Jump to content

Recommended Posts

OK this is my fault, I let me nephew use my laptop logged into an admin acct. What kills me is I have a legitimate copy of the program it appears he was trying to pirate, a more recent one even, in the very desk he was sitting at. Sheesh.

Anyway I've run malwarebytes, combofix and tdsskiller. The pertinent logs are attached (In the form of one really long text file)logs.txt they were too long.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. Use multiple posts if necessary. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

-screen317

Link to post
Share on other sites

here are the requested logs and thank you in advance no metter how this works out....

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6739

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

5/31/2011 11:23:08 PM

mbam-log-2011-05-31 (23-23-08).txt

Scan type: Quick scan

Objects scanned: 171170

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

next

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sandy at 23:25:26 on 2011-05-31

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1462 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\Soda PDF\ConversionService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\STacSV64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Sandy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Sandy\Desktop\London Mapper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Sandy\Desktop\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Soda PDF Helper: {5cfcaff6-5bb0-4864-b626-021c99ed82e5} - C:\Program Files (x86)\Soda PDF\PDFIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Soda PDF Toolbar: {980eb9ec-6eb5-4258-bddb-efe25c5f99ef} - C:\Program Files (x86)\Soda PDF\PDFIEPlugin.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Sandy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {14696582-4EF6-4152-B2B7-8942371BBD02} = 156.154.70.22,156.154.71.22

TCP: 3514E44495D20534F5E4564777F627B6 = 192.168.254.254

TCP: C696E6B6379737 = 192.168.254.254

TCP: C696E6B6379737F5355435F52303539333 = 192.168.254.254

TCP: {91A51ED2-3196-4879-AFB4-9847447B33A7} = 156.154.70.22,156.154.71.22

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

mRun-x64: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe

mRun-x64: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

AppInit_DLLs-X64: C:\Windows\system32\guard64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\iv4o91ag.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Soda PDF\FFSodaExt\plugins\NPSodaPDFPreviewerPlugin.dll

FF - plugin: C:\Users\Sandy\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Users\Sandy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Sandy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2011-5-26 22528]

R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]

R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]

R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]

R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]

R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]

R2 Soda PDF Service;Soda PDF Service;C:\Program Files (x86)\Soda PDF\ConversionService.exe [2011-4-28 889176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Soda PDF Helper Service;Soda PDF Helper Service;C:\Program Files (x86)\Soda PDF\HelperService.exe [2011-4-28 813400]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-05-31 02:02:39 -------- d-s---w- C:\ComboFix

2011-05-30 22:28:03 -------- d-----w- C:\TDSSKiller_Quarantine

2011-05-30 22:16:08 1431344 ----a-w- C:\TDSSKiller.exe

2011-05-29 12:44:13 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE695FDC-D309-492C-8329-D85940F713EA}\mpengine.dll

2011-05-29 10:32:15 -------- d-----w- C:\Users\Sandy\AppData\Roaming\SUPERAntiSpyware.com

2011-05-29 10:32:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-05-29 10:32:09 -------- d-----w- C:\ProgramData\!SASCORE

2011-05-29 10:31:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-05-29 02:16:05 -------- d-----w- C:\ProgramData\Corel

2011-05-29 02:12:38 -------- d-----w- C:\Users\Sandy\AppData\Local\Corel

2011-05-29 02:08:42 -------- d-----w- C:\Program Files (x86)\Corel

2011-05-28 23:39:15 -------- d-----w- C:\Program Files\COMODO

2011-05-28 23:36:48 -------- d-----w- C:\ProgramData\Comodo

2011-05-28 21:51:56 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-05-28 20:08:55 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-28 19:31:54 98816 ----a-w- C:\Windows\sed.exe

2011-05-28 19:31:54 518144 ----a-w- C:\Windows\SWREG.exe

2011-05-28 19:31:54 256512 ----a-w- C:\Windows\PEV.exe

2011-05-28 19:31:54 208896 ----a-w- C:\Windows\MBR.exe

2011-05-28 18:12:14 -------- d-----w- C:\Users\Sandy\AppData\Roaming\Malwarebytes

2011-05-28 18:12:07 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-28 18:12:06 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-28 18:12:02 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-28 18:12:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-27 04:27:49 -------- d-----w- C:\Users\Sandy\AppData\Local\Apple Computer

2011-05-27 04:27:30 -------- d-----w- C:\Users\Sandy\AppData\Roaming\Barnes & Noble

