Yang\AppData\Roaming\NVIDIA 2012-03-06 19:38:45 -------- d-----w- C:\Mass Effect 3 2012-03-06 19:35:22 0 --sha-w- C:\windows\System32\dds_trash_log.cmd 2012-03-06 19:34:15 -------- d-----we C:\windows\system64 2012-03-06 09:51:20 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08570133-14AD-443D-A352-2863FA38173F}\mpengine.dll 2012-03-03 03:46:17 -------- d-----w- C:\Program Files (x86)\Cisco 2012-03-03 03:45:34 -------- d--h--w- C:\windows\System32\WLANProfiles 2012-03-03 03:43:02 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2012-03-02 17:26:20 -------- d-----w- C:\Users\Yang\AppData\Roaming\Lenovo 2012-03-02 17:26:18 -------- d-----w- C:\ProgramData\Lenovo 2012-03-02 16:58:59 -------- d-----w- C:\Program Files (x86)\Nero 2012-03-02 02:15:09 -------- d-----w- C:\Users\Yang\AppData\Local\{49BDD6C6-A02B-409F-9EAA-5CA45DF4F785} 2012-03-02 02:14:52 -------- d-----w- C:\Users\Yang\AppData\Local\{C9DC93A2-C41B-436F-A2E3-1A004D415ED8} 2012-03-01 06:29:45 -------- d-----w- C:\Users\Yang\AppData\Local\CyberLink 2012-02-17 05:31:09 -------- d-----w- C:\Users\Yang\AppData\Roaming\TeamViewer 2012-02-17 05:28:01 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-02-15 14:46:53 -------- d-----w- C:\Users\Yang\AppData\Local\Spotify 2012-02-15 14:46:44 -------- d-----w- C:\Users\Yang\AppData\Roaming\Spotify 2012-02-15 00:38:18 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-15 00:38:18 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-15 00:38:17 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-15 00:38:17 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-15 00:38:16 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-15 00:38:15 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-15 00:38:13 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-15 00:38:13 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-14 23:40:04 -------- d-----w- C:\Users\Yang\AppData\Roaming\EndNote 2012-02-14 23:39:23 -------- d-----w- C:\Program Files (x86)\Common Files\Risxtd 2012-02-14 23:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft 2012-02-14 23:38:59 -------- d-----w- C:\Program Files (x86)\EndNote X5 2012-02-14 23:38:36 -------- d-----w- C:\ProgramData\Thomson.ResearchSoft.Installers 2012-02-12 21:13:52 -------- d-----w- C:\Users\Yang\AppData\Local\Windows Live 2012-02-12 21:13:13 -------- d-----w- C:\Users\Yang\AppData\Local\{4F4F153A-C8D9-44A4-8AB5-728C540F9752} 2012-02-12 21:13:13 -------- d-----w- C:\Users\Yang\AppData\Local\{0784551C-10B6-49BD-B1E4-D921B4122102} . ==================== Find3M ==================== . 2012-03-07 21:10:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-03 19:27:25 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-21 14:53:54 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys 2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys . ============= FINISH: 21:30:08.25 =============== Attach.txt DDS.txt
-
Hi, sorry I've been MIA! Here's the log: ComboFix 11-07-02.03 - Yang 07/03/2011 10:00:38.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.2609 [GMT -4:00] Running from: c:\users\Yang\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll c:\programdata\DHCPQEC32.exe c:\users\Yang\Desktop\Setup.exe . ---- Previous Run ------- . c:\drivers\application\R216519\NETw5c64.dll c:\drivers\application\R216519\NETw5r64.dll c:\drivers\application\R216519\NETw5v64.cat c:\drivers\application\R216519\NETw5v64.inf c:\drivers\application\R216519\NETw5v64.sys c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml c:\program files (x86)\somototoolbar\vmNTemplatex.dll c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll c:\programdata\DHCPQEC32.exe c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\chrome.manifest c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\chrome\xulcache.jar c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\defaults\preferences\xulcache.js c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\install.rdf c:\windows\SysWow64\BReWErS.dll D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 ))))))))))))))))))))))))))))))) . . 2011-07-03 14:08 . 2011-07-03 14:08 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-07-03 14:08 . 2011-07-03 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-03 02:31 . 2011-07-03 02:31 -------- d-----w- c:\program files (x86)\Dell Video Chat 2011-07-03 02:14 . 2011-07-03 02:14 -------- d-----w- c:\program files (x86)\Realtek 2011-07-03 02:11 . 2011-07-03 02:17 -------- d--h--w- c:\program files (x86)\Temp 2011-07-03 02:08 . 2009-06-29 17:44 487424 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2011-07-03 02:08 . 2009-06-29 17:44 431616 ----a-w- c:\windows\system32\stcplx64.dll 2011-07-03 02:08 . 2009-06-29 17:44 598016 ------w- c:\windows\system32\stapi64.dll 2011-07-03 02:08 . 2009-06-29 17:44 209920 ----a-w- c:\windows\system32\st646217.dll 2011-07-03 02:08 . 2009-06-29 17:44 1431040 ----a-w- c:\windows\system32\stapo64.dll 2011-07-03 02:08 . 2009-05-12 19:25 511488 ----a-w- c:\windows\SysWow64\ctapo32.dll 2011-07-03 02:08 . 2011-07-03 02:10 -------- d-----w- c:\program files\IDT 2011-07-03 02:06 . 2011-07-03 02:06 -------- d-----w- c:\users\Yang\AppData\Local\{48B5410C-77A8-4C98-B119-229666A8DBAB} 2011-07-01 07:46 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00D65A8B-3075-4E52-9BC3-A1ACCCA8F338}\mpengine.dll 2011-06-26 22:33 . 