Jump to content

raiden92

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Everything posted by raiden92

  1. Alright, well thank you for clearing things up. I read the document you attached and everything on my end is all clear.
  2. I've recently done another Malwarebytes scan, no malware detected. Even a couple of hours ago I did a scan, same results.
  3. Macbook Pro has been infected with a malware. I ran a scan with Malwarebytes, displayed there was no threat detected. What should I do now? How would I get rid of this infected Malware where I'm being redirected to other websites on my web browser. Your help would be appreciated.
  4. Alright once again, thank you for everything dude. Topic can be closed.
  5. This is how Local Disk C looks like now, I know before their were less folders. Cant I just delete the files I dont need? http://img814.imageshack.us/img814/8427/localdiskc.png
  6. Alright man thanks for everything. For some reason the hidden files are still their. should I restart my pc?
  7. I need to ask you a question, a file was created called Qoobox , now Can i delete that file?
  8. The result was clean http://www.virustotal.com/file-scan/report.html?id=88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de-1298241411
  9. this is the latest results with combo-fix omboFix 11-02-25.02 - PCgENIUS 02/26/2011 17:04:07.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.827 [GMT -7:00] Running from: c:\users\PCgENIUS\Desktop\Combo-Fix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\nfptefw.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_xwvav ((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 ))))))))))))))))))))))))))))))) . 2011-02-27 00:09 . 2011-02-27 00:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\temp 2011-02-27 00:09 . 2011-02-27 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-26 21:05 . 2011-02-26 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{652218DD-A0E3-443D-B9D6-66AC19AE2B2E} 2011-02-26 08:54 . 2011-02-26 08:54 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{ECD6CE6E-2973-4263-B050-082ADA674572} 2011-02-26 05:15 . 2011-02-01 21:35 101592 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-02-26 05:15 . 2011-02-01 21:33 191704 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-02-26 04:58 . 2011-02-26 22:27 -------- d-----w- c:\programdata\AVAST Software 2011-02-26 04:58 . 2011-02-26 04:58 -------- d-----w- c:\program files\AVAST Software 2011-02-25 20:35 . 2011-02-25 20:49 -------- d-----w- C:\Combo-Fix 2011-02-25 20:20 . 2011-02-25 20:20 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{C12C4FB7-4EAC-4A08-A317-5C5DAC43A409} 2011-02-25 08:19 . 2011-02-25 08:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3950EFC9-678F-4A21-AB7E-2F9906DFBEED} 2011-02-24 19:44 . 2011-02-24 19:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{F77D1B40-3ED7-47A3-92D5-D499287DE620} 2011-02-24 09:21 . 2011-02-24 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Temporary Projects 2011-02-23 22:11 . 2011-02-23 22:12 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{96734489-7E5E-4EA8-B944-3C5C122D00D1} 2011-02-23 07:05 . 2011-02-23 07:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{06CE72B3-A6E0-472F-A0DA-3185C994D02F} 2011-02-22 19:05 . 2011-02-22 19:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{70B08D51-4266-427E-9178-07E787C2809C} 2011-02-22 06:44 . 2011-02-22 06:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B4EBE905-91D5-48DF-8691-A1E3159E22D4} 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\users\PCgENIUS\AppData\Local\AirMouse 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\program files\Air Mouse 2011-02-21 22:50 . 2011-02-21 22:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Downloaded Installations 2011-02-21 21:36 . 2011-02-21 21:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Ahead 2011-02-21 21:35 . 2011-02-21 22:49 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Ahead 2011-02-21 21:35 . 2011-02-21 21:35 -------- d-----w- c:\programdata\Ahead 2011-02-21 21:33 . 2011-02-21 21:34 -------- d-----w- c:\program files\Common Files\Ahead 2011-02-21 21:33 . 2011-02-21 21:33 -------- d-----w- c:\program files\Nero 2011-02-21 18:43 . 2011-02-21 18:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{2B0292AF-FF8A-459B-ABC0-E71338E38152} 2011-02-21 01:23 . 2011-02-21 01:23 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D506F557-3876-4240-AC33-92EA7EB4F583} 2011-02-20 08:46 . 2011-02-20 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{10632FB3-6F94-49EB-86F3-EE6E41159B03} 2011-02-19 20:46 . 2011-02-19 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D8E1CB64-F93C-4729-9790-ED1633223B49} 2011-02-19 08:46 . 