Jump to content

incognitoguy

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by incognitoguy

  1. Hello, it seems that MBAM can't catch it. Here are the relevant logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Yang at 21:29:07 on 2012-03-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.3962 [GMT -5:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\windows\SysWOW64\svchost.exe -k netsvcs C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared Files\brs.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k bthsvcs C:\windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\StarCraft II\Versions\Base21029\SC2.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\SysWOW64\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN uStart Page = hxxp://lenovo.msn.com mStart Page = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spotify] "C:\Users\Yang\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [snp2uvc] C:\windows\vsnp2uvc.exe mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\34963736F67423936353 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\35247413532373 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\C4965784F6D656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7A127E08-6A08-4720-9464-7DBA16D76A1A}\E416E6369764C656473686562723 : DhcpNameServer = 192.168.1.254 192.168.100.100 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [snp2uvc] C:\windows\vsnp2uvc.exe mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\74m69dyo.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 1b499069-3cb4-41ff-b58c-64298c5e9f74 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader, . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?] R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-24 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-17 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-24 2253120] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-24 2656280] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?] R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] R3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\system32\DRIVERS\btwdpan.sys --> C:\windows\system32\DRIVERS\btwdpan.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?] R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\system32\DRIVERS\jmccgp.sys --> C:\windows\system32\DRIVERS\jmccgp.sys [?] R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\system32\Drivers\jmcam.sys --> C:\windows\system32\Drivers\jmcam.sys [?] R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\system32\Drivers\jmcam_lo.sys --> C:\windows\system32\Drivers\jmcam_lo.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?] S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/11/24 11:34:20;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-03-07 17:18:09 33856 ---ha-w- C:\windows\System32\hamachi.sys 2012-03-07 17:18:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-03-06 20:14:00 -------- d-----w- C:\Users\Yang\AppData\Roaming\NVIDIA 2012-03-06 19:38:45 -------- d-----w- C:\Mass Effect 3 2012-03-06 19:35:22 0 --sha-w- C:\windows\System32\dds_trash_log.cmd 2012-03-06 19:34:15 -------- d-----we C:\windows\system64 2012-03-06 09:51:20 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08570133-14AD-443D-A352-2863FA38173F}\mpengine.dll 2012-03-03 03:46:17 -------- d-----w- C:\Program Files (x86)\Cisco 2012-03-03 03:45:34 -------- d--h--w- C:\windows\System32\WLANProfiles 2012-03-03 03:43:02 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2012-03-02 17:26:20 -------- d-----w- C:\Users\Yang\AppData\Roaming\Lenovo 2012-03-02 17:26:18 -------- d-----w- C:\ProgramData\Lenovo 2012-03-02 16:58:59 -------- d-----w- C:\Program Files (x86)\Nero 2012-03-02 02:15:09 -------- d-----w- C:\Users\Yang\AppData\Local\{49BDD6C6-A02B-409F-9EAA-5CA45DF4F785} 2012-03-02 02:14:52 -------- d-----w- C:\Users\Yang\AppData\Local\{C9DC93A2-C41B-436F-A2E3-1A004D415ED8} 2012-03-01 06:29:45 -------- d-----w- C:\Users\Yang\AppData\Local\CyberLink 2012-02-17 05:31:09 -------- d-----w- C:\Users\Yang\AppData\Roaming\TeamViewer 2012-02-17 05:28:01 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-02-15 14:46:53 -------- d-----w- C:\Users\Yang\AppData\Local\Spotify 2012-02-15 14:46:44 -------- d-----w- C:\Users\Yang\AppData\Roaming\Spotify 2012-02-15 00:38:18 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-15 00:38:18 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-15 00:38:17 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-15 00:38:17 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-15 00:38:16 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-15 00:38:15 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-15 00:38:13 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-15 00:38:13 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-14 23:40:04 -------- d-----w- C:\Users\Yang\AppData\Roaming\EndNote 2012-02-14 23:39:23 -------- d-----w- C:\Program Files (x86)\Common Files\Risxtd 2012-02-14 23:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft 2012-02-14 23:38:59 -------- d-----w- C:\Program Files (x86)\EndNote X5 2012-02-14 23:38:36 -------- d-----w- C:\ProgramData\Thomson.ResearchSoft.Installers 2012-02-12 21:13:52 -------- d-----w- C:\Users\Yang\AppData\Local\Windows Live 2012-02-12 21:13:13 -------- d-----w- C:\Users\Yang\AppData\Local\{4F4F153A-C8D9-44A4-8AB5-728C540F9752} 2012-02-12 21:13:13 -------- d-----w- C:\Users\Yang\AppData\Local\{0784551C-10B6-49BD-B1E4-D921B4122102} . ==================== Find3M ==================== . 