2011-06-26 22:33 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-06-26 22:33 . 2011-06-26 22:33 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-06-25 13:03 . 2011-06-25 13:03 -------- d-----w- c:\users\Yang\AppData\Local\{AEEDFE44-46DC-420C-AED6-6D5F343FD4A6} 2011-06-21 12:30 . 2011-06-21 12:30 -------- d-----w- c:\users\Yang\AppData\Local\{A982CADE-D818-4845-923C-A02A52A4092E} 2011-06-20 13:41 . 2011-06-20 13:41 -------- d-----w- c:\users\Yang\AppData\Local\{00FFE9E0-D233-4DF9-829B-4C872A78CF97} 2011-06-20 13:41 . 2011-06-20 13:41 -------- d-----w- c:\users\Yang\AppData\Local\Windows Live Writer 2011-06-20 13:41 . 2011-06-20 13:41 -------- d-----w- c:\users\Yang\AppData\Roaming\Windows Live Writer 2011-06-19 19:21 . 2010-12-15 04:08 153600 ----a-w- c:\windows\system32\drivers\htcusbnet.sys 2011-06-19 19:21 . 2011-06-19 19:21 -------- d-----w- c:\program files (x86)\HTC 2011-06-19 19:20 . 2011-06-19 19:21 -------- d-----w- C:\Temp 2011-06-19 16:07 . 2011-06-19 16:07 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-19 14:24 . 2011-06-19 14:24 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-18 23:37 . 2011-06-18 23:36 783360 ----a-w- c:\windows\SysWow64\user3232.exe 2011-06-18 22:56 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-18 22:56 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-18 22:56 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-18 22:56 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-18 22:56 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-18 22:56 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-18 22:56 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys 2011-06-18 22:43 . 2011-06-18 22:44 -------- d-----w- c:\users\Yang\AppData\Local\{6F4A5626-116A-4AD8-BC42-7E0E194C3541} 2011-06-11 06:34 . 2011-06-11 06:35 -------- d-----w- c:\users\Yang\AppData\Local\{70701F48-2E64-40B2-A462-E249239FD2E9} 2011-06-10 06:41 . 2011-06-25 17:55 -------- d-----w- c:\program files (x86)\somototoolbar 2011-06-10 06:41 . 2011-06-10 06:42 -------- d-----w- c:\program files (x86)\Vuze FileBulldog Toolbar 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll 2011-06-05 16:01 . 2011-06-05 16:01 -------- d-----w- c:\users\Yang\AppData\Local\{53B89040-6DBA-4CF6-8957-523F3D318AB2} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-02-13 21:06 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-02-13 21:06 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 23:14 . 2009-11-16 07:02 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 08:52 . 2010-05-17 22:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-03 13:57 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-22 20:18 . 2011-05-25 10:40 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll 2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll 2011-04-09 06:58 . 2011-05-24 09:09 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:45 . 2011-05-11 21:52 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 21:52 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 21:52 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-24 09:09 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-06-25_17.58.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-07-03 14:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-06-25 17:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-07-03 14:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-25 17:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-25 17:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-03 14:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-07-03 02:42 29378 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-11 14:21 . 2011-07-03 02:42 10370 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-974128655-1827857089-2928523019-1000_UserData.bin + 2009-07-14 05:30 . 2011-07-03 02:14 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2011-06-19 19:22 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-07-03 02:08 . 2009-06-29 17:44 38400 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\suhlp64.exe + 2011-07-03 02:08 . 2009-06-29 17:44 88576 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\idtpma64.exe + 2011-07-03 02:08 . 2009-05-12 19:28 57856 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\ctppld64.dll + 2011-07-03 02:08 . 2009-03-02 18:42 89600 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe + 2011-07-03 02:08 . 2009-03-02 17:47 90624 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTCo64.dll + 2011-07-03 02:08 . 2009-03-02 17:58 68608 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTAR64.dll + 2011-07-03 02:14 . 2009-05-23 05:20 58400 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RCoInst64.dll + 2011-07-03 02:14 . 2009-03-31 19:01 92160 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTSr64.exe - 2010-09-11 06:21 . 2009-03-30 12:24 57856 c:\windows\system32\ctppld64.dll + 2010-09-11 06:21 . 2009-05-12 19:28 57856 c:\windows\system32\ctppld64.dll - 2010-09-11 06:26 . 2011-06-25 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-11 06:26 . 2011-07-03 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-11 06:26 . 