2011-05-27 04:27:23 -------- d-----w- C:\Program Files (x86)\Barnes & Noble

2011-05-27 03:14:10 -------- d-----w- C:\ProgramData\DAZ 3D

2011-05-27 03:14:05 -------- d-----w- C:\Program Files\DAZ 3D

2011-05-26 12:42:49 -------- d-----w- C:\ProgramData\OptiTex

2011-05-26 12:34:57 -------- d-----w- C:\Program Files (x86)\Common Files\DAZ

2011-05-26 12:34:02 -------- d-----w- C:\Program Files (x86)\DAZ 3D

2011-05-23 15:35:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-22 17:56:36 -------- d-----w- C:\Users\Sandy\AppData\Roaming\com.amazon.music.uploader

2011-05-22 17:56:07 -------- d-----w- C:\Program Files (x86)\Amazon

2011-05-22 17:54:44 -------- d-----w- C:\Users\Sandy\AppData\Local\Adobe

2011-05-19 15:30:29 -------- d-----w- C:\Program Files (x86)\Soda PDF

2011-05-19 15:28:05 -------- d-----w- C:\Users\Sandy\AppData\Roaming\PDF Software

2011-05-17 14:59:11 -------- d-----w- C:\Program Files (x86)\XVID Player

2011-05-17 14:58:21 -------- d-----w- C:\Program Files (x86)\RingtoneJunkiez Desktop

2011-05-17 14:58:21 -------- d-----w- C:\Program Files (x86)\Common Files\RingtoneJunkiez

2011-05-06 23:57:27 -------- d-----w- C:\Users\Sandy\FrostWire

2011-05-06 23:57:17 -------- d-----w- C:\Users\Sandy\AppData\Roaming\FrostWire

2011-05-06 23:56:38 -------- d-----w- C:\Program Files (x86)\FrostWire

2011-05-03 00:36:48 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-05-03 00:36:48 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-05-03 00:36:46 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-05-03 00:36:04 284744 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-05-03 00:36:02 360976 ----a-w- C:\Windows\System32\guard64.dll

.

==================== Find3M ====================

.

2011-05-28 21:51:56 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-05-27 21:53:49 3766 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2011-05-27 21:53:42 56 --sh--r- C:\Windows\SysWow64\EFF05ABC3F.sys

2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-04-29 01:55:01 258352 ----a-w- C:\Windows\SysWow64\unicows.dll

2011-03-18 03:36:31 1448809 ----a-w- C:\Users\Sandy\DOSBox0.74-win32-installer.exe

2011-03-18 03:20:06 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-03-18 03:18:42 11193664 ----a-w- C:\Users\Sandy\DTLite4402-0131.exe

2011-03-18 03:12:58 13835919 ----a-w- C:\Users\Sandy\D-Fend-Reloaded-1.1.0-Setup.exe

.

============= FINISH: 23:27:35.30 ===============

Link to post
Share on other sites

had to run combofix in safe mode with netwoking but here's the logs

ComboFix 11-06-05.02 - Sandy 06/05/2011 16:00:44.3.2 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2555 [GMT -4:00]

Running from: c:\users\Sandy\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))

.

.

2011-06-05 20:13 . 2011-06-05 20:13 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2011-06-05 20:13 . 2011-06-05 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-03 14:01 . 2011-06-03 14:01 -------- d-----w- c:\users\Sandy\AppData\Local\Yahoo

2011-06-03 13:58 . 2011-06-03 14:01 -------- d-----w- c:\users\Sandy\AppData\Roaming\Yahoo!

2011-06-03 13:58 . 2011-06-03 13:59 -------- d-----w- c:\programdata\Yahoo! Companion

2011-06-03 13:57 . 2011-06-03 13:58 -------- d-----w- c:\programdata\Yahoo!

2011-06-03 13:54 . 2011-06-03 13:58 -------- d-----w- c:\program files (x86)\Yahoo!

2011-05-30 22:28 . 2011-05-30 22:28 -------- d-----w- C:\TDSSKiller_Quarantine

2011-05-30 22:16 . 2011-05-29 13:24 1431344 ----a-w- C:\TDSSKiller.exe

2011-05-29 12:44 . 2011-05-24 23:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE695FDC-D309-492C-8329-D85940F713EA}\mpengine.dll

2011-05-29 10:32 . 2011-05-29 10:32 -------- d-----w- c:\users\Sandy\AppData\Roaming\SUPERAntiSpyware.com

2011-05-29 10:32 . 2011-05-29 10:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-05-29 10:32 . 2011-05-29 10:32 -------- d-----w- c:\programdata\!SASCORE

2011-05-29 10:31 . 2011-05-29 10:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-29 02:26 . 2011-05-29 02:26 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-05-29 02:26 . 2011-05-29 11:19 -------- d-----w- c:\program files (x86)\QuickTime

