Jump to content

Recommended Posts

Hi. I recently did a system restore via safe mode because I couldn't log on normally without a warning popping up in the lower right corner about 30+ viruses and the simultaneous downloading of something malicious-looking. (It said it was "scanning" for viruses.) After the system restore, I ran a complete scan and a rootkit scan with AVG Free Antivirus and it didn't find anything. Then I ran a scan with MBAM and it found something; I'm not sure if this is a false positive, though (I'm not the usual user of this PC). Below are logs from MBAM, HiJackThis, and DDS. (GMER didn't find anything.) Thanks in advance.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6476

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

4/29/2011 9:20:08 PM

mbam-log-2011-04-29 (21-20-08).txt

Scan type: Quick scan

Objects scanned: 153297

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:39:27 PM, on 5/4/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:33921

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - MRI_DISABLED - (no file)

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Global Registration] "C:\Program Files (x86)\eMachines\Registration\GREG.exe" BOOT

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11077 bytes

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by owner at 19:03:18.64 on Wed 05/04/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1663 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Windows\system32\lxcrcoms.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\owner\Desktop\dds(1).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

uInternet Settings,ProxyServer = http=127.0.0.1:33921

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mWinlogon: Userinit=userinit.exe,

BHO: MRI_DISABLED - No File

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [Global Registration] "C:\Program Files (x86)\eMachines\Registration\GREG.exe" BOOT

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

mRun-x64: [lxcrmon.exe] "C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe"

mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe"

mRun-x64: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\impow7av.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-5 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-13 517448]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-5 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-5 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]

S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-8-14 332272]

S4 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-04-30 03:56:58 -------- d-----w- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com

2011-04-30 03:56:58 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-04-30 03:56:40 -------- d-----w- C:\PROGRA~3\!SASCORE

2011-04-30 03:56:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-04-30 03:01:44 -------- d-----w- C:\Users\owner\AppData\Local\Secunia PSI

2011-04-30 03:01:19 -------- d-----w- C:\Program Files (x86)\Secunia

2011-04-30 02:44:00 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2011-04-30 02:38:41 -------- d-----w- C:\Users\owner\AppData\Roaming\GlarySoft

2011-04-30 02:36:11 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2011-04-30 01:59:41 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes

2011-04-30 01:59:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-30 01:59:18 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-30 01:59:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-30 01:59:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-30 01:25:05 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-30 01:25:04 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-30 01:25:00 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-04-30 01:23:53 2871808 ----a-w- C:\Windows\explorer.exe

2011-04-30 01:23:53 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-04-30 01:22:54 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-04-30 01:22:54 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-04-30 01:20:11 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-04-30 01:20:00 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-04-30 01:20:00 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-04-30 01:02:18 -------- d-----w- C:\Users\owner\AppData\Local\{A3BA1701-5F2B-4104-98C5-67C3A848A612}

2011-04-28 01:37:17 -------- d-----w- C:\PROGRA~3\dA01803DjGdA01803

2011-04-28 00:46:36 -------- d-----w- C:\Users\owner\AppData\Local\{91DDF3A2-19DA-4471-A7F2-67BF9D71B1FE}

2011-04-27 04:39:23 -------- d-----w- C:\Users\owner\AppData\Local\{7D8FC204-58E2-4FDE-A037-51FD0D0DA229}

2011-04-24 21:19:28 -------- d-----w- C:\Users\owner\AppData\Local\{CC8CB5C4-F1A6-44B6-8889-DF02C3B6746C}

2011-04-24 04:32:19 -------- d-----w- C:\Users\owner\AppData\Local\{2D4342B7-41A4-47ED-80E9-313E706C205A}

2011-04-23 04:29:05 -------- d-----w- C:\Users\owner\AppData\Local\{50A73CB1-2618-4DCC-AAE0-2FA8D5544844}

2011-04-21 17:07:36 -------- d-----w- C:\Users\owner\AppData\Local\{CD128732-C841-464F-8624-E6BB6D91FD19}

2011-04-21 01:42:16 -------- d-----w- C:\Users\owner\AppData\Local\{6D34585D-2B8F-4250-9752-7E1A20FAE4F7}

2011-04-20 01:47:49 -------- d-----w- C:\Users\owner\AppData\Local\{898B2A52-7F13-4C0A-BC5B-2810D64AC047}

2011-04-18 22:36:15 -------- d-----w- C:\Users\owner\AppData\Local\{8D3B7159-9EF3-464B-AB1B-E8B20B0C3ABD}

2011-04-18 01:02:53 -------- d-----w- C:\Users\owner\AppData\Local\{EF0685DF-C3B4-475B-B443-A4BA1D0BDF2C}