2011-06-25 17:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-11 06:26 . 2011-07-03 14:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-25 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-03 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-11 06:21 . 2009-03-02 17:47 90624 c:\windows\system32\AESTCo64.dll - 2010-09-11 06:21 . 2009-03-30 12:24 90624 c:\windows\system32\AESTCo64.dll + 2010-09-11 06:21 . 2009-03-02 17:58 68608 c:\windows\system32\AESTAR64.dll - 2010-09-11 06:21 . 2009-03-30 12:24 68608 c:\windows\system32\AESTAR64.dll + 2010-09-11 07:51 . 2011-07-03 14:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-11 07:51 . 2011-06-25 17:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-11 07:51 . 2011-07-03 14:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-11 07:51 . 2011-06-25 17:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-03 14:09 . 2011-07-03 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-25 17:56 . 2011-06-25 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-25 17:56 . 2011-06-25 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-03 14:09 . 2011-07-03 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-11 15:35 . 2011-07-02 02:35 427076 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-06-25 17:49 624178 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-07-03 02:45 624178 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-06-25 17:49 106522 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-07-03 02:45 106522 c:\windows\system32\perfc009.dat - 2010-09-11 06:21 . 2009-03-30 12:24 564224 c:\windows\system32\idt64mp1.exe + 2010-09-11 06:21 . 2009-06-29 17:44 564224 c:\windows\system32\idt64mp1.exe + 2009-07-14 05:30 . 2011-07-03 02:14 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-06-19 19:22 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-07-03 02:14 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2011-06-19 19:21 143360 c:\windows\system32\DriverStore\infstor.dat + 2011-07-03 02:08 . 2009-06-29 17:44 487424 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stwrt64.sys + 2011-07-03 02:08 . 2009-06-29 17:44 444416 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\sttray64.exe + 2011-07-03 02:08 . 2009-06-29 17:44 431616 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stcplx64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 598016 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stapi64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 240128 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe + 2011-07-03 02:08 . 2009-06-29 17:44 209920 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\st646217.dll + 2011-07-03 02:08 . 2008-12-19 22:01 249856 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\sluapo64.dll + 2011-07-03 02:08 . 2008-12-19 22:01 160256 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\sltshd64.dll + 2011-07-03 02:08 . 2008-12-19 22:01 140800 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\slh36064.dll + 2011-07-03 02:08 . 2008-12-19 22:01 169472 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\slcshp64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 564224 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\idt64mp1.exe + 2011-07-03 02:08 . 2009-05-12 19:27 652288 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\ctapo64.dll + 2011-07-03 02:08 . 2009-05-12 19:25 511488 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\ctapo32.dll + 2011-07-03 02:08 . 2009-03-02 17:08 431104 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTEC64.dll + 2011-07-03 02:08 . 2009-03-02 17:59 165888 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTAC64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 388640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\vncutil64.exe + 2011-07-03 02:14 . 2007-07-25 14:34 150528 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSWOW64.dll + 2011-07-03 02:14 . 2006-12-13 15:30 513536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSTSX64.dll + 2011-07-03 02:14 . 2007-05-17 16:26 211376 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSTSH64.dll + 2011-07-03 02:14 . 2008-04-30 13:48 193536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSHP64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 332320 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlCPAPI64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 137760 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTLCPAPI.dll + 2011-07-03 02:14 . 2009-05-23 05:21 149536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkCfg64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 141856 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkCfg.dll + 2011-07-03 02:14 . 2009-05-23 05:20 177696 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkAudioService64.exe + 2011-07-03 02:14 . 2009-05-23 05:20 417824 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkApi64.dll + 2011-07-03 02:14 . 2009-03-09 10:32 304640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RP3DHT64.dll + 2011-07-03 02:14 . 2009-03-09 10:30 304640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RP3DAA64.dll + 2011-07-03 02:14 . 2008-11-09 16:57 311296 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\MaxxAudioAPO20.dll + 2011-07-03 02:14 . 