2012-03-07 21:10:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-03 19:27:25 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-21 14:53:54 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys 2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys . ============= FINISH: 21:30:08.25 =============== Attach.txt DDS.txt
  2. Hi, sorry I've been MIA! Here's the log: ComboFix 11-07-02.03 - Yang 07/03/2011 10:00:38.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.2609 [GMT -4:00] Running from: c:\users\Yang\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll c:\programdata\DHCPQEC32.exe c:\users\Yang\Desktop\Setup.exe . ---- Previous Run ------- . c:\drivers\application\R216519\NETw5c64.dll c:\drivers\application\R216519\NETw5r64.dll c:\drivers\application\R216519\NETw5v64.cat c:\drivers\application\R216519\NETw5v64.inf c:\drivers\application\R216519\NETw5v64.sys c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml c:\program files (x86)\somototoolbar\vmNTemplatex.dll c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll c:\programdata\DHCPQEC32.exe c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\chrome.manifest c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\chrome\xulcache.jar c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\defaults\preferences\xulcache.js c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\extensions\{9f3a9594-b896-4546-9b7d-a022be8efc6b}\install.rdf c:\windows\SysWow64\BReWErS.dll D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 ))))))))))))))))))))))))))))))) . . 2011-07-03 14:08 . 2011-07-03 14:08 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-07-03 14:08 . 2011-07-03 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-03 02:31 . 2011-07-03 02:31 -------- d-----w- c:\program files (x86)\Dell Video Chat 2011-07-03 02:14 . 2011-07-03 02:14 -------- d-----w- c:\program files (x86)\Realtek 2011-07-03 02:11 . 2011-07-03 02:17 -------- d--h--w- c:\program files (x86)\Temp 2011-07-03 02:08 . 2009-06-29 17:44 487424 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2011-07-03 02:08 . 2009-06-29 17:44 431616 ----a-w- c:\windows\system32\stcplx64.dll 2011-07-03 02:08 . 2009-06-29 17:44 598016 ------w- c:\windows\system32\stapi64.dll 2011-07-03 02:08 . 2009-06-29 17:44 209920 ----a-w- c:\windows\system32\st646217.dll 2011-07-03 02:08 . 2009-06-29 17:44 1431040 ----a-w- c:\windows\system32\stapo64.dll 2011-07-03 02:08 . 2009-05-12 19:25 511488 ----a-w- c:\windows\SysWow64\ctapo32.dll 2011-07-03 02:08 . 2011-07-03 02:10 -------- d-----w- c:\program files\IDT 2011-07-03 02:06 . 2011-07-03 02:06 -------- d-----w- c:\users\Yang\AppData\Local\{48B5410C-77A8-4C98-B119-229666A8DBAB} 2011-07-01 07:46 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00D65A8B-3075-4E52-9BC3-A1ACCCA8F338}\mpengine.dll 2011-06-26 22:33 . 2011-06-26 22:33 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-06-26 22:33 . 2011-06-26 22:33 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-06-25 13:03 . 2011-06-25 13:03 -------- d-----w- c:\users\Yang\AppData\Local\{AEEDFE44-46DC-420C-AED6-6D5F343FD4A6} 2011-06-21 12:30 . 2011-06-21 12:30 -------- d-----w- c:\users\Yang\AppData\Local\{A982CADE-D818-4845-923C-A02A52A4092E} 2011-06-20 13:41 . 2011-06-20 13:41 -------- d-----w- c:\users\Yang\AppData\Local\{00FFE9E0-D233-4DF9-829B-4C872A78CF97} 2011-06-20 13:41 . 2011-06-20 13:41 -------- d-----w- c:\users\Yang\AppData\Local\Windows Live Writer 2011-06-20 13:41 . 2011-06-20 13:41 -------- d-----w- c:\users\Yang\AppData\Roaming\Windows Live Writer 2011-06-19 19:21 . 2010-12-15 04:08 153600 ----a-w- c:\windows\system32\drivers\htcusbnet.sys 2011-06-19 19:21 . 2011-06-19 19:21 -------- d-----w- c:\program files (x86)\HTC 2011-06-19 19:20 . 2011-06-19 19:21 -------- d-----w- C:\Temp 2011-06-19 16:07 . 2011-06-19 16:07 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-19 14:24 . 2011-06-19 14:24 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-18 23:37 . 2011-06-18 23:36 783360 ----a-w- c:\windows\SysWow64\user3232.exe 2011-06-18 22:56 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-18 22:56 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-18 22:56 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-18 22:56 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-18 22:56 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-18 22:56 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-18 22:56 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys 2011-06-18 22:43 . 