2011-04-17 13:01:58 -------- d-----w- C:\Users\owner\AppData\Local\{34382C31-E1AA-49A9-81D7-9BEF0A321DFC}

2011-04-16 14:08:45 -------- d-----w- C:\Users\owner\AppData\Local\{3C2DAB24-F6D7-49FC-B15D-5350A9A1FBCD}

2011-04-16 02:07:23 -------- d-----w- C:\Users\owner\AppData\Local\{18D17A31-2909-4E15-BA98-4CD2CA46169A}

2011-04-15 01:32:43 -------- d-----w- C:\Users\owner\AppData\Local\{EA535CD3-873E-43FB-A401-C105675FE29D}

2011-04-14 01:18:48 -------- d-----w- C:\Users\owner\AppData\Local\{5B9D86CA-844D-495B-B6BD-A09DB4B2CD86}

2011-04-12 21:17:11 -------- d-----w- C:\Users\owner\AppData\Local\{56750E07-0204-4FD5-9170-36784CB0DF0E}

2011-04-10 18:53:16 -------- d-----w- C:\Users\owner\AppData\Local\{4482B96A-D6E1-4844-9938-5927B593A464}

2011-04-09 18:30:35 -------- d-----w- C:\Users\owner\AppData\Local\{E554A843-02F9-404A-A92A-9AB53D392171}

2011-04-09 03:32:27 -------- d-----w- C:\Users\owner\AppData\Local\{B61B653D-F0B7-4033-BF4F-E70FCB278ACC}

2011-04-08 03:06:11 -------- d-----w- C:\Users\owner\AppData\Local\{C4BDEAFC-3CB5-4428-8972-1F4B7E70985B}

2011-04-07 00:44:27 -------- d-----w- C:\Users\owner\AppData\Local\{70C959AF-5E72-4655-88AA-3AF0788E75AA}

2011-04-06 02:07:28 -------- d-----w- C:\Users\owner\AppData\Local\{7DC0C21E-0E5F-4879-9B6C-B16D64B0EC5C}

2011-04-05 02:03:56 -------- d-----w- C:\Users\owner\AppData\Local\{FA4D54EE-E8E0-416C-B30F-26D9B0785037}

.

==================== Find3M ====================

.

2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-05 20:00:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-03-05 20:00:10 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-03-05 17:53:01 201728 ----a-w- C:\Windows\SysWow64\MMS Avatars.scr

2011-03-05 17:52:19 201728 ----a-w- C:\Windows\SysWow64\MMS Chocolate River.scr

2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe

.

============= FINISH: 19:04:22.74 ===============

Attach.zip

Link to post
Share on other sites

I redid the DDS and GMER scans after rebooting. Again, GMER said it didn't find modifications. Below are the most recent DDS files (in case rebooting changes anything--I don't know).

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by owner at 19:45:35.08 on Wed 05/04/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1673 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Windows\system32\lxcrcoms.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\owner\Desktop\dds(1).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173611095203p0364v105r4811s249

uInternet Settings,ProxyServer = http=127.0.0.1:33921

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mWinlogon: Userinit=userinit.exe,

BHO: MRI_DISABLED - No File

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [Global Registration] "C:\Program Files (x86)\eMachines\Registration\GREG.exe" BOOT

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

mRun-x64: [lxcrmon.exe] "C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe"

mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe"

mRun-x64: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\impow7av.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-5 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-13 517448]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-5 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-5 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]

S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-8-14 332272]

S4 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-04-30 03:56:58 -------- d-----w- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com

2011-04-30 03:56:58 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-04-30 03:56:40 -------- d-----w- C:\PROGRA~3\!SASCORE

2011-04-30 03:56:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-04-30 03:01:44 -------- d-----w- C:\Users\owner\AppData\Local\Secunia PSI

2011-04-30 03:01:19 -------- d-----w- C:\Program Files (x86)\Secunia

2011-04-30 02:44:00 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2011-04-30 02:38:41 -------- d-----w- C:\Users\owner\AppData\Roaming\GlarySoft

2011-04-30 02:36:11 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2011-04-30 01:59:41 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes

2011-04-30 01:59:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-30 01:59:18 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-30 01:59:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-30 01:59:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-30 01:25:05 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-30 01:25:04 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-30 01:25:00 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-04-30 01:23:53 2871808 ----a-w- C:\Windows\explorer.exe