2009-02-12 22:14 176640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\FMAPO64.dll + 2011-07-03 02:14 . 2009-03-31 19:02 108032 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTAR64.dll + 2011-07-03 02:14 . 2009-04-16 15:13 166400 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTAC64.dll + 2010-09-11 06:21 . 2009-05-12 19:27 652288 c:\windows\system32\ctapo64.dll + 2010-09-11 06:21 . 2009-05-12 19:25 511488 c:\windows\system32\ctapo32.dll - 2010-09-11 06:21 . 2009-03-30 12:24 431104 c:\windows\system32\AESTEC64.dll + 2010-09-11 06:21 . 2009-03-02 17:08 431104 c:\windows\system32\AESTEC64.dll - 2010-09-11 06:21 . 2009-03-30 12:24 165888 c:\windows\system32\AESTAC64.dll + 2010-09-11 06:21 . 2009-03-02 17:59 165888 c:\windows\system32\AESTAC64.dll + 2009-07-29 23:15 . 2009-04-16 22:23 540672 c:\windows\RtlExUpd.dll + 2010-09-11 06:21 . 2009-06-29 17:44 3593216 c:\windows\system32\stlang64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 3593216 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stlang64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 1431040 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stapo64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 1833504 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SkyTel.exe + 2011-07-03 02:14 . 2009-05-23 05:21 1277984 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtPgEx64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 1395232 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlUpd64.exe + 2011-07-03 02:14 . 2009-05-23 07:04 1762080 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTKVHD64.sys + 2011-07-03 02:14 . 2009-05-23 05:20 1603104 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkAPO64.dll + 2011-07-03 02:14 . 2009-05-23 05:20 1034784 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTCOMDLL.dll + 2011-07-03 02:14 . 2009-05-23 05:20 1163296 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTCOM64.dll + 2011-07-03 02:14 . 2009-05-23 05:20 7833120 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RAVCpl64.exe + 2009-07-14 05:01 . 2011-07-03 14:08 1416380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-06-25 17:56 1416380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2011-07-03 12:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2011-06-25 13:08 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2010-06-29 23:18 . 2011-07-03 14:08 16995128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-974128655-1827857089-2928523019-1000-12288.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 2101848] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [bU] "FAStartup"="" [bU] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] CurseClientStartup.ccip [2010-7-19 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AtiDCM;AtiDCM;c:\users\Yang\AppData\Local\DellWin7Upgrade\DRIVERS\BOTH\Ati_Vid_con\Bin64\atdcm64a.sys [2009-07-30 26640] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [x] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 306688] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544] . . Contents of the 'Scheduled Tasks' folder . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-974128655-1827857089-2928523019-1000Core.job - c:\users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 05:50] . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-974128655-1827857089-2928523019-1000UA.job - c:\users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 05:50] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1657128] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1914880] "Win7_Upgrade"="c:\users\Yang\AppData\Local\DellWin7Upgrade\Win7_Upgrade_Start.exe" [2009-08-26 475136] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\3716573656C6168627: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\E416E636970264C6564736865627: DhcpNameServer = 128.146.1.9 128.146.48.6 192.168.1.1 FF - ProfilePath - c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{E14CEEEA-FE4B-ECBD-4AE1-B84D73BC62E1} - c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-974128655-1827857089-2928523019-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-974128655-1827857089-2928523019-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-974128655-1827857089-2928523019-1000\Software\SecuROM\License information*] "datasecu"=hex:97,32,ba,9c,af,1d,a5,ba,68,11,5a,e9,8f,03,45,14,74,07,d7,c1,92, 48,f9,b6,60,a3,52,7e,59,b6,67,4d,b7,fa,b8,fc,c0,29,d6,af,9e,73,59,c3,bc,0b,\ "rkeysecu"=hex:2c,b7,e4,62,86,2f,2b,c1,0e,ec,2f,42,21,2a,4c,a1 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\06\05\0a\06+\0bU" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\user3232.exe c:\programdata\DHCPQEC32.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Mozilla Firefox\firefox.exe . ************************************************************************** . Completion time: 2011-07-03 10:14:12 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-03 14:14 . Pre-Run: 13,396,156,416 bytes free Post-Run: 8,967,241,728 bytes free . - - End Of File - - CE5CE3A57BED1A59462199FC8D13DAD6
-