2011-06-18 22:44 -------- d-----w- c:\users\Yang\AppData\Local\{6F4A5626-116A-4AD8-BC42-7E0E194C3541} 2011-06-11 06:34 . 2011-06-11 06:35 -------- d-----w- c:\users\Yang\AppData\Local\{70701F48-2E64-40B2-A462-E249239FD2E9} 2011-06-10 06:41 . 2011-06-25 17:55 -------- d-----w- c:\program files (x86)\somototoolbar 2011-06-10 06:41 . 2011-06-10 06:42 -------- d-----w- c:\program files (x86)\Vuze FileBulldog Toolbar 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll 2011-06-05 16:01 . 2011-06-05 16:01 -------- d-----w- c:\users\Yang\AppData\Local\{53B89040-6DBA-4CF6-8957-523F3D318AB2} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-02-13 21:06 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-02-13 21:06 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 23:14 . 2009-11-16 07:02 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 08:52 . 2010-05-17 22:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-03 13:57 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-22 20:18 . 2011-05-25 10:40 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll 2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll 2011-04-09 06:58 . 2011-05-24 09:09 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:45 . 2011-05-11 21:52 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 21:52 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 21:52 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-24 09:09 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-06-25_17.58.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-07-03 14:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-06-25 17:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-07-03 14:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-25 17:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-25 17:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-03 14:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2011-07-03 02:42 29378 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-11 14:21 . 2011-07-03 02:42 10370 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-974128655-1827857089-2928523019-1000_UserData.bin + 2009-07-14 05:30 . 2011-07-03 02:14 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2011-06-19 19:22 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-07-03 02:08 . 2009-06-29 17:44 38400 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\suhlp64.exe + 2011-07-03 02:08 . 2009-06-29 17:44 88576 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\idtpma64.exe + 2011-07-03 02:08 . 2009-05-12 19:28 57856 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\ctppld64.dll + 2011-07-03 02:08 . 2009-03-02 18:42 89600 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe + 2011-07-03 02:08 . 2009-03-02 17:47 90624 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTCo64.dll + 2011-07-03 02:08 . 2009-03-02 17:58 68608 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTAR64.dll + 2011-07-03 02:14 . 2009-05-23 05:20 58400 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RCoInst64.dll + 2011-07-03 02:14 . 2009-03-31 19:01 92160 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTSr64.exe - 2010-09-11 06:21 . 2009-03-30 12:24 57856 c:\windows\system32\ctppld64.dll + 2010-09-11 06:21 . 2009-05-12 19:28 57856 c:\windows\system32\ctppld64.dll - 2010-09-11 06:26 . 2011-06-25 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-11 06:26 . 2011-07-03 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-11 06:26 . 2011-06-25 17:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-11 06:26 . 2011-07-03 14:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-25 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-03 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-11 06:21 . 2009-03-02 17:47 90624 c:\windows\system32\AESTCo64.dll - 2010-09-11 06:21 . 2009-03-30 12:24 90624 c:\windows\system32\AESTCo64.dll + 2010-09-11 06:21 . 2009-03-02 17:58 68608 c:\windows\system32\AESTAR64.dll - 2010-09-11 06:21 . 2009-03-30 12:24 68608 c:\windows\system32\AESTAR64.dll + 2010-09-11 07:51 . 2011-07-03 14:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-11 07:51 . 2011-06-25 17:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-11 07:51 . 2011-07-03 14:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-11 07:51 . 2011-06-25 17:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-03 14:09 . 2011-07-03 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-25 17:56 . 2011-06-25 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-25 17:56 . 2011-06-25 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-03 14:09 . 2011-07-03 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-11 15:35 . 