I'm Infected.. Yay! ._.

Charade · July 30, 2011

I've had this virus for about a month now.. I've tried many things with the help of my tech (online), but he couldn't help (he relies solely on his wits, not anything else)..

So, here I am.

I've experienced really nothing except occasional Google Redirects, but, with viruses you can never be too sure. I figured it's time to FINALLY get rid of this thing with some PROFESSIONAL help.

Thanks in advance to whomever comes to assist me.

Note: I'm not technically intelligent whatsoever, but I'll be trying my hardest to go along with what you're recommending! :]

--

[Not sure if I'm supposed to 'attach' the two files now, or after you tell me to.. so I'll just leave them out for now.]

The thing that's said to be removed, isn't. It comes back after a restart, or just isn't deleted at all. It's just there, and won't go away with what I try. With my previous tech's help, I used a bunch of programs that I still have installed, which I'm pretty sure you'll ask me to use. Not sure if I should uninstall them or not. (examples: combofix, rkill, tdsskiller..); none of these seemed to work with my low-level technical skills. :-0

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/30/2011 10:48:01 AM

mbam-log-2011-07-30 (10-48-01).txt

Scan type: Quick scan

Objects scanned: 158937

Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Run by troyswi at 10:55:15 on 2011-07-30

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5903 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPA_TS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe

C:\Windows\system32\dleacoms.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe

C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAEM.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\explorer.exe

c:\program files (x86)\real\realplayer\RealPlay.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://sigma.pokemonvortex.org/your_team.php

uInternet Settings,ProxyOverride = *.local

BHO: {02baffbd-4260-4ed8-b509-e4b7401cf82a} - C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll

BHO: {05560adf-7b25-40ff-b408-3f6e6f512eb4} - C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll

BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: iMacros 7: {a310506f-6ba4-48c4-8887-1f462277aa12} - mscoree.dll

uRun: [Google Update] "C:\Users\troyswi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s

mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\troyswi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {A310506F-6BA4-48c4-8887-1F462277AA12} - mscoree.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

TCP: Interfaces\{684D61C6-AFC2-4E9E-A94E-3ECE0EB26783} : DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll

BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB-X64: {A310506F-6BA4-48C4-8887-1F462277AA12} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s

mRun-x64: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\troyswi\AppData\Roaming\Mozilla\Firefox\Profiles\mps0nv2i.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://forums.ijji.com/forumdisplay.php?f=79

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64848

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\troyswi\AppData\Roaming\Mozilla\Firefox\Profiles\mps0nv2i.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\imtcp_xpcom.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\troyswi\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - Ext: Easy-Hide-IP Firefox Plugin: support@easy-hide-ip.com - C:\Program Files (x86)\Easy-Hide-IP\ff-extension

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: XUL Cache: {c014d80a-b4ed-42ca-ac38-a0160cb5066a} - %profile%\extensions\{c014d80a-b4ed-42ca-ac38-a0160cb5066a}

FF - Ext: XUL Cache: {4636f24c-e3f1-4390-87e2-02ba08372da5} - %profile%\extensions\{4636f24c-e3f1-4390-87e2-02ba08372da5}

FF - Ext: XUL Cache: {40271a83-fe52-42c9-875b-5aa69ffec208} - %profile%\extensions\{40271a83-fe52-42c9-875b-5aa69ffec208}

FF - Ext: XUL Cache: {4fbf8087-30c4-46f6-97e9-d56b8795e341} - %profile%\extensions\{4fbf8087-30c4-46f6-97e9-d56b8795e341}

FF - Ext: XUL Cache: {1dda916b-a2f7-4c9f-a773-dfe5adb23c88} - %profile%\extensions\{1dda916b-a2f7-4c9f-a773-dfe5adb23c88}

FF - Ext: XUL Cache: {a7148e08-9dcc-430c-a305-e8f7b8c0ded5} - %profile%\extensions\{a7148e08-9dcc-430c-a305-e8f7b8c0ded5}

FF - Ext: XUL Cache: {0772bda2-530f-42b7-9717-fb7bd7d5026b} - %profile%\extensions\{0772bda2-530f-42b7-9717-fb7bd7d5026b}