2011-02-19 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E2349F14-65AD-4534-89A6-BA5361CA2B03} 2011-02-18 20:46 . 2011-02-18 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{FA6BC863-E2E4-4ED6-9B8E-7BD3A54E38F2} 2011-02-18 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD628540-C77D-4041-AA87-A4080392EB78}\mpengine.dll 2011-02-18 08:06 . 2011-02-18 08:06 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{8DED1E8E-6FDD-49CE-BDDD-F692128538F9} 2011-02-17 19:55 . 2011-02-17 19:55 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{21274126-14B0-4179-ACCC-22F10A2C9725} 2011-02-17 07:45 . 2011-02-17 07:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{069AB47A-3135-49AC-B360-C3ED9F7D6539} 2011-02-17 06:40 . 2011-02-17 06:40 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Microsoft Corporation 2011-02-17 05:48 . 2011-02-17 05:48 -------- d-----w- c:\program files\Microsoft SQL Server 2011-02-17 05:47 . 2011-02-17 05:49 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft SDKs 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft Help Viewer 2011-02-17 05:45 . 2011-02-17 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2011-02-16 19:45 . 2011-02-16 19:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{36735583-AA80-4932-A2E3-66DB1336B638} 2011-02-16 05:36 . 2011-02-16 05:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{7DF41BE3-2296-4006-B383-331AD0B6D5B6} 2011-02-15 16:28 . 2011-02-15 16:28 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E8BD0041-8CF5-47BC-BBD4-5ADB599C4650} 2011-02-14 22:48 . 2011-02-14 22:48 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B8F9E147-FDBD-4DDE-BDC4-AE0841BBF87D} 2011-02-14 09:40 . 2011-02-14 09:40 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E9144B00-998E-47D8-82E0-AFAF0C400F50} 2011-02-14 04:12 . 2011-02-14 04:14 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Cyberlink 2011-02-14 04:11 . 2011-02-14 04:11 -------- d-----w- c:\program files\Common Files\CyberLink 2011-02-14 04:10 . 2011-02-14 04:21 29480 ------w- c:\windows\system32\msxml3a.dll 2011-02-13 19:24 . 2011-02-13 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{30E09C5C-1EB0-4BF1-B4CB-62C550E45D69} 2011-02-13 09:37 . 2011-02-13 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Anthropics 2011-02-13 08:37 . 2011-02-13 08:37 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin 2011-02-13 08:15 . 2011-02-13 08:15 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-02-13 07:24 . 2011-02-13 07:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EE38BE9C-5EBC-4BB7-9EEB-00CE963A5530} 2011-02-13 02:44 . 2011-02-14 04:31 -------- d-----w- c:\users\Public\CyberLink 2011-02-13 02:43 . 2011-02-14 04:12 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\CyberLink 2011-02-13 02:43 . 2011-02-14 04:14 -------- d-----w- c:\programdata\CyberLink 2011-02-12 19:37 . 2011-02-12 19:37 -------- d-----w- c:\program files\BinarySense 2011-02-12 19:24 . 2011-02-12 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3C3EF3D6-3D46-4CB1-BAC5-43743A921772} 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\windows\Repair 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\programdata\MyDefrag 2011-02-12 05:04 . 2011-02-12 05:04 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\BinarySense 2011-02-12 03:59 . 2011-02-12 04:00 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D24E53F1-71B1-4EF9-879B-8FEE8FFBD9B9} 2011-02-11 10:04 . 2011-02-11 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{4C0C1514-BACE-4919-B462-D9BF3D24EFBE} 2011-02-10 22:04 . 2011-02-10 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{036D3918-7AB9-46DE-B6FE-CD42A37F46A0} 2011-02-10 10:04 . 2011-02-10 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1A931670-E2CF-40B5-A329-D459EAB0BA52} 2011-02-10 09:21 . 2011-02-11 20:03 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\IDM 2011-02-10 09:21 . 2011-02-11 09:50 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DMCache 2011-02-09 22:04 . 2011-02-09 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BFB1F6D0-93A2-4AC6-970C-71334F628AA4} 2011-02-09 10:03 . 2011-02-09 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{04C77D58-4B54-4A5F-862C-AA9AB84D898E} 2011-02-09 08:01 . 2011-02-09 08:01 -------- d-----w- c:\programdata\Blumentals 2011-02-08 22:05 . 2010-05-22 20:24 14208 ------w- c:\windows\system32\drivers\disksec.sys 2011-02-08 22:05 . 2011-02-08 22:17 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\MAGIX 2011-02-08 22:04 . 2011-02-08 22:17 -------- d-----w- c:\programdata\MAGIX 2011-02-08 22:04 . 2011-02-08 22:04 -------- d-----w- c:\program files\MAGIX 2011-02-08 22:03 . 2011-02-08 22:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{35320901-4BB2-4398-9DEB-F7700B4B3BFF} 2011-02-08 10:03 . 