2011-07-02 02:35 427076 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-06-25 17:49 624178 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-07-03 02:45 624178 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-06-25 17:49 106522 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-07-03 02:45 106522 c:\windows\system32\perfc009.dat - 2010-09-11 06:21 . 2009-03-30 12:24 564224 c:\windows\system32\idt64mp1.exe + 2010-09-11 06:21 . 2009-06-29 17:44 564224 c:\windows\system32\idt64mp1.exe + 2009-07-14 05:30 . 2011-07-03 02:14 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-06-19 19:22 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-07-03 02:14 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2011-06-19 19:21 143360 c:\windows\system32\DriverStore\infstor.dat + 2011-07-03 02:08 . 2009-06-29 17:44 487424 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stwrt64.sys + 2011-07-03 02:08 . 2009-06-29 17:44 444416 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\sttray64.exe + 2011-07-03 02:08 . 2009-06-29 17:44 431616 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stcplx64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 598016 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stapi64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 240128 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe + 2011-07-03 02:08 . 2009-06-29 17:44 209920 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\st646217.dll + 2011-07-03 02:08 . 2008-12-19 22:01 249856 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\sluapo64.dll + 2011-07-03 02:08 . 2008-12-19 22:01 160256 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\sltshd64.dll + 2011-07-03 02:08 . 2008-12-19 22:01 140800 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\slh36064.dll + 2011-07-03 02:08 . 2008-12-19 22:01 169472 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\slcshp64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 564224 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\idt64mp1.exe + 2011-07-03 02:08 . 2009-05-12 19:27 652288 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\ctapo64.dll + 2011-07-03 02:08 . 2009-05-12 19:25 511488 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\ctapo32.dll + 2011-07-03 02:08 . 2009-03-02 17:08 431104 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTEC64.dll + 2011-07-03 02:08 . 2009-03-02 17:59 165888 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTAC64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 388640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\vncutil64.exe + 2011-07-03 02:14 . 2007-07-25 14:34 150528 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSWOW64.dll + 2011-07-03 02:14 . 2006-12-13 15:30 513536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSTSX64.dll + 2011-07-03 02:14 . 2007-05-17 16:26 211376 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSTSH64.dll + 2011-07-03 02:14 . 2008-04-30 13:48 193536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SRSHP64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 332320 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlCPAPI64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 137760 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTLCPAPI.dll + 2011-07-03 02:14 . 2009-05-23 05:21 149536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkCfg64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 141856 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkCfg.dll + 2011-07-03 02:14 . 2009-05-23 05:20 177696 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkAudioService64.exe + 2011-07-03 02:14 . 2009-05-23 05:20 417824 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkApi64.dll + 2011-07-03 02:14 . 2009-03-09 10:32 304640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RP3DHT64.dll + 2011-07-03 02:14 . 2009-03-09 10:30 304640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RP3DAA64.dll + 2011-07-03 02:14 . 2008-11-09 16:57 311296 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\MaxxAudioAPO20.dll + 2011-07-03 02:14 . 2009-02-12 22:14 176640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\FMAPO64.dll + 2011-07-03 02:14 . 2009-03-31 19:02 108032 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTAR64.dll + 2011-07-03 02:14 . 2009-04-16 15:13 166400 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTAC64.dll + 2010-09-11 06:21 . 2009-05-12 19:27 652288 c:\windows\system32\ctapo64.dll + 2010-09-11 06:21 . 2009-05-12 19:25 511488 c:\windows\system32\ctapo32.dll - 2010-09-11 06:21 . 2009-03-30 12:24 431104 c:\windows\system32\AESTEC64.dll + 2010-09-11 06:21 . 2009-03-02 17:08 431104 c:\windows\system32\AESTEC64.dll - 2010-09-11 06:21 . 2009-03-30 12:24 165888 c:\windows\system32\AESTAC64.dll + 2010-09-11 06:21 . 2009-03-02 17:59 165888 c:\windows\system32\AESTAC64.dll + 2009-07-29 23:15 . 2009-04-16 22:23 540672 c:\windows\RtlExUpd.dll + 2010-09-11 06:21 . 