FF - Ext: XUL Cache: {4f55d6e9-4cf3-403b-8a77-20413087e102} - %profile%\extensions\{4f55d6e9-4cf3-403b-8a77-20413087e102}

FF - Ext: XUL Cache: {e6b52706-93b9-473f-90fd-3cfb0e53dd4e} - %profile%\extensions\{e6b52706-93b9-473f-90fd-3cfb0e53dd4e}

FF - Ext: XUL Cache: {7c926b72-a3c2-4747-a0e3-04b82b926203} - %profile%\extensions\{7c926b72-a3c2-4747-a0e3-04b82b926203}

FF - Ext: XUL Cache: {747fd0e4-ec3c-4356-9960-10e2f4a63739} - %profile%\extensions\{747fd0e4-ec3c-4356-9960-10e2f4a63739}

FF - Ext: XUL Cache: {df28687c-9a39-4e15-854f-af3247fc7fd8} - %profile%\extensions\{df28687c-9a39-4e15-854f-af3247fc7fd8}

FF - Ext: XUL Cache: {907f6615-ca17-4a2e-b168-874b3da349f9} - %profile%\extensions\{907f6615-ca17-4a2e-b168-874b3da349f9}

FF - Ext: XUL Cache: {b4d6a01a-4879-4c28-8a4a-4e244fe73384} - %profile%\extensions\{b4d6a01a-4879-4c28-8a4a-4e244fe73384}

FF - Ext: XUL Cache: {facca4a5-2dc8-4aad-8f8f-5d9ee93d66b9} - %profile%\extensions\{facca4a5-2dc8-4aad-8f8f-5d9ee93d66b9}

FF - Ext: XUL Cache: {6b36e3c7-6f23-4017-b302-04187ec1b696} - %profile%\extensions\{6b36e3c7-6f23-4017-b302-04187ec1b696}

FF - Ext: XUL Cache: {77c2c07a-9d90-481d-92ea-84c4f59e4841} - %profile%\extensions\{77c2c07a-9d90-481d-92ea-84c4f59e4841}

FF - Ext: XUL Cache: {aaed32ad-1e47-4745-8b74-773216ecc790} - %profile%\extensions\{aaed32ad-1e47-4745-8b74-773216ecc790}

FF - Ext: XUL Cache: {0823b41f-9676-431a-b2e7-4d360a7b743d} - %profile%\extensions\{0823b41f-9676-431a-b2e7-4d360a7b743d}

FF - Ext: XUL Cache: {1ab7b2f2-034e-4cfd-aba2-4f5f2878f831} - %profile%\extensions\{1ab7b2f2-034e-4cfd-aba2-4f5f2878f831}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-25 42184]

R2 BPAAgent8;AutoMate BPA Server 8 Agent;C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPA_TS.exe [2011-2-11 11323392]

R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]

R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-9-18 33448]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-30 13336]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 689472]

R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-9-16 1956136]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

S2 BPA_Execution;AutoMate BPA Server 8 Execution Server;C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAS_EXEC.exe [2011-2-11 376832]

S2 BPA_Management;AutoMate BPA Server 8 Management Server;C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAS_MAN.exe [2011-2-11 376832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EFS32;Encrypting File System (EFS) ;C:\Windows\system32\OnLineIDCpl32.exe --> C:\Windows\system32\OnLineIDCpl32.exe [?]

S2 FLEXnet Licensing Service32;FLEXnet Licensing Service ;C:\Windows\system32\catsrv32.exe --> C:\Windows\system32\catsrv32.exe [?]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\windows\system32\capiprovider32.exe --> c:\windows\system32\capiprovider32.exe [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-22 17:19:15 542720 ----a-w- C:\Windows\SysWow64\yA

2011-07-20 14:18:20 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-07-13 12:15:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-13 12:15:59 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-13 12:15:59 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-13 12:15:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-13 12:15:59 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-13 12:15:57 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-13 12:15:57 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-13 12:15:52 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-08 18:01:17 -------- d-----w- C:\Program Files\iPod