2011-05-29 02:16 . 2011-05-29 02:30 -------- d-----w- c:\programdata\Corel

2011-05-29 02:12 . 2011-05-29 03:30 -------- d-----w- c:\users\Sandy\AppData\Local\Corel

2011-05-29 02:12 . 2011-05-29 02:30 -------- d-----w- c:\users\Sandy\AppData\Roaming\Corel

2011-05-29 02:08 . 2011-05-29 02:08 -------- d-----w- c:\program files (x86)\Corel

2011-05-28 23:39 . 2011-05-28 23:39 -------- d-----w- c:\program files\COMODO

2011-05-28 23:36 . 2011-05-29 11:19 -------- d-----w- c:\programdata\Comodo

2011-05-28 21:51 . 2011-05-28 21:51 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-05-28 18:12 . 2011-05-28 18:12 -------- d-----w- c:\users\Sandy\AppData\Roaming\Malwarebytes

2011-05-28 18:12 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-28 18:12 . 2011-05-28 18:12 -------- d-----w- c:\programdata\Malwarebytes

2011-05-28 18:12 . 2011-06-01 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-28 18:12 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-27 04:27 . 2011-05-27 04:27 -------- d-----w- c:\users\Sandy\AppData\Roaming\Apple Computer

2011-05-27 04:27 . 2011-05-27 04:27 -------- d-----w- c:\users\Sandy\AppData\Local\Apple Computer

2011-05-27 04:27 . 2011-05-27 04:27 -------- d-----w- c:\users\Sandy\AppData\Roaming\Barnes & Noble

2011-05-27 04:27 . 2011-05-27 04:27 -------- d-----w- c:\program files (x86)\Barnes & Noble

2011-05-27 03:14 . 2011-05-27 03:14 -------- d-----w- c:\programdata\DAZ 3D

2011-05-27 03:14 . 2011-05-27 03:14 -------- d-----w- c:\program files\DAZ 3D

2011-05-26 12:42 . 2011-05-26 12:42 -------- d-----w- c:\programdata\OptiTex

2011-05-26 12:34 . 2011-05-26 12:50 -------- d-----w- c:\program files (x86)\Common Files\DAZ

2011-05-26 12:34 . 2011-05-27 03:09 -------- d-----w- c:\program files (x86)\DAZ 3D

2011-05-23 15:35 . 2011-05-23 15:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-22 17:56 . 2011-05-22 17:56 -------- d-----w- c:\users\Sandy\AppData\Roaming\com.amazon.music.uploader

2011-05-22 17:56 . 2011-05-22 17:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-05-22 17:56 . 2011-05-22 17:56 -------- d-----w- c:\program files (x86)\Amazon

2011-05-22 17:54 . 2011-05-22 17:54 -------- d-----w- c:\users\Sandy\AppData\Local\Adobe

2011-05-19 15:30 . 2011-05-19 15:30 -------- d-----w- c:\program files (x86)\Soda PDF

2011-05-19 15:28 . 2011-06-05 10:48 -------- d-----w- c:\users\Sandy\AppData\Roaming\PDF Software

2011-05-17 14:59 . 2011-05-17 14:59 -------- d-----w- c:\program files (x86)\XVID Player

2011-05-17 14:58 . 2011-05-17 14:58 -------- d-----w- c:\program files (x86)\Common Files\RingtoneJunkiez

2011-05-17 14:58 . 2011-05-17 14:58 -------- d-----w- c:\program files (x86)\RingtoneJunkiez Desktop

2011-05-07 20:17 . 2011-05-07 20:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-06 23:57 . 2011-05-06 23:57 -------- d-----w- c:\users\Sandy\FrostWire

2011-05-06 23:57 . 2011-05-29 01:29 -------- d-----w- c:\users\Sandy\AppData\Roaming\FrostWire

2011-05-06 23:56 . 2011-05-06 23:57 -------- d-----w- c:\program files (x86)\FrostWire

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 23:14 . 2011-03-01 01:55 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-03 00:36 . 2011-05-03 00:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-03 00:36 . 2011-05-03 00:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-03 00:36 . 2011-05-03 00:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-03 00:36 . 2011-05-03 00:36 284744 ----a-w- c:\windows\SysWow64\guard32.dll

2011-05-03 00:36 . 2011-05-03 00:36 360976 ----a-w- c:\windows\system32\guard64.dll

2011-04-30 02:44 . 2011-04-24 05:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-04-30 02:44 . 2011-04-13 00:01 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-04-30 02:44 . 2011-03-01 03:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-04-29 01:55 . 2011-04-29 01:57 258352 ----a-w- c:\windows\SysWow64\unicows.dll