Hi, sorry for the delay! Thanks for your help. LOG: . DDS (Ver_2011-06-23.01) - NTFSAMD64 MINIMAL Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by Yang at 8:52:10 on 2011-06-25 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.3304 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\userinit.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO: bcaf0f3c: {d6061c74-762f-8797-326e-ee018089cf0d} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Google Update] "C:\Users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [FAStartup] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Yang\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\3716573656C6168627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\E416E636970264C6564736865627 : DhcpNameServer = 128.146.1.9 128.146.48.6 192.168.1.1 TCP: Interfaces\{67FCA70C-D95D-4B39-B792-5E5C8B883306} : DhcpNameServer = 128.146.1.9 128.146.48.6 TCP: Interfaces\{889E5676-A687-4126-93A8-D1FAE0071B40} : DhcpNameServer = 69.78.134.231 69.78.80.231 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO-X64: Somoto Toolbar - No File BHO-X64: bcaf0f3c: {D6061C74-762F-8797-326E-EE018089CF0D} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [FAStartup] mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe AppInit_DLLs-X64: C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Yang\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Users\Yang\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Yang\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll FF - plugin: C:\Users\Yang\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [2009-7-21 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 idsvc32;Windows CardSpace ;C:\Windows\System32\user3232.exe [2011-6-18 783360] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-11 366640] S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-7-29 24652] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\system32\DRIVERS\htcusbnet.sys --> C:\Windows\system32\DRIVERS\htcusbnet.sys [?] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-2-11 306688] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?] S3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?] S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-4-10 19544] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys [?] . =============== Created Last 30 ================ . 2011-06-24 08:51:35 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F6B0D77-8209-4DD6-AC71-46D638AEE608}\mpengine.dll 2011-06-21 12:30:40 -------- d-----w- C:\Users\Yang\AppData\Local\{A982CADE-D818-4845-923C-A02A52A4092E} 2011-06-20 13:41:27 -------- d-----w- C:\Users\Yang\AppData\Local\{00FFE9E0-D233-4DF9-829B-4C872A78CF97} 2011-06-20 13:41:18 -------- d-----w- C:\Users\Yang\AppData\Roaming\Windows Live Writer 2011-06-20 13:41:18 -------- d-----w- C:\Users\Yang\AppData\Local\Windows Live Writer 2011-06-19 19:21:33 153600 ----a-w- C:\Windows\System32\drivers\htcusbnet.sys 2011-06-19 19:21:29 -------- d-----w- C:\Program Files (x86)\HTC 2011-06-19 19:20:53 -------- d-----w- C:\Temp 2011-06-19 14:24:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-19 03:39:53 -------- d-----w- C:\Windows\pss 2011-06-18 23:37:02 783360 ----a-w- C:\ProgramData\DHCPQEC32.exe 2011-06-18 23:37:01 783360 ----a-w- C:\Windows\SysWow64\user3232.exe 2011-06-18 22:56:09 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2011-06-18 22:56:08 499712 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-06-18 22:56:08 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-18 22:56:06 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56:06 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56:03 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-06-18 22:56:03 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-06-18 22:56:03 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-06-18 22:56:02 3133952 ----a-w- C:\Windows\System32\win32k.sys 2011-06-18 22:43:37 -------- d-----w- C:\Users\Yang\AppData\Local\{6F4A5626-116A-4AD8-BC42-7E0E194C3541} 2011-06-11 06:34:51 -------- d-----w- C:\Users\Yang\AppData\Local\{70701F48-2E64-40B2-A462-E249239FD2E9} 2011-06-10 06:41:52 -------- d-----w- C:\Program Files (x86)\somototoolbar 2011-06-10 06:41:31 -------- d-----w- C:\Program Files (x86)\Vuze FileBulldog Toolbar 2011-06-07 16:35:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 16:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll 2011-06-05 16:01:35 -------- d-----w- C:\Users\Yang\AppData\Local\{53B89040-6DBA-4CF6-8957-523F3D318AB2} 2011-05-30 04:50:27 -------- d-----w- C:\Users\Yang\AppData\Local\{C870F1CE-946F-407C-961C-F5EEB53EBDB6} 2011-05-29 23:25:04 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2011-05-29 23:24:06 -------- d-----w- C:\Program Files (x86)\HP . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec 2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-04-09 22:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll 2011-04-09 22:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe . ============= FINISH: 8:53:13.88 =============== I also have the Attach file, let me know if I should attach that as well.
-
Hello?
-
Hi! Just noticed that my google searches kept getting redirected. Ran MBAM and found this, but it keeps coming back. Let me know what logs I need to post for you to be able to help me out. Thanks!