2011-02-08 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3F325C3A-8858-41DC-8317-2230F4D707B2} 2011-02-07 21:05 . 2011-02-07 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1F916FA5-4CE2-4E0B-815C-1115F432366E} 2011-02-07 09:05 . 2011-02-07 09:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EB00599A-29EB-40DF-826F-220523E87948} 2011-02-06 20:36 . 2011-02-06 20:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{05A32EEE-B845-482A-A9F8-B1D326193B9B} 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\programdata\InstallShield 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Programs 2011-02-06 08:47 . 2011-02-06 08:47 -------- d-----w- c:\windows\system32\URTTEMP 2011-02-06 08:36 . 2011-02-06 08:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E399DC40-FCF9-4D5C-A08D-A56343853A20} 2011-02-06 01:48 . 2004-12-07 17:11 258352 ------w- c:\windows\system32\Unicows.dll 2011-02-06 01:48 . 2004-03-09 07:00 224016 ------w- c:\windows\system32\TABCTL32.OCX 2011-02-05 20:35 . 2011-02-05 20:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EDCA7D0F-6437-42FE-8652-982636372813} 2011-02-05 08:08 . 2011-02-05 08:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{48D7D392-35D0-4327-B6BB-0781F572C2FA} 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\SystemRequirementsLab 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java 2011-02-04 20:17 . 2011-02-04 20:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 472808 ------w- c:\windows\system32\deployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 -------- d-----w- c:\program files\Java 2011-02-04 20:08 . 2011-02-04 20:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BF86A94D-4F25-4474-96A8-C605D5B0E347} 2011-02-03 23:03 . 2011-02-03 23:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{99679732-DA3D-48FC-A8EA-36E8C8BC13FE} 2011-02-03 09:43 . 2011-02-03 09:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{85C040C9-9F0B-488D-A217-C2023130078C} 2011-02-02 21:43 . 2011-02-02 21:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{82F6411A-DAA4-43BC-B951-DD1F4E61550B} 2011-02-02 09:15 . 2011-02-02 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{CC8C5C35-119E-4A60-9CE6-DC16D5D44D60} 2011-02-01 21:15 . 2011-02-01 21:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0253F66B-96A7-4F6D-9F3A-E245FB54B8CD} 2011-02-01 09:15 . 2011-02-01 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0B05B36C-9CEB-406A-A5EB-FD5FFCBF310C} 2011-02-01 07:19 . 2011-02-01 07:20 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Apple Computer 2011-02-01 07:19 . 2011-02-01 07:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple Computer 2011-02-01 07:19 . 2009-05-18 20:17 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-02-01 07:19 . 2008-04-17 19:12 107368 ------w- c:\windows\system32\GEARAspi.dll 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\program files\Apple Software Update 2011-02-01 07:15 . 2011-02-01 07:18 -------- d-----w- c:\program files\Common Files\Apple 2011-02-01 07:15 . 2011-02-01 07:17 -------- d-----w- c:\programdata\Apple 2011-02-01 06:37 . 2011-02-01 07:09 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DVD Catalyst 4 2011-01-31 22:44 . 2011-01-31 22:44 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\4Front 2011-01-31 22:42 . 2011-01-31 22:42 -------- d-----w- c:\programdata\4Front 2011-01-31 21:11 . 2011-01-31 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0D497E54-91CB-4101-A6E9-FC2EC1F04F76} 2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Malwarebytes 2011-01-31 09:38 . 2010-12-21 01:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-31 09:38 . 2011-01-31 09:38 -------- d-----w- c:\programdata\Malwarebytes 2011-01-31 09:38 . 2011-02-01 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-31 09:38 . 2010-12-21 01:08 20952 ------w- c:\windows\system32\drivers\mbam.sys 2011-01-31 09:11 . 2011-01-31 09:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B879E530-43F0-4A22-9BFE-0FA7C4FB60C4} 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Adobe Mini Bridge CS5 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-01-31 00:40 . 2011-02-26 05:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-01-31 00:35 . 2011-01-31 00:35 -------- d-----w- c:\program files\Adobe Media Player 2011-01-31 00:34 . 2011-01-31 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-01-31 00:32 . 2011-02-16 21:33 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 21:10 . 2011-01-30 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{90813790-0F2D-4EA2-A76C-48CA678CF293} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-14 04:21 . 2003-03-19 03:14 505128 ------w- c:\windows\system32\msvcp71.dll 2011-02-14 04:21 . 