2011-04-30 01:23:53 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-04-30 01:22:54 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-04-30 01:22:54 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-04-30 01:20:11 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-04-30 01:20:00 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-04-30 01:20:00 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-04-30 01:02:18 -------- d-----w- C:\Users\owner\AppData\Local\{A3BA1701-5F2B-4104-98C5-67C3A848A612}

2011-04-28 01:37:17 -------- d-----w- C:\PROGRA~3\dA01803DjGdA01803

2011-04-28 00:46:36 -------- d-----w- C:\Users\owner\AppData\Local\{91DDF3A2-19DA-4471-A7F2-67BF9D71B1FE}

2011-04-27 04:39:23 -------- d-----w- C:\Users\owner\AppData\Local\{7D8FC204-58E2-4FDE-A037-51FD0D0DA229}

2011-04-24 21:19:28 -------- d-----w- C:\Users\owner\AppData\Local\{CC8CB5C4-F1A6-44B6-8889-DF02C3B6746C}

2011-04-24 04:32:19 -------- d-----w- C:\Users\owner\AppData\Local\{2D4342B7-41A4-47ED-80E9-313E706C205A}

2011-04-23 04:29:05 -------- d-----w- C:\Users\owner\AppData\Local\{50A73CB1-2618-4DCC-AAE0-2FA8D5544844}

2011-04-21 17:07:36 -------- d-----w- C:\Users\owner\AppData\Local\{CD128732-C841-464F-8624-E6BB6D91FD19}

2011-04-21 01:42:16 -------- d-----w- C:\Users\owner\AppData\Local\{6D34585D-2B8F-4250-9752-7E1A20FAE4F7}

2011-04-20 01:47:49 -------- d-----w- C:\Users\owner\AppData\Local\{898B2A52-7F13-4C0A-BC5B-2810D64AC047}

2011-04-18 22:36:15 -------- d-----w- C:\Users\owner\AppData\Local\{8D3B7159-9EF3-464B-AB1B-E8B20B0C3ABD}

2011-04-18 01:02:53 -------- d-----w- C:\Users\owner\AppData\Local\{EF0685DF-C3B4-475B-B443-A4BA1D0BDF2C}

2011-04-17 13:01:58 -------- d-----w- C:\Users\owner\AppData\Local\{34382C31-E1AA-49A9-81D7-9BEF0A321DFC}

2011-04-16 14:08:45 -------- d-----w- C:\Users\owner\AppData\Local\{3C2DAB24-F6D7-49FC-B15D-5350A9A1FBCD}

2011-04-16 02:07:23 -------- d-----w- C:\Users\owner\AppData\Local\{18D17A31-2909-4E15-BA98-4CD2CA46169A}

2011-04-15 01:32:43 -------- d-----w- C:\Users\owner\AppData\Local\{EA535CD3-873E-43FB-A401-C105675FE29D}

2011-04-14 01:18:48 -------- d-----w- C:\Users\owner\AppData\Local\{5B9D86CA-844D-495B-B6BD-A09DB4B2CD86}

2011-04-12 21:17:11 -------- d-----w- C:\Users\owner\AppData\Local\{56750E07-0204-4FD5-9170-36784CB0DF0E}

2011-04-10 18:53:16 -------- d-----w- C:\Users\owner\AppData\Local\{4482B96A-D6E1-4844-9938-5927B593A464}

2011-04-09 18:30:35 -------- d-----w- C:\Users\owner\AppData\Local\{E554A843-02F9-404A-A92A-9AB53D392171}

2011-04-09 03:32:27 -------- d-----w- C:\Users\owner\AppData\Local\{B61B653D-F0B7-4033-BF4F-E70FCB278ACC}

2011-04-08 03:06:11 -------- d-----w- C:\Users\owner\AppData\Local\{C4BDEAFC-3CB5-4428-8972-1F4B7E70985B}

2011-04-07 00:44:27 -------- d-----w- C:\Users\owner\AppData\Local\{70C959AF-5E72-4655-88AA-3AF0788E75AA}

2011-04-06 02:07:28 -------- d-----w- C:\Users\owner\AppData\Local\{7DC0C21E-0E5F-4879-9B6C-B16D64B0EC5C}

2011-04-05 02:03:56 -------- d-----w- C:\Users\owner\AppData\Local\{FA4D54EE-E8E0-416C-B30F-26D9B0785037}

.

==================== Find3M ====================

.

2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-05 20:00:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-03-05 20:00:10 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-03-05 17:53:01 201728 ----a-w- C:\Windows\SysWow64\MMS Avatars.scr

2011-03-05 17:52:19 201728 ----a-w- C:\Windows\SysWow64\MMS Chocolate River.scr

2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe

.

============= FINISH: 19:46:54.95 ===============

Attach2.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.