2011-04-29 00:44 . 2011-03-01 02:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-29 00:43 . 2011-03-01 02:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-04-25 00:38 . 2011-03-01 02:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-04-24 05:14 . 2011-04-24 05:14 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-03-18 03:36 . 2011-03-18 03:36 1448809 ----a-w- c:\users\Sandy\DOSBox0.74-win32-installer.exe

2011-03-18 03:20 . 2011-03-18 03:20 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-03-18 03:18 . 2011-03-18 03:18 11193664 ----a-w- c:\users\Sandy\DTLite4402-0131.exe

2011-03-18 03:12 . 2011-03-18 03:12 13835919 ----a-w- c:\users\Sandy\D-Fend-Reloaded-1.1.0-Setup.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-28_19.55.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-28 21:54 . 2011-05-28 21:54 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 54272 c:\windows\SysWOW64\pngfilt.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 48640 c:\windows\SysWOW64\mshtmler.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 72704 c:\windows\SysWOW64\mshtmled.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 11776 c:\windows\SysWOW64\mshta.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 10752 c:\windows\SysWOW64\msfeedssync.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 41472 c:\windows\SysWOW64\msfeedsbs.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 23552 c:\windows\SysWOW64\licmgr10.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 78848 c:\windows\SysWOW64\inseng.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 35840 c:\windows\SysWOW64\imgutil.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 86528 c:\windows\SysWOW64\iesysprep.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 74752 c:\windows\SysWOW64\iesetup.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 31744 c:\windows\SysWOW64\iernonce.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 74240 c:\windows\SysWOW64\ie4uinit.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 66048 c:\windows\SysWOW64\icardie.dll

+ 2009-07-14 04:54 . 2011-06-05 10:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-05-28 19:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-05-28 19:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-05 10:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-28 19:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-05 10:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-01 01:38 . 2011-06-02 11:20 27442 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-05 10:52 34744 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-28 21:54 . 2011-05-28 21:54 91648 c:\windows\system32\SetIEInstalledDate.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 89088 c:\windows\system32\RegisterIEPKEYs.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 65024 c:\windows\system32\pngfilt.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 48640 c:\windows\system32\mshtmler.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 96256 c:\windows\system32\mshtmled.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 12288 c:\windows\system32\mshta.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 10752 c:\windows\system32\msfeedssync.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 55296 c:\windows\system32\msfeedsbs.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 86528 c:\windows\system32\migration\WininetPlugin.dll

+ 2011-03-01 04:35 . 2011-05-29 07:14 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2011-03-01 04:35 . 2011-03-01 01:30 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2011-05-28 21:54 . 2011-05-28 21:54 30720 c:\windows\system32\licmgr10.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 85504 c:\windows\system32\jsproxy.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 49664 c:\windows\system32\imgutil.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 85504 c:\windows\system32\iesetup.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 39936 c:\windows\system32\iernonce.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 89088 c:\windows\system32\ie4uinit.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 82432 c:\windows\system32\icardie.dll

- 2009-07-14 05:30 . 2011-03-18 03:20 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-05-28 23:40 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-05-07 20:17 . 2011-05-07 20:17 92688 c:\windows\system32\DriverStore\FileRepository\inspect.inf_amd64_neutral_5379ce3149166da4\inspect.sys

- 2011-03-01 04:18 . 2011-05-28 19:29 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-01 04:18 . 2011-06-05 10:48 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-03-01 04:18 . 2011-05-28 19:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-03-01 04:18 . 2011-06-05 10:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-05 10:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-28 19:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-01 01:27 . 2011-05-28 19:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-01 01:27 . 2011-05-28 20:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-05-29 10:39 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-03-01 01:27 . 2011-05-28 19:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-03-01 01:27 . 2011-05-28 20:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-03-01 01:27 . 2011-05-28 19:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-01 01:27 . 2011-05-28 20:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-01 01:27 . 2011-05-28 19:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-01 01:27 . 2011-05-28 20:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-03-01 01:27 . 2011-05-28 19:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-01 01:27 . 2011-05-28 20:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-01 17:31 . 2011-06-04 04:48 8948 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-03-01 01:28 . 2011-06-05 10:52 9272 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2961536805-3914987299-3866974969-1001_UserData.bin

- 2011-05-28 19:29 . 2011-05-28 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-05 19:52 . 2011-06-05 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-28 19:29 . 2011-05-28 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-05 19:52 . 2011-06-05 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-05-28 21:51 . 2011-05-28 21:51 135168 c:\windows\SysWOW64\XpsRasterService.dll