2003-02-21 11:42 353576 ------w- c:\windows\system32\msvcr71.dll 2011-01-27 10:38 . 2011-01-27 10:38 47360 ----a-w- c:\users\PCgENIUS\AppData\Roaming\pcouffin.sys 2011-01-25 20:48 . 2011-01-25 20:48 218688 ------w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-01-24 02:49 . 2011-01-24 02:49 23456 ------w- c:\windows\system32\drivers\DrvAgent32.sys 2011-01-19 00:43 . 2011-01-19 00:43 109328 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-01-19 00:43 . 2011-01-18 20:55 42960 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-01-19 00:43 . 2011-01-19 00:43 133648 ------w- c:\windows\system32\VBoxNetFltNotify.dll 2011-01-19 00:43 . 2011-01-19 00:43 120208 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-01-19 00:43 . 2011-01-18 20:55 158736 ------w- c:\windows\system32\drivers\VBoxDrv.sys 2011-01-14 23:14 . 2009-07-13 23:40 409088 ------w- c:\windows\system32\systemcpl.dll 2011-01-14 23:02 . 2009-07-13 23:24 811520 ------w- c:\windows\system32\user32.dll 2010-12-30 18:59 . 2011-01-14 23:45 3351208 ------w- c:\windows\system32\drivers\RTKVHDA.sys 2010-12-29 21:30 . 2011-01-14 23:45 3794536 ------w- c:\windows\system32\RtkAPO.dll 2010-12-28 22:51 . 2011-01-14 23:45 608768 ------w- c:\windows\system32\RCoRes.dat 2010-12-22 18:28 . 2011-01-14 23:45 2106984 ------w- c:\windows\system32\RtkPgExt.dll 2010-12-15 01:51 . 2010-12-15 01:51 41984 ------w- c:\windows\system32\drivers\usbaapl.sys 2010-12-15 01:51 . 2010-12-15 01:51 4184352 ------w- c:\windows\system32\usbaaplrc.dll 2010-11-30 01:48 . 2011-01-14 23:45 1723536 ------w- c:\windows\system32\WavesGUILib.dll 2010-11-30 01:48 . 2011-01-14 23:45 1439064 ------w- c:\windows\system32\MaxxAudioRealtek.dll 2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx 2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts . ------- Sigcheck ------- [-] 2011-01-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [N/A] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-30 717296] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-01-24 23456] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-19 109328] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-25 218688] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-19 158736] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-19 42960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-19 120208] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\PCgENIUS\AppData\Roaming\Mozilla\Firefox\Profiles\gxjvztv2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Add N Edit Cookies+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(360) c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\vmnat.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-02-26 17:14:42 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-27 00:14 ComboFix2.txt 2011-02-26 03:36 ComboFix3.txt 2011-02-25 20:49 Pre-Run: 448,280,571,904 bytes free Post-Run: 447,577,853,952 bytes free - - End Of File - - 99B3AEFE25F1FA2C513D209746ADD21C
  10. I am scanning once more , if their is no infected file I will try combo-fix again.
  11. but the threat is gone, alright whatever you want I will run it.
  12. I think the virus got removed, avast 5 detected it and said I need to reboot, so that's what I did and it was gone. Thanks for all the help and support man
  13. ComboFix 11-02-24.05 - PCgENIUS 02/25/2011 13:37:55.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.766 [GMT -7:00] Running from: c:\users\PCgENIUS\Desktop\Combo-Fix.exe AV: avast! Internet Security *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} FW: avast! Internet Security *Disabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473} SP: avast! Internet Security *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\PCgENIUS\AppData\Roaming\chrtmp c:\users\PCgENIUS\AppData\Roaming\inst.exe c:\users\PCgENIUS\AppData\Roaming\sharecash.exe . ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))))) . 2011-02-25 20:45 . 2011-02-25 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\temp 2011-02-25 20:45 . 2011-02-25 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-25 20:34 . 2011-02-25 20:35 -------- d-----w- C:\32788R22FWJFW 2011-02-25 20:20 . 2011-02-25 20:20 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{C12C4FB7-4EAC-4A08-A317-5C5DAC43A409} 2011-02-25 08:19 . 2011-02-25 08:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3950EFC9-678F-4A21-AB7E-2F9906DFBEED} 2011-02-24 19:44 . 2011-02-24 19:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{F77D1B40-3ED7-47A3-92D5-D499287DE620} 2011-02-24 09:21 . 2011-02-24 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Temporary Projects 2011-02-23 22:11 . 2011-02-23 22:12 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{96734489-7E5E-4EA8-B944-3C5C122D00D1} 2011-02-23 07:05 . 