2011-07-08 17:59:52 -------- d-----w- C:\Program Files\Bonjour

2011-07-08 17:59:52 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-07-03 20:02:53 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-07-03 20:02:53 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-03 20:02:50 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-03 20:02:45 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-03 20:02:45 -------- d-----w- C:\Program Files\AVAST Software

2011-07-03 20:00:14 98816 ----a-w- C:\Windows\sed.exe

2011-07-03 20:00:14 518144 ----a-w- C:\Windows\SWREG.exe

2011-07-03 20:00:14 256000 ----a-w- C:\Windows\PEV.exe

2011-07-03 20:00:14 208896 ----a-w- C:\Windows\MBR.exe

2011-07-03 20:00:12 -------- d-s---w- C:\comfix.exe

2011-07-03 01:30:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-06-30 21:16:01 349184 ----a-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll

.

==================== Find3M ====================

.

2011-07-07 15:51:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-29 21:17:10 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-05-29 21:17:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll

2011-05-08 14:59:19 380008 ----a-w- C:\Windows\SysWow64\PMangAX0.dll

2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

.

============= FINISH: 10:57:46.61 ===============

D-FRED-BROWN · July 30, 2011

Hello Charade and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

C:\ComboFix.txt
TDSSKiller log
Security Check checkup.txt

How is your computer running now?

Charade · July 31, 2011

Hmm. Everything appears to be better; unsure though.

[The Malwarebytes log I posted was from an out-of-date version of Malwarebytes; when I scanned with it, before your post, it received more "infections."]

Posting this log just in case it's important.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7338

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/31/2011 10:37:10 AM

mbam-log-2011-07-31 (10-37-10).txt

Scan type: Quick scan

Objects scanned: 233735

Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{02BAFFBD-4260-4ED8-B509-E4B7401CF82a} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02BAFFBD-4260-4ED8-B509-E4B7401CF82A} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02BAFFBD-4260-4ED8-B509-E4B7401CF82A} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BAFFBD-4260-4ED8-B509-E4B7401CF82A} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

c:\Windows\System32\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

c:\Windows\System32\yA (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\yA (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\troyswi\AppData\Local\Temp\tmph1598299929656929788.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\troyswi\AppData\Local\Temp\tmph4585799952771104555.tmp (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.

--

Onto the ones you requested.

2011/07/31 10:48:07.0638 1548 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/07/31 10:48:07.0960 1548 ================================================================================

2011/07/31 10:48:07.0960 1548 SystemInfo:

2011/07/31 10:48:07.0960 1548

2011/07/31 10:48:07.0960 1548 OS Version: 6.1.7600 ServicePack: 0.0

2011/07/31 10:48:07.0960 1548 Product type: Workstation

2011/07/31 10:48:07.0960 1548 ComputerName: STEVESWI-PC

2011/07/31 10:48:07.0960 1548 UserName: troyswi

2011/07/31 10:48:07.0960 1548 Windows directory: C:\Windows

2011/07/31 10:48:07.0960 1548 System windows directory: C:\Windows

2011/07/31 10:48:07.0960 1548 Running under WOW64

2011/07/31 10:48:07.0960 1548 Processor architecture: Intel x64

2011/07/31 10:48:07.0960 1548 Number of processors: 8

2011/07/31 10:48:07.0960 1548 Page size: 0x1000

2011/07/31 10:48:07.0960 1548 Boot type: Normal boot

2011/07/31 10:48:07.0960 1548 ================================================================================

2011/07/31 10:48:09.0348 1548 Initialize success

2011/07/31 10:48:15.0012 3728 ================================================================================

2011/07/31 10:48:15.0012 3728 Scan started

2011/07/31 10:48:15.0012 3728 Mode: Manual;

2011/07/31 10:48:15.0012 3728 ================================================================================

2011/07/31 10:48:16.0916 3728 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/07/31 10:48:16.0963 3728 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/07/31 10:48:16.0983 3728 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/07/31 10:48:17.0041 3728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/31 10:48:17.0099 3728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/31 10:48:17.0119 3728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/31 10:48:17.0185 3728 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