- 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 442880 c:\windows\SysWOW64\XpsPrint.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 283648 c:\windows\SysWOW64\XpsGdiConverter.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 152064 c:\windows\SysWOW64\wextract.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 203776 c:\windows\SysWOW64\webcheck.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 420864 c:\windows\SysWOW64\vbscript.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 231936 c:\windows\SysWOW64\url.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 123392 c:\windows\SysWOW64\occache.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 162304 c:\windows\SysWOW64\msrating.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 161792 c:\windows\SysWOW64\msls31.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 580608 c:\windows\SysWOW64\msfeeds.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 196608 c:\windows\SysWOW64\mfreadwrite.dll

+ 2011-06-03 13:58 . 2011-06-03 13:58 235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe

+ 2011-06-03 13:58 . 2011-06-03 13:58 311456 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.dll

- 2011-03-01 10:27 . 2011-01-05 05:34 716800 c:\windows\SysWOW64\jscript.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 716800 c:\windows\SysWOW64\jscript.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 150528 c:\windows\SysWOW64\iexpress.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 142848 c:\windows\SysWOW64\ieUnatt.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 176640 c:\windows\SysWOW64\ieui.dll

- 2011-03-01 10:30 . 2010-12-18 05:29 176640 c:\windows\SysWOW64\ieui.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 118784 c:\windows\SysWOW64\iepeers.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 353584 c:\windows\SysWOW64\iedkcs32.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 434176 c:\windows\SysWOW64\ieapfltr.dll

- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 163840 c:\windows\SysWOW64\ieakui.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 227840 c:\windows\SysWOW64\ieaksie.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 130560 c:\windows\SysWOW64\ieakeng.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 110592 c:\windows\SysWOW64\IEAdvpack.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 223232 c:\windows\SysWOW64\dxtrans.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 353792 c:\windows\SysWOW64\dxtmsft.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 218624 c:\windows\SysWOW64\d3d10_1core.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 161792 c:\windows\SysWOW64\d3d10_1.dll

- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 739840 c:\windows\SysWOW64\d2d1.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 101888 c:\windows\SysWOW64\admparse.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 229888 c:\windows\system32\XpsRasterService.dll

- 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 662528 c:\windows\system32\XpsPrint.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 470016 c:\windows\system32\XpsGdiConverter.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 160256 c:\windows\system32\wextract.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 249344 c:\windows\system32\webcheck.dll

+ 2011-03-01 11:53 . 2011-05-31 01:01 237486 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-05-28 21:54 . 2011-05-28 21:54 603648 c:\windows\system32\vbscript.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 236544 c:\windows\system32\url.dll

- 2009-07-14 02:36 . 2011-05-28 19:36 624178 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-05-29 23:51 624178 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-05-28 19:36 106522 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-05-29 23:51 106522 c:\windows\system32\perfc009.dat

+ 2011-05-28 21:54 . 2011-05-28 21:54 149504 c:\windows\system32\occache.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 197120 c:\windows\system32\msrating.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 222208 c:\windows\system32\msls31.dll

- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 697344 c:\windows\system32\msfeeds.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 257024 c:\windows\system32\mfreadwrite.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 206848 c:\windows\system32\mfps.dll

- 2009-07-14 00:18 . 2009-07-14 01:41 206848 c:\windows\system32\mfps.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 818176 c:\windows\system32\jscript.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 103936 c:\windows\system32\inseng.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 165888 c:\windows\system32\iexpress.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 173056 c:\windows\system32\ieUnatt.exe

+ 2011-05-28 21:54 . 2011-05-28 21:54 248320 c:\windows\system32\ieui.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 111616 c:\windows\system32\iesysprep.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 145920 c:\windows\system32\iepeers.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 403248 c:\windows\system32\iedkcs32.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 534528 c:\windows\system32\ieapfltr.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 163840 c:\windows\system32\ieakui.dll

- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll

- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 267776 c:\windows\system32\ieaksie.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 160256 c:\windows\system32\ieakeng.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 135168 c:\windows\system32\IEAdvpack.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 282112 c:\windows\system32\dxtrans.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 452608 c:\windows\system32\dxtmsft.dll

+ 2009-07-14 05:30 . 2011-05-28 23:40 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-03-18 03:20 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-03-18 03:20 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2011-05-28 23:40 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-05-28 21:51 . 2011-05-28 21:51 265088 c:\windows\system32\drivers\dxgmms1.sys

+ 2011-05-28 21:51 . 2011-05-28 21:51 320512 c:\windows\system32\d3d10_1core.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 197120 c:\windows\system32\d3d10_1.dll

- 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 902656 c:\windows\system32\d2d1.dll

+ 2009-07-14 05:38 . 2011-05-29 11:20 262144 c:\windows\system32\config\systemprofile\ntuser.dat

- 2009-07-14 05:38 . 2011-03-01 04:05 262144 c:\windows\system32\config\systemprofile\ntuser.dat