2011-02-23 07:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{06CE72B3-A6E0-472F-A0DA-3185C994D02F} 2011-02-22 19:05 . 2011-02-22 19:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{70B08D51-4266-427E-9178-07E787C2809C} 2011-02-22 06:44 . 2011-02-22 06:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B4EBE905-91D5-48DF-8691-A1E3159E22D4} 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\users\PCgENIUS\AppData\Local\AirMouse 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\program files\Air Mouse 2011-02-21 22:50 . 2011-02-21 22:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Downloaded Installations 2011-02-21 21:36 . 2011-02-21 21:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Ahead 2011-02-21 21:35 . 2011-02-21 22:49 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Ahead 2011-02-21 21:35 . 2011-02-21 21:35 -------- d-----w- c:\programdata\Ahead 2011-02-21 21:33 . 2011-02-21 21:34 -------- d-----w- c:\program files\Common Files\Ahead 2011-02-21 21:33 . 2011-02-21 21:33 -------- d-----w- c:\program files\Nero 2011-02-21 18:43 . 2011-02-21 18:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{2B0292AF-FF8A-459B-ABC0-E71338E38152} 2011-02-21 01:23 . 2011-02-21 01:23 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D506F557-3876-4240-AC33-92EA7EB4F583} 2011-02-20 08:46 . 2011-02-20 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{10632FB3-6F94-49EB-86F3-EE6E41159B03} 2011-02-19 20:46 . 2011-02-19 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D8E1CB64-F93C-4729-9790-ED1633223B49} 2011-02-19 08:46 . 2011-02-19 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E2349F14-65AD-4534-89A6-BA5361CA2B03} 2011-02-18 20:46 . 2011-02-18 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{FA6BC863-E2E4-4ED6-9B8E-7BD3A54E38F2} 2011-02-18 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD628540-C77D-4041-AA87-A4080392EB78}\mpengine.dll 2011-02-18 08:06 . 2011-02-18 08:06 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{8DED1E8E-6FDD-49CE-BDDD-F692128538F9} 2011-02-17 19:55 . 2011-02-17 19:55 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{21274126-14B0-4179-ACCC-22F10A2C9725} 2011-02-17 07:45 . 2011-02-17 07:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{069AB47A-3135-49AC-B360-C3ED9F7D6539} 2011-02-17 06:40 . 2011-02-17 06:40 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Microsoft Corporation 2011-02-17 05:48 . 2011-02-17 05:48 -------- d-----w- c:\program files\Microsoft SQL Server 2011-02-17 05:47 . 2011-02-17 05:49 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft SDKs 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft Help Viewer 2011-02-17 05:45 . 2011-02-17 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2011-02-16 19:45 . 2011-02-16 19:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{36735583-AA80-4932-A2E3-66DB1336B638} 2011-02-16 05:36 . 2011-02-16 05:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{7DF41BE3-2296-4006-B383-331AD0B6D5B6} 2011-02-15 16:28 . 2011-02-15 16:28 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E8BD0041-8CF5-47BC-BBD4-5ADB599C4650} 2011-02-14 22:48 . 2011-02-14 22:48 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B8F9E147-FDBD-4DDE-BDC4-AE0841BBF87D} 2011-02-14 09:40 . 2011-02-14 09:40 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E9144B00-998E-47D8-82E0-AFAF0C400F50} 2011-02-14 04:12 . 2011-02-14 04:14 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Cyberlink 2011-02-14 04:11 . 2011-02-14 04:11 -------- d-----w- c:\program files\Common Files\CyberLink 2011-02-14 04:10 . 2011-02-14 04:21 29480 ------w- c:\windows\system32\msxml3a.dll 2011-02-13 19:24 . 2011-02-13 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{30E09C5C-1EB0-4BF1-B4CB-62C550E45D69} 2011-02-13 09:37 . 2011-02-13 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Anthropics 2011-02-13 08:37 . 2011-02-13 08:37 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin 2011-02-13 08:15 . 2011-02-13 08:15 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-02-13 07:24 . 2011-02-13 07:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EE38BE9C-5EBC-4BB7-9EEB-00CE963A5530} 2011-02-13 02:44 . 2011-02-14 04:31 -------- d-----w- c:\users\Public\CyberLink 2011-02-13 02:43 . 2011-02-14 04:12 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\CyberLink 2011-02-13 02:43 . 2011-02-14 04:14 -------- d-----w- c:\programdata\CyberLink 2011-02-12 20:54 . 2011-01-31 23:29 1536000 ----a-w- c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sharesach1.exe 2011-02-12 19:37 . 2011-02-12 19:37 -------- d-----w- c:\program files\BinarySense 2011-02-12 19:24 . 