2011/07/31 10:48:17.0200 3728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/07/31 10:48:17.0246 3728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/07/31 10:48:17.0297 3728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/07/31 10:48:17.0310 3728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/31 10:48:17.0449 3728 amdkmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/31 10:48:17.0580 3728 amdkmdap (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/07/31 10:48:17.0603 3728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/31 10:48:17.0643 3728 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

2011/07/31 10:48:17.0677 3728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/31 10:48:17.0700 3728 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

2011/07/31 10:48:17.0757 3728 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/07/31 10:48:17.0893 3728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/31 10:48:17.0927 3728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/31 10:48:18.0023 3728 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys

2011/07/31 10:48:18.0161 3728 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys

2011/07/31 10:48:18.0190 3728 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys

2011/07/31 10:48:18.0274 3728 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys

2011/07/31 10:48:18.0311 3728 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys

2011/07/31 10:48:18.0328 3728 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys

2011/07/31 10:48:18.0374 3728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/31 10:48:18.0412 3728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/07/31 10:48:18.0457 3728 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys

2011/07/31 10:48:18.0516 3728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/31 10:48:18.0545 3728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/31 10:48:18.0574 3728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/31 10:48:18.0610 3728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/31 10:48:18.0673 3728 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/31 10:48:18.0723 3728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/31 10:48:18.0735 3728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/31 10:48:18.0781 3728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/31 10:48:18.0806 3728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/31 10:48:18.0824 3728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/31 10:48:18.0835 3728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/31 10:48:18.0889 3728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/31 10:48:18.0952 3728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/31 10:48:18.0972 3728 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/31 10:48:18.0993 3728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/31 10:48:19.0026 3728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/31 10:48:19.0073 3728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/31 10:48:19.0090 3728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/07/31 10:48:19.0117 3728 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/07/31 10:48:19.0141 3728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/31 10:48:19.0167 3728 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/07/31 10:48:19.0208 3728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/31 10:48:19.0247 3728 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys

2011/07/31 10:48:19.0300 3728 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

2011/07/31 10:48:19.0327 3728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/31 10:48:19.0361 3728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/31 10:48:19.0418 3728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/31 10:48:19.0587 3728 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/31 10:48:19.0968 3728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/31 10:48:20.0111 3728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/31 10:48:20.0134 3728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/07/31 10:48:20.0186 3728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/31 10:48:20.0208 3728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/31 10:48:20.0231 3728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/31 10:48:20.0288 3728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/31 10:48:20.0306 3728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/31 10:48:20.0339 3728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/31 10:48:20.0365 3728 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/07/31 10:48:20.0391 3728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/31 10:48:20.0430 3728 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/31 10:48:20.0471 3728 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/31 10:48:20.0497 3728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/31 10:48:20.0535 3728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/31 10:48:20.0565 3728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/31 10:48:20.0593 3728 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/31 10:48:20.0622 3728 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

2011/07/31 10:48:20.0641 3728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/31 10:48:20.0660 3728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/31 10:48:20.0677 3728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/31 10:48:20.0712 3728 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/31 10:48:20.0749 3728 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/07/31 10:48:20.0783 3728 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/07/31 10:48:20.0804 3728 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/31 10:48:20.0826 3728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/31 10:48:20.0855 3728 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys

2011/07/31 10:48:20.0900 3728 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

2011/07/31 10:48:20.0925 3728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/31 10:48:20.0978 3728 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys

2011/07/31 10:48:21.0018 3728 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

2011/07/31 10:48:21.0043 3728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/07/31 10:48:21.0071 3728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/31 10:48:21.0100 3728 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/31 10:48:21.0135 3728 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/07/31 10:48:21.0148 3728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/31 10:48:21.0188 3728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/31 10:48:21.0212 3728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/07/31 10:48:21.0236 3728 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/31 10:48:21.0284 3728 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys

2011/07/31 10:48:21.0303 3728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/31 10:48:21.0339 3728 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/31 10:48:21.0359 3728 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/31 10:48:21.0385 3728 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/31 10:48:21.0400 3728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/31 10:48:21.0443 3728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/31 10:48:21.0506 3728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/31 10:48:21.0524 3728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/31 10:48:21.0541 3728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/31 10:48:21.0560 3728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/31 10:48:21.0580 3728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/31 10:48:21.0602 3728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/31 10:48:21.0625 3728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/31 10:48:21.0654 3728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/31 10:48:21.0672 3728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/31 10:48:21.0686 3728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/31 10:48:21.0699 3728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/31 10:48:21.0715 3728 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/07/31 10:48:21.0729 3728 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/07/31 10:48:21.0744 3728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/31 10:48:21.0789 3728 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/31 10:48:21.0827 3728 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/31 10:48:21.0866 3728 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/31 10:48:21.0908 3728 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/31 10:48:21.0964 3728 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

2011/07/31 10:48:21.0982 3728 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/07/31 10:48:22.0019 3728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/31 10:48:22.0037 3728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/31 10:48:22.0062 3728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/07/31 10:48:22.0093 3728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/31 10:48:22.0109 3728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/31 10:48:22.0130 3728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/31 10:48:22.0161 3728 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/07/31 10:48:22.0182 3728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/31 10:48:22.0202 3728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/31 10:48:22.0220 3728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/31 10:48:22.0239 3728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/31 10:48:22.0277 3728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/31 10:48:22.0330 3728 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/07/31 10:48:22.0360 3728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/31 10:48:22.0380 3728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/31 10:48:22.0402 3728 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/31 10:48:22.0425 3728 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/31 10:48:22.0443 3728 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/07/31 10:48:22.0465 3728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/31 10:48:22.0483 3728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/31 10:48:22.0541 3728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/31 10:48:22.0590 3728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/31 10:48:22.0642 3728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/31 10:48:22.0703 3728 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

2011/07/31 10:48:22.0739 3728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/31 10:48:22.0814 3728 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

2011/07/31 10:48:22.0839 3728 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

2011/07/31 10:48:22.0872 3728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/07/31 10:48:22.0906 3728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/31 10:48:22.0985 3728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/31 10:48:23.0008 3728 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/07/31 10:48:23.0130 3728 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

2011/07/31 10:48:23.0209 3728 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/07/31 10:48:23.0241 3728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/07/31 10:48:23.0259 3728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/31 10:48:23.0286 3728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/31 10:48:23.0324 3728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/31 10:48:23.0413 3728 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/31 10:48:23.0433 3728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/31 10:48:23.0472 3728 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/31 10:48:23.0510 3728 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/07/31 10:48:23.0557 3728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/31 10:48:23.0597 3728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/31 10:48:23.0654 3728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/31 10:48:23.0684 3728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/31 10:48:23.0714 3728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/31 10:48:23.0738 3728 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/31 10:48:23.0770 3728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/31 10:48:23.0792 3728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/31 10:48:23.0816 3728 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/31 10:48:23.0837 3728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/31 10:48:23.0859 3728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/31 10:48:23.0882 3728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/31 10:48:23.0906 3728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/31 10:48:23.0926 3728 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/07/31 10:48:23.0966 3728 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/07/31 10:48:24.0020 3728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/31 10:48:24.0084 3728 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/07/31 10:48:24.0129 3728 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/31 10:48:24.0165 3728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/31 10:48:24.0196 3728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/31 10:48:24.0214 3728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/31 10:48:24.0242 3728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/31 10:48:24.0279 3728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/07/31 10:48:24.0301 3728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/07/31 10:48:24.0317 3728 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/07/31 10:48:24.0336 3728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/31 10:48:24.0398 3728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/31 10:48:24.0412 3728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/31 10:48:24.0425 3728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/31 10:48:24.0463 3728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/31 10:48:24.0510 3728 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

2011/07/31 10:48:24.0538 3728 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/31 10:48:24.0576 3728 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/31 10:48:24.0617 3728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/31 10:48:24.0661 3728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/31 10:48:24.0721 3728 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

2011/07/31 10:48:24.0796 3728 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys

2011/07/31 10:48:24.0862 3728 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/31 10:48:24.0898 3728 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/31 10:48:24.0924 3728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/31 10:48:24.0936 3728 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/31 10:48:24.0989 3728 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/31 10:48:25.0016 3728 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/31 10:48:25.0058 3728 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/31 10:48:25.0073 3728 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/31 10:48:25.0097 3728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/31 10:48:25.0127 3728 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/31 10:48:25.0195 3728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/07/31 10:48:25.0215 3728 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/31 10:48:25.0253 3728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/31 10:48:25.0294 3728 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

2011/07/31 10:48:25.0333 3728 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

2011/07/31 10:48:25.0369 3728 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/31 10:48:25.0391 3728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/07/31 10:48:25.0411 3728 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

2011/07/31 10:48:25.0435 3728 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/31 10:48:25.0479 3728 usbio (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\dsiarhwprog_x64.sys

2011/07/31 10:48:25.0509 3728 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

2011/07/31 10:48:25.0528 3728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/31 10:48:25.0568 3728 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/31 10:48:25.0615 3728 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/31 10:48:25.0668 3728 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

2011/07/31 10:48:25.0714 3728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/07/31 10:48:25.0747 3728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/31 10:48:25.0771 3728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/31 10:48:25.0794 3728 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/07/31 10:48:25.0840 3728 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys

2011/07/31 10:48:25.0867 3728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/07/31 10:48:25.0888 3728 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/07/31 10:48:25.0908 3728 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/07/31 10:48:25.0934 3728 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/07/31 10:48:25.0967 3728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/31 10:48:25.0997 3728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/07/31 10:48:26.0027 3728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/31 10:48:26.0054 3728 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/31 10:48:26.0068 3728 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/31 10:48:26.0156 3728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/31 10:48:26.0184 3728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/31 10:48:26.0254 3728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/31 10:48:26.0295 3728 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

2011/07/31 10:48:26.0319 3728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/31 10:48:26.0420 3728 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/31 10:48:26.0436 3728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/31 10:48:26.0485 3728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/31 10:48:26.0530 3728 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

2011/07/31 10:48:26.0572 3728 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/31 10:48:26.0721 3728 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

2011/07/31 10:48:26.0741 3728 Boot (0x1200) (bc9a11633259728740939cf0e71a0b4a) \Device\Harddisk0\DR0\Partition0

2011/07/31 10:48:26.0752 3728 Boot (0x1200) (49a3865dff989b9ba35ece3357abcccc) \Device\Harddisk0\DR0\Partition1

2011/07/31 10:48:26.0755 3728 ================================================================================

2011/07/31 10:48:26.0755 3728 Scan finished

2011/07/31 10:48:26.0755 3728 ================================================================================

2011/07/31 10:48:26.0764 2732 Detected object count: 0

2011/07/31 10:48:26.0764 2732 Actual detected object count: 0

Charade · July 31, 2011

I couldn't fit the ComboFix log in one post, so I attached it to this one. o_o

CheckUp..

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 23

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (3.6.18) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

combofix.txt

D-FRED-BROWN · July 31, 2011

That ComboFix log was a doozy :lol: !

Let's run a few more scans:

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

--------

Please do the following:

Please download aswMBR.exe from here and save it to your Desktop.
Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
Click Scan
Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

--------

Please include the MBRCheck log, the aswMBR report, and the MBR.dat zip file in your next reply

Charade · July 31, 2011

MBRCheck

--

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Studio XPS 8100

Logical Drives Mask: 0x000003fc

Kernel Drivers (total 188):

0x02C52000 \SystemRoot\system32\ntoskrnl.exe

0x02C09000 \SystemRoot\system32\hal.dll

0x00BAB000 \SystemRoot\system32\kdcom.dll

0x00CA2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CE6000 \SystemRoot\system32\PSHED.dll

0x00CFA000 \SystemRoot\system32\CLFS.SYS

0x00EB7000 \SystemRoot\system32\CI.dll

0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F77000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FCE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FD7000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00FE1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00D58000 \SystemRoot\system32\DRIVERS\pci.sys

0x00D8B000 \SystemRoot\System32\drivers\partmgr.sys

0x00DA0000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys

0x010EB000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x012F3000 \SystemRoot\system32\drivers\amdxata.sys