+ 2011-05-28 21:51 . 2011-05-28 21:51 144384 c:\windows\system32\cdd.dll

- 2011-03-01 10:27 . 2010-05-19 19:48 144384 c:\windows\system32\cdd.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 114176 c:\windows\system32\admparse.dll

+ 2009-07-14 05:01 . 2011-06-05 19:51 277820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-11 02:53 . 2011-06-05 19:51 855284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2961536805-3914987299-3866974969-1001-8192.dat

+ 2011-05-29 07:14 . 2011-06-05 19:51 523924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2961536805-3914987299-3866974969-1001-12288.dat

+ 2011-05-28 21:51 . 2011-05-28 21:51 1619456 c:\windows\SysWOW64\WMVDECOD.DLL

+ 2011-05-28 21:54 . 2011-05-28 21:54 1126912 c:\windows\SysWOW64\wininet.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 1102336 c:\windows\SysWOW64\urlmon.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 3181568 c:\windows\SysWOW64\mf.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 1797632 c:\windows\SysWOW64\jscript9.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 1785344 c:\windows\SysWOW64\iertutil.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 9702400 c:\windows\SysWOW64\ieframe.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 3695416 c:\windows\SysWOW64\ieapfltr.dat

- 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1495040 c:\windows\SysWOW64\ExplorerFrame.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1074176 c:\windows\SysWOW64\DWrite.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1170944 c:\windows\SysWOW64\d3d10warp.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1888256 c:\windows\system32\WMVDECOD.DLL

+ 2011-05-28 21:54 . 2011-05-28 21:54 1389056 c:\windows\system32\wininet.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 1344000 c:\windows\system32\urlmon.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 4068864 c:\windows\system32\mf.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 2303488 c:\windows\system32\jscript9.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 2136064 c:\windows\system32\iertutil.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 3695416 c:\windows\system32\ieapfltr.dat

+ 2011-05-28 21:51 . 2011-05-28 21:51 1133568 c:\windows\system32\FntCache.dll

- 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1863680 c:\windows\system32\ExplorerFrame.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1540608 c:\windows\system32\DWrite.dll

+ 2011-05-28 21:51 . 2011-05-28 21:51 1837568 c:\windows\system32\d3d10warp.dll

+ 2009-07-14 04:45 . 2011-05-29 07:25 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-05-27 12:46 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2007-01-11 20:58 . 2007-01-11 20:58 2634752 c:\windows\Installer\30e508.msi

+ 2011-05-28 21:54 . 2011-05-28 21:54 12268544 c:\windows\SysWOW64\mshtml.dll

+ 2009-07-14 02:34 . 2011-06-05 11:04 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2011-05-28 14:13 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-05-28 21:54 . 2011-05-28 21:54 17773056 c:\windows\system32\mshtml.dll

+ 2011-05-28 21:54 . 2011-05-28 21:54 10884096 c:\windows\system32\ieframe.dll

+ 2011-05-28 23:36 . 2011-05-28 23:36 31138816 c:\windows\Installer\357ec4.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5CFCAFF6-5BB0-4864-B626-021C99ED82E5}]

2011-04-29 00:31 91992 ----a-w- c:\program files (x86)\Soda PDF\PDFIEHelper.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{980EB9EC-6EB5-4258-BDDB-EFE25C5F99EF}"= "c:\program files (x86)\Soda PDF\PDFIEPlugin.dll" [2011-04-29 740184]

.

[HKEY_CLASSES_ROOT\clsid\{980eb9ec-6eb5-4258-bddb-efe25c5f99ef}]

[HKEY_CLASSES_ROOT\SodaPDFIEPlugin.PDFIEConverter.1]

[HKEY_CLASSES_ROOT\TypeLib\{EA100F6A-F239-4E91-9EA6-8B47CAD4EF0D}]

[HKEY_CLASSES_ROOT\SodaPDFIEPlugin.PDFIEConverter]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]

R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]

R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]

R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]

R2 Soda PDF Service;Soda PDF Service;c:\program files (x86)\Soda PDF\ConversionService.exe [2011-04-29 889176]

R3 Soda PDF Helper Service;Soda PDF Helper Service;c:\program files (x86)\Soda PDF\HelperService.exe [2011-04-29 813400]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961536805-3914987299-3866974969-1001Core.job

- c:\users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 14:00]

.