2011-02-12 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3C3EF3D6-3D46-4CB1-BAC5-43743A921772} 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\windows\Repair 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\programdata\MyDefrag 2011-02-12 05:04 . 2011-02-12 05:04 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\BinarySense 2011-02-12 03:59 . 2011-02-12 04:00 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D24E53F1-71B1-4EF9-879B-8FEE8FFBD9B9} 2011-02-11 10:04 . 2011-02-11 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{4C0C1514-BACE-4919-B462-D9BF3D24EFBE} 2011-02-10 22:04 . 2011-02-10 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{036D3918-7AB9-46DE-B6FE-CD42A37F46A0} 2011-02-10 10:04 . 2011-02-10 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1A931670-E2CF-40B5-A329-D459EAB0BA52} 2011-02-10 09:21 . 2011-02-11 20:03 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\IDM 2011-02-10 09:21 . 2011-02-11 09:50 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DMCache 2011-02-09 22:04 . 2011-02-09 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BFB1F6D0-93A2-4AC6-970C-71334F628AA4} 2011-02-09 10:03 . 2011-02-09 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{04C77D58-4B54-4A5F-862C-AA9AB84D898E} 2011-02-09 08:01 . 2011-02-09 08:01 -------- d-----w- c:\programdata\Blumentals 2011-02-08 22:05 . 2010-05-22 20:24 14208 ------w- c:\windows\system32\drivers\disksec.sys 2011-02-08 22:05 . 2011-02-08 22:17 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\MAGIX 2011-02-08 22:04 . 2011-02-08 22:17 -------- d-----w- c:\programdata\MAGIX 2011-02-08 22:04 . 2011-02-08 22:04 -------- d-----w- c:\program files\MAGIX 2011-02-08 22:03 . 2011-02-08 22:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{35320901-4BB2-4398-9DEB-F7700B4B3BFF} 2011-02-08 10:03 . 2011-02-08 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3F325C3A-8858-41DC-8317-2230F4D707B2} 2011-02-07 21:05 . 2011-02-07 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1F916FA5-4CE2-4E0B-815C-1115F432366E} 2011-02-07 09:05 . 2011-02-07 09:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EB00599A-29EB-40DF-826F-220523E87948} 2011-02-06 20:36 . 2011-02-06 20:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{05A32EEE-B845-482A-A9F8-B1D326193B9B} 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\programdata\InstallShield 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Programs 2011-02-06 08:47 . 2011-02-06 08:47 -------- d-----w- c:\windows\system32\URTTEMP 2011-02-06 08:36 . 2011-02-06 08:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E399DC40-FCF9-4D5C-A08D-A56343853A20} 2011-02-06 01:48 . 2004-12-07 17:11 258352 ------w- c:\windows\system32\Unicows.dll 2011-02-06 01:48 . 2004-03-09 07:00 224016 ------w- c:\windows\system32\TABCTL32.OCX 2011-02-05 20:35 . 2011-02-05 20:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EDCA7D0F-6437-42FE-8652-982636372813} 2011-02-05 08:08 . 2011-02-05 08:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{48D7D392-35D0-4327-B6BB-0781F572C2FA} 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\SystemRequirementsLab 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java 2011-02-04 20:17 . 2011-02-04 20:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 472808 ------w- c:\windows\system32\deployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 -------- d-----w- c:\program files\Java 2011-02-04 20:08 . 2011-02-04 20:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BF86A94D-4F25-4474-96A8-C605D5B0E347} 2011-02-03 23:03 . 2011-02-03 23:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{99679732-DA3D-48FC-A8EA-36E8C8BC13FE} 2011-02-03 09:43 . 2011-02-03 09:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{85C040C9-9F0B-488D-A217-C2023130078C} 2011-02-02 21:43 . 2011-02-02 21:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{82F6411A-DAA4-43BC-B951-DD1F4E61550B} 2011-02-02 09:15 . 2011-02-02 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{CC8C5C35-119E-4A60-9CE6-DC16D5D44D60} 2011-02-01 21:15 . 2011-02-01 21:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0253F66B-96A7-4F6D-9F3A-E245FB54B8CD} 2011-02-01 09:15 . 2011-02-01 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0B05B36C-9CEB-406A-A5EB-FD5FFCBF310C} 2011-02-01 07:19 . 2011-02-01 07:20 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Apple Computer 2011-02-01 07:19 . 2011-02-01 07:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple Computer 2011-02-01 07:19 . 2009-05-18 20:17 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-02-01 07:19 . 2008-04-17 19:12 107368 ------w- c:\windows\system32\GEARAspi.dll 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\program files\Apple Software Update 2011-02-01 07:16 . 2011-02-01 07:16 -------- d-----w- c:\program files\Bonjour 2011-02-01 07:15 . 