0x012FE000 \SystemRoot\system32\drivers\fltmgr.sys

0x0134A000 \SystemRoot\system32\drivers\fileinfo.sys

0x0135E000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01428000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0136A000 \SystemRoot\System32\Drivers\msrpc.sys

0x015CA000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x015E4000 \SystemRoot\System32\drivers\pcw.sys

0x015F5000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016E2000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01803000 \SystemRoot\System32\drivers\tcpip.sys

0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x016D5000 \SystemRoot\System32\Drivers\spldr.sys

0x00DB5000 \SystemRoot\System32\drivers\rdyboost.sys

0x017D4000 \SystemRoot\System32\Drivers\mup.sys

0x017E6000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01A0D000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01A47000 \SystemRoot\system32\DRIVERS\disk.sys

0x01A5D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x044D9000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x04503000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x0459B000 \SystemRoot\System32\Drivers\Null.SYS

0x045A4000 \SystemRoot\System32\Drivers\Beep.SYS

0x045AB000 \SystemRoot\System32\drivers\vga.sys

0x045B9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x045DE000 \SystemRoot\System32\drivers\watchdog.sys

0x045EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x045F7000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04200000 \SystemRoot\system32\drivers\rdprefmp.sys

0x04209000 \SystemRoot\System32\Drivers\Msfs.SYS

0x04214000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04225000 \SystemRoot\system32\DRIVERS\tdx.sys

0x04243000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x04250000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x0425E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x01A9B000 \SystemRoot\system32\drivers\afd.sys

0x042A3000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x042AD000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x01B24000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01B4A000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01B59000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x01B74000 \SystemRoot\system32\DRIVERS\termdd.sys

0x01B88000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x01BD9000 \SystemRoot\system32\drivers\nsiproxy.sys

0x01BE5000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x01BF0000 \SystemRoot\System32\drivers\discache.sys

0x01400000 \SystemRoot\System32\Drivers\dfsc.sys

0x017EF000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x02E83000 \SystemRoot\System32\Drivers\aswSP.SYS

0x02ED0000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02EF6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02F0C000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x04A07000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x0469A000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0478E000 \SystemRoot\System32\drivers\dxgmms1.sys

0x047D4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04600000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x04611000 \SystemRoot\system32\drivers\usbehci.sys

0x04622000 \SystemRoot\system32\drivers\USBPORT.SYS

0x02F57000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x02F95000 \SystemRoot\system32\DRIVERS\k57nd60a.sys

0x04678000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04685000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x051DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x02E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x051F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02E24000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x02E53000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x010BF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x02FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04695000 \SystemRoot\system32\DRIVERS\vHidDev.sys

0x013C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x02E6E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x013E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x013F0000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04697000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05496000 \SystemRoot\system32\DRIVERS\ks.sys

0x054D9000 \SystemRoot\system32\DRIVERS\umbus.sys

0x054EB000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05545000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0555A000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05567000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x05575000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x05597000 \SystemRoot\system32\drivers\portcls.sys

0x055D4000 \SystemRoot\system32\drivers\drmk.sys

0x055F6000 \SystemRoot\system32\drivers\ksthunk.sys

0x05E04000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05400000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x05FED000 \SystemRoot\system32\drivers\danew.sys

0x05FF0000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05FFE000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x00080000 \SystemRoot\System32\win32k.sys

0x0543E000 \SystemRoot\System32\drivers\Dxapi.sys

0x0544A000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05467000 \SystemRoot\System32\Drivers\crashdmp.sys

0x042B6000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x05475000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x044BE000 \SystemRoot\system32\drivers\USBSTOR.SYS

0x05488000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00400000 \SystemRoot\System32\TSDDD.dll

0x006C0000 \SystemRoot\System32\cdd.dll

0x00C76000 \SystemRoot\system32\drivers\luafv.sys

0x02CF7000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x02D31000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x02D3A000 \SystemRoot\system32\drivers\WudfPf.sys

0x02D5B000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02D70000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02C00000 \SystemRoot\system32\drivers\HTTP.sys

0x02CC8000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02D88000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02DA0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0564E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05671000 \SystemRoot\system32\drivers\peauth.sys