2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2961536805-3914987299-3866974969-1001UA.job

- c:\users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 14:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [bU]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-05 1875048]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 9057608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: mswsock.dll

TCP: Interfaces\{14696582-4EF6-4152-B2B7-8942371BBD02}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{14696582-4EF6-4152-B2B7-8942371BBD02}\3514E44495D20534F5E4564777F627B6: NameServer = 192.168.254.254

TCP: Interfaces\{14696582-4EF6-4152-B2B7-8942371BBD02}\C696E6B6379737: NameServer = 192.168.254.254

TCP: Interfaces\{14696582-4EF6-4152-B2B7-8942371BBD02}\C696E6B6379737F5355435F52303539333: NameServer = 192.168.254.254

TCP: Interfaces\{91A51ED2-3196-4879-AFB4-9847447B33A7}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\iv4o91ag.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-05 16:19:20

ComboFix-quarantined-files.txt 2011-06-05 20:19

ComboFix2.txt 2011-05-28 20:01

.

Pre-Run: 207,396,438,016 bytes free

Post-Run: 207,822,393,344 bytes free

.

- - End Of File - - D863B8312FE32E87A55AD698327BFC99

DDS

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sandy at 16:50:57 on 2011-06-05

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1706 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files (x86)\Soda PDF\ConversionService.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\STacSV64.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Opera\opera.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Sandy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Sandy\Desktop\dds.scr

C:\Windows\SysWOW64\WSCRIPT.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Soda PDF Helper: {5cfcaff6-5bb0-4864-b626-021c99ed82e5} - C:\Program Files (x86)\Soda PDF\PDFIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Soda PDF Toolbar: {980eb9ec-6eb5-4258-bddb-efe25c5f99ef} - C:\Program Files (x86)\Soda PDF\PDFIEPlugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Sandy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {14696582-4EF6-4152-B2B7-8942371BBD02} = 156.154.70.22,156.154.71.22

TCP: 3514E44495D20534F5E4564777F627B6 = 192.168.254.254

TCP: C696E6B6379737 = 192.168.254.254

TCP: C696E6B6379737F5355435F52303539333 = 192.168.254.254

TCP: {91A51ED2-3196-4879-AFB4-9847447B33A7} = 156.154.70.22,156.154.71.22

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

mRun-x64: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe

mRun-x64: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

AppInit_DLLs-X64: C:\Windows\System32\guard64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\iv4o91ag.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=

.

============= SERVICES / DRIVERS ===============

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2011-5-26 22528]

R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]

R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]

R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]

R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]

R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]

R2 Soda PDF Service;Soda PDF Service;C:\Program Files (x86)\Soda PDF\ConversionService.exe [2011-4-28 889176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Soda PDF Helper Service;Soda PDF Helper Service;C:\Program Files (x86)\Soda PDF\HelperService.exe [2011-4-28 813400]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-05 20:41:42 -------- d-sh--w- C:\$RECYCLE.BIN

2011-06-03 14:01:47 -------- d-----w- C:\Users\Sandy\AppData\Local\Yahoo

2011-06-03 13:54:30 -------- d-----w- C:\Program Files (x86)\Yahoo!

2011-05-30 22:28:03 -------- d-----w- C:\TDSSKiller_Quarantine

2011-05-30 22:16:08 1431344 ----a-w- C:\TDSSKiller.exe

2011-05-29 12:44:13 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE695FDC-D309-492C-8329-D85940F713EA}\mpengine.dll

2011-05-29 10:32:15 -------- d-----w- C:\Users\Sandy\AppData\Roaming\SUPERAntiSpyware.com

2011-05-29 10:32:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-05-29 10:32:09 -------- d-----w- C:\ProgramData\!SASCORE

2011-05-29 10:31:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-05-29 02:16:05 -------- d-----w- C:\ProgramData\Corel

2011-05-29 02:12:38 -------- d-----w- C:\Users\Sandy\AppData\Local\Corel

2011-05-29 02:08:42 -------- d-----w- C:\Program Files (x86)\Corel

2011-05-28 23:39:15 -------- d-----w- C:\Program Files\COMODO

2011-05-28 23:36:48 -------- d-----w- C:\ProgramData\Comodo

2011-05-28 21:51:56 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-05-28 19:31:54 98816 ----a-w- C:\Windows\sed.exe

2011-05-28 19:31:54 518144 ----a-w- C:\Windows\SWREG.exe

2011-05-28 19:31:54 256512 ----a-w- C:\Windows\PEV.exe

2011-05-28 19:31:54 208896 ----a-w- C:\Windows\MBR.exe

2011-05-28 18:12:14 -------- d-----w- C:\Users\Sandy\AppData\Roaming\Malwarebytes

2011-05-28 18:12:07 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-28 18:12:06 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-28 18:12:02 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-28 18:12:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-27 04:27:49 -------- d-----w- C:\Users\Sandy\AppData\Local\Apple Computer

2011-05-27 04:27:30 -------- d-----w- C:\Users\Sandy\AppData\Roaming\Barnes & Noble