2011-02-01 07:18 -------- d-----w- c:\program files\Common Files\Apple 2011-02-01 07:15 . 2011-02-01 07:17 -------- d-----w- c:\programdata\Apple 2011-02-01 06:37 . 2011-02-01 07:09 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DVD Catalyst 4 2011-01-31 22:44 . 2011-01-31 22:44 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\4Front 2011-01-31 22:42 . 2011-01-31 22:42 -------- d-----w- c:\programdata\4Front 2011-01-31 21:11 . 2011-01-31 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0D497E54-91CB-4101-A6E9-FC2EC1F04F76} 2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Malwarebytes 2011-01-31 09:38 . 2010-12-21 01:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-31 09:38 . 2011-01-31 09:38 -------- d-----w- c:\programdata\Malwarebytes 2011-01-31 09:38 . 2011-02-01 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-31 09:38 . 2010-12-21 01:08 20952 ------w- c:\windows\system32\drivers\mbam.sys 2011-01-31 09:11 . 2011-01-31 09:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B879E530-43F0-4A22-9BFE-0FA7C4FB60C4} 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Adobe Mini Bridge CS5 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-01-31 00:40 . 2011-02-16 21:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-01-31 00:35 . 2011-01-31 00:35 -------- d-----w- c:\program files\Adobe Media Player 2011-01-31 00:34 . 2011-01-31 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-01-31 00:32 . 2011-02-16 21:33 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 21:10 . 2011-01-30 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{90813790-0F2D-4EA2-A76C-48CA678CF293} 2011-01-30 20:59 . 2011-02-16 21:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Adobe 2011-01-30 10:29 . 2011-01-30 10:29 717296 ------w- c:\windows\system32\drivers\sptd.sys 2011-01-30 10:08 . 2011-01-30 10:08 81920 ------w- c:\windows\system32\v3shrtkgn.dll 2011-01-30 10:02 . 2011-01-30 10:02 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\URSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-14 04:21 . 2003-03-19 03:14 505128 ------w- c:\windows\system32\msvcp71.dll 2011-02-14 04:21 . 2003-02-21 11:42 353576 ------w- c:\windows\system32\msvcr71.dll 2011-01-25 20:48 . 2011-01-25 20:48 218688 ------w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-01-24 02:49 . 2011-01-24 02:49 23456 ------w- c:\windows\system32\drivers\DrvAgent32.sys 2011-01-19 00:43 . 2011-01-19 00:43 109328 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-01-19 00:43 . 2011-01-18 20:55 42960 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-01-19 00:43 . 2011-01-19 00:43 133648 ------w- c:\windows\system32\VBoxNetFltNotify.dll 2011-01-19 00:43 . 2011-01-19 00:43 120208 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-01-19 00:43 . 2011-01-18 20:55 158736 ------w- c:\windows\system32\drivers\VBoxDrv.sys 2011-01-14 23:14 . 2009-07-13 23:40 409088 ------w- c:\windows\system32\systemcpl.dll 2011-01-14 23:02 . 2009-07-13 23:24 811520 ------w- c:\windows\system32\user32.dll 2011-01-13 08:47 . 2011-01-15 04:18 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2011-01-15 04:18 188216 ------w- c:\windows\system32\aswBoot.exe 2011-01-13 08:42 . 2011-01-15 04:19 99792 ------w- c:\windows\system32\drivers\aswFW.sys 2011-01-13 08:41 . 2011-01-15 04:19 357968 ------w- c:\windows\system32\drivers\aswSnx.sys 2011-01-13 08:41 . 2011-01-15 04:19 294608 ------w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:41 . 2011-01-15 04:19 189904 ------w- c:\windows\system32\drivers\aswNdis2.sys 2011-01-13 08:40 . 2011-01-15 04:19 47440 ------w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:37 . 2011-01-15 04:19 23632 ------w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2011-01-15 04:19 51280 ------w- c:\windows\system32\drivers\aswMonFlt.sys 2011-01-13 08:37 . 2011-01-15 04:19 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-30 18:59 . 2011-01-14 23:45 3351208 ------w- c:\windows\system32\drivers\RTKVHDA.sys 2010-12-29 21:30 . 2011-01-14 23:45 3794536 ------w- c:\windows\system32\RtkAPO.dll 2010-12-28 22:51 . 2011-01-14 23:45 608768 ------w- c:\windows\system32\RCoRes.dat 2010-12-22 18:28 . 2011-01-14 23:45 2106984 ------w- c:\windows\system32\RtkPgExt.dll 2010-12-15 01:51 . 2010-12-15 01:51 41984 ------w- c:\windows\system32\drivers\usbaapl.sys 2010-12-15 01:51 . 2010-12-15 01:51 4184352 ------w- c:\windows\system32\usbaaplrc.dll 2010-11-30 01:48 . 2011-01-14 23:45 1723536 ------w- c:\windows\system32\WavesGUILib.dll 2010-11-30 01:48 . 