2009-06-29 17:44 3593216 c:\windows\system32\stlang64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 3593216 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stlang64.dll + 2011-07-03 02:08 . 2009-06-29 17:44 1431040 c:\windows\system32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stapo64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 1833504 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\SkyTel.exe + 2011-07-03 02:14 . 2009-05-23 05:21 1277984 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtPgEx64.dll + 2011-07-03 02:14 . 2009-05-23 05:21 1395232 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlUpd64.exe + 2011-07-03 02:14 . 2009-05-23 07:04 1762080 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTKVHD64.sys + 2011-07-03 02:14 . 2009-05-23 05:20 1603104 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtkAPO64.dll + 2011-07-03 02:14 . 2009-05-23 05:20 1034784 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTCOMDLL.dll + 2011-07-03 02:14 . 2009-05-23 05:20 1163296 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RTCOM64.dll + 2011-07-03 02:14 . 2009-05-23 05:20 7833120 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RAVCpl64.exe + 2009-07-14 05:01 . 2011-07-03 14:08 1416380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-06-25 17:56 1416380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2011-07-03 12:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2011-06-25 13:08 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2010-06-29 23:18 . 2011-07-03 14:08 16995128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-974128655-1827857089-2928523019-1000-12288.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 2101848] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [bU] "FAStartup"="" [bU] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-01-10 198160] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] CurseClientStartup.ccip [2010-7-19 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AtiDCM;AtiDCM;c:\users\Yang\AppData\Local\DellWin7Upgrade\DRIVERS\BOTH\Ati_Vid_con\Bin64\atdcm64a.sys [2009-07-30 26640] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [x] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 306688] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544] . . Contents of the 'Scheduled Tasks' folder . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-974128655-1827857089-2928523019-1000Core.job - c:\users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 05:50] . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-974128655-1827857089-2928523019-1000UA.job - c:\users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 05:50] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1657128] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1914880] "Win7_Upgrade"="c:\users\Yang\AppData\Local\DellWin7Upgrade\Win7_Upgrade_Start.exe" [2009-08-26 475136] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\3716573656C6168627: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\E416E636970264C6564736865627: DhcpNameServer = 128.146.1.9 128.146.48.6 192.168.1.1 FF - ProfilePath - c:\users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{E14CEEEA-FE4B-ECBD-4AE1-B84D73BC62E1} - c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-974128655-1827857089-2928523019-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-974128655-1827857089-2928523019-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-974128655-1827857089-2928523019-1000\Software\SecuROM\License information*] "datasecu"=hex:97,32,ba,9c,af,1d,a5,ba,68,11,5a,e9,8f,03,45,14,74,07,d7,c1,92, 48,f9,b6,60,a3,52,7e,59,b6,67,4d,b7,fa,b8,fc,c0,29,d6,af,9e,73,59,c3,bc,0b,\ "rkeysecu"=hex:2c,b7,e4,62,86,2f,2b,c1,0e,ec,2f,42,21,2a,4c,a1 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\06\05\0a\06+\0bU" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\user3232.exe c:\programdata\DHCPQEC32.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Mozilla Firefox\firefox.exe . ************************************************************************** . Completion time: 2011-07-03 10:14:12 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-03 14:14 . Pre-Run: 13,396,156,416 bytes free Post-Run: 8,967,241,728 bytes free . - - End Of File - - CE5CE3A57BED1A59462199FC8D13DAD6