2011-05-27 04:27:23 -------- d-----w- C:\Program Files (x86)\Barnes & Noble

2011-05-27 03:14:10 -------- d-----w- C:\ProgramData\DAZ 3D

2011-05-27 03:14:05 -------- d-----w- C:\Program Files\DAZ 3D

2011-05-26 12:42:49 -------- d-----w- C:\ProgramData\OptiTex

2011-05-26 12:34:57 -------- d-----w- C:\Program Files (x86)\Common Files\DAZ

2011-05-26 12:34:02 -------- d-----w- C:\Program Files (x86)\DAZ 3D

2011-05-23 15:35:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-22 17:56:36 -------- d-----w- C:\Users\Sandy\AppData\Roaming\com.amazon.music.uploader

2011-05-22 17:56:07 -------- d-----w- C:\Program Files (x86)\Amazon

2011-05-22 17:54:44 -------- d-----w- C:\Users\Sandy\AppData\Local\Adobe

2011-05-19 15:30:29 -------- d-----w- C:\Program Files (x86)\Soda PDF

2011-05-19 15:28:05 -------- d-----w- C:\Users\Sandy\AppData\Roaming\PDF Software

2011-05-17 14:59:11 -------- d-----w- C:\Program Files (x86)\XVID Player

2011-05-17 14:58:21 -------- d-----w- C:\Program Files (x86)\RingtoneJunkiez Desktop

2011-05-17 14:58:21 -------- d-----w- C:\Program Files (x86)\Common Files\RingtoneJunkiez

2011-05-06 23:57:27 -------- d-----w- C:\Users\Sandy\FrostWire

2011-05-06 23:57:17 -------- d-----w- C:\Users\Sandy\AppData\Roaming\FrostWire

2011-05-06 23:56:38 -------- d-----w- C:\Program Files (x86)\FrostWire

.

==================== Find3M ====================

.

2011-05-28 21:51:56 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-05-27 21:53:49 3766 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2011-05-27 21:53:42 56 --sh--r- C:\Windows\SysWow64\EFF05ABC3F.sys

2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-03 00:36:48 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-05-03 00:36:48 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-05-03 00:36:46 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-05-03 00:36:04 284744 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-05-03 00:36:02 360976 ----a-w- C:\Windows\System32\guard64.dll

2011-04-29 01:55:01 258352 ----a-w- C:\Windows\SysWow64\unicows.dll

2011-03-18 03:36:31 1448809 ----a-w- C:\Users\Sandy\DOSBox0.74-win32-installer.exe

2011-03-18 03:20:06 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-03-18 03:18:42 11193664 ----a-w- C:\Users\Sandy\DTLite4402-0131.exe

2011-03-18 03:12:58 13835919 ----a-w- C:\Users\Sandy\D-Fend-Reloaded-1.1.0-Setup.exe

.

============= FINISH: 16:54:29.91 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

here they are and again thank you for the guidance, as I understand it you are a volunteer doing this and I really do appreciate it.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=570a9837a12c5140a95f30ec5a7437b4

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-08 10:35:38

# local_time=2011-06-08 06:35:38 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=1538 16774142 20 3 6472943 135110744 0 0

# compatibility_mode=3073 16777213 80 75 792009 8877232 0 0

# compatibility_mode=5893 16776574 100 94 0 59047904 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=289252

# found=14

# cleaned=14

# scan_time=24885

C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP42\A0008966.exe Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP42\A0008967.dll Win32/NoAdware application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP42\A0008969.dll Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP43\A0010283.exe a variant of Win32/Kryptik.JJG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\30.05.2011_18.24.33\tdlfs0000\tsk0003.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\30.05.2011_18.24.33\tdlfs0000\tsk0004.dta Win64/Olmarik.R trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\30.05.2011_18.24.33\tdlfs0000\tsk0005.dta Win32/Olmarik.ADZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\30.05.2011_18.24.33\tdlfs0000\tsk0006.dta Win64/Olmarik.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows.old\Documents and Settings\Precision M6300\Local Settings\Application Data\Opera\Opera\cache\g_0026\opr01V11.tmp a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows.old\Documents and Settings\Precision M6300\Local Settings\Temp\ewxmnaocrs.tmp a variant of Win32/Kryptik.LIR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows.old\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows.old\Windows\rvwsetl.dll a variant of Win32/Kryptik.LIR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows.old\Windows\system32\6to4v32.dll probably a variant of Win32/Wimpixo.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.12

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

Panda Cloud Antivirus

Sociolotron 1.00

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Comodo Firewall cmdagent.exe

Panda Security Panda Cloud Antivirus PSUNMain.exe

``````````End of Log````````````

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.