2011-01-14 23:45 1439064 ------w- c:\windows\system32\MaxxAudioRealtek.dll 2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx 2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts . ------- Sigcheck ------- [-] 2011-01-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [N/A] sharesach1.exe [2011-1-31 1536000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-30 717296] R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-01-24 23456] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-19 109328] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-25 218688] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-19 158736] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-19 42960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-19 120208] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\PCgENIUS\AppData\Roaming\Mozilla\Firefox\Profiles\gxjvztv2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Add N Edit Cookies+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} . - - - - ORPHANS REMOVED - - - - HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe HKCU-Run-AdobeBridge - (no file) AddRemove-Speccy - c:\program files\Speccy\uninst.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-02-25 13:49:20 ComboFix-quarantined-files.txt 2011-02-25 20:49 Pre-Run: 440,512,184,320 bytes free Post-Run: 447,656,308,736 bytes free - - End Of File - - BD406A337F1308DD504E6AED6A2D716B (Thank you man, looks like the threat is gone , just going to restart my pc and see if it returns.
  14. DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 1/14/2011 4:31:33 PM System Uptime: 2/24/2011 1:27:18 PM (0 hours ago) Motherboard: Acer | | F690GVM Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 456 GiB total, 410.651 GiB free. D: is CDROM () E: is CDROM () J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet1 Device ID: ROOT\VMWARE\0000 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet8 Device ID: ROOT\VMWARE\0001 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet8 PNP Device ID: ROOT\VMWARE\0001 Service: VMnetAdapter Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0000 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0000 Service: VBoxNetAdp Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\3&18D45AA6&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\3&18D45AA6&0 Service: i8042prt ==== System Restore Points =================== RP115: 2/15/2011 9:43:57 AM - Windows Update RP116: 2/18/2011 3:00:14 AM - Windows Update RP117: 2/18/2011 11:41:20 AM - Windows Update RP118: 2/21/2011 2:31:27 PM - Installed Nero 7. Available with Windows Installer version 1.2 and later. RP119: 2/21/2011 3:51:13 PM - Installed Mobile Mouse Server. ==== Installed Programs ======================
  15. sorry for some reason I couldn't attach the other one but I will try right now.
  16. This is the only log that I See,their is no extra one unless I have to download the DDS.txt. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5871 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/24/2011 1:16:32 PM mbam-log-2011-02-24 (13-16-32).txt Scan type: Quick scan Objects scanned: 157407 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\Users\PCgENIUS\AppData\Roaming\sharecash.exe (Trojan.Downloader) -> 3468 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\PCgENIUS\AppData\Roaming\sharecash.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  17. Alright guys so I got infected with a file called Trojan Downloader.I tried to remove it with Malwarebytes.It told me to restart and thats what I did. So when I restarted and logged back on the file was still their even though I removed it.Pictures maybe helpful so here, take a look.If you guys have an idea how to get rid of this I will be thankful. I dont want to reformat my computer for some stupid threat. http://img196.imageshack.us/img196/8192/threatk.png I removed it and right after I restarted my computer it returned.
  18. I Have a feeling this is a threat infecting my computer. Even though Malwarebytes isn't detecting it I still think I have a threat. I try to access this website it redirects me to another browser . One browser it redirected me to was an antivirus, said something like scan your files now. Yeah right. Anyways some explanation will be great.
  19. So Malwarebytes just finished scanning and the results turned out differently . At least the other threats are gone. Am gonna get rid of these ones and restart my pc and start scanning again. http://img29.imageshack.us/img29/971/91113305.png
  20. 3 infected files so far, hopefully their not the same ones.
  21. Well I did a quick Scan this time and nothing was detected, am gonna go do a full scan right now. Thank you for your help.
  22. Ok, so I download ATF Cleaner & TDSSKiller. I did exactly what you said now am scanning my computer with Malwarebytes to see if the files are still their. I will let you know what happens.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.