  3. Hi, sorry for the delay! Thanks for your help. LOG: . DDS (Ver_2011-06-23.01) - NTFSAMD64 MINIMAL Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by Yang at 8:52:10 on 2011-06-25 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.3304 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\userinit.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO: bcaf0f3c: {d6061c74-762f-8797-326e-ee018089cf0d} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Google Update] "C:\Users\Yang\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [FAStartup] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Yang\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\Users\Yang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\3716573656C6168627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{143AD6BC-4C0D-42E0-BC4E-20525178C1EE}\E416E636970264C6564736865627 : DhcpNameServer = 128.146.1.9 128.146.48.6 192.168.1.1 TCP: Interfaces\{67FCA70C-D95D-4B39-B792-5E5C8B883306} : DhcpNameServer = 128.146.1.9 128.146.48.6 TCP: Interfaces\{889E5676-A687-4126-93A8-D1FAE0071B40} : DhcpNameServer = 69.78.134.231 69.78.80.231 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO-X64: Somoto Toolbar - No File BHO-X64: bcaf0f3c: {D6061C74-762F-8797-326E-EE018089CF0D} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [FAStartup] mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe AppInit_DLLs-X64: C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Yang\AppData\Roaming\Mozilla\Firefox\Profiles\2n7zh944.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Yang\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Users\Yang\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Yang\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll FF - plugin: C:\Users\Yang\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [2009-7-21 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 idsvc32;Windows CardSpace ;C:\Windows\System32\user3232.exe [2011-6-18 783360] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-11 366640] S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-7-29 24652] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\system32\DRIVERS\htcusbnet.sys --> C:\Windows\system32\DRIVERS\htcusbnet.sys [?] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-2-11 306688] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?] S3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?] S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-4-10 19544] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys [?] . =============== Created Last 30 ================ . 2011-06-24 08:51:35 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F6B0D77-8209-4DD6-AC71-46D638AEE608}\mpengine.dll 2011-06-21 12:30:40 -------- d-----w- C:\Users\Yang\AppData\Local\{A982CADE-D818-4845-923C-A02A52A4092E} 2011-06-20 13:41:27 -------- d-----w- C:\Users\Yang\AppData\Local\{00FFE9E0-D233-4DF9-829B-4C872A78CF97} 2011-06-20 13:41:18 -------- d-----w- C:\Users\Yang\AppData\Roaming\Windows Live Writer 2011-06-20 13:41:18 -------- d-----w- C:\Users\Yang\AppData\Local\Windows Live Writer 2011-06-19 19:21:33 153600 ----a-w- C:\Windows\System32\drivers\htcusbnet.sys 2011-06-19 19:21:29 -------- d-----w- C:\Program Files (x86)\HTC 2011-06-19 19:20:53 -------- d-----w- C:\Temp 2011-06-19 14:24:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-19 03:39:53 -------- d-----w- C:\Windows\pss 2011-06-18 23:37:02 783360 ----a-w- C:\ProgramData\DHCPQEC32.exe 2011-06-18 23:37:01 783360 ----a-w- C:\Windows\SysWow64\user3232.exe 2011-06-18 22:56:09 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys 2011-06-18 22:56:08 499712 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-06-18 22:56:08 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-18 22:56:06 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56:06 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 22:56:03 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-06-18 22:56:03 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-06-18 22:56:03 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-06-18 22:56:02 3133952 ----a-w- C:\Windows\System32\win32k.sys 2011-06-18 22:43:37 -------- d-----w- C:\Users\Yang\AppData\Local\{6F4A5626-116A-4AD8-BC42-7E0E194C3541} 2011-06-11 06:34:51 -------- d-----w- C:\Users\Yang\AppData\Local\{70701F48-2E64-40B2-A462-E249239FD2E9} 2011-06-10 06:41:52 -------- d-----w- C:\Program Files (x86)\somototoolbar 2011-06-10 06:41:31 -------- d-----w- C:\Program Files (x86)\Vuze FileBulldog Toolbar 2011-06-07 16:35:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 16:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll 2011-06-05 16:01:35 -------- d-----w- C:\Users\Yang\AppData\Local\{53B89040-6DBA-4CF6-8957-523F3D318AB2} 2011-05-30 04:50:27 -------- d-----w- C:\Users\Yang\AppData\Local\{C870F1CE-946F-407C-961C-F5EEB53EBDB6} 2011-05-29 23:25:04 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2011-05-29 23:24:06 -------- d-----w- C:\Program Files (x86)\HP . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll 2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec 2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-04-09 22:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll 2011-04-09 22:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe . ============= FINISH: 8:53:13.88 =============== I also have the Attach file, let me know if I should attach that as well.
  4. Hi! Just noticed that my google searches kept getting redirected. Ran MBAM and found this, but it keeps coming back. Let me know what logs I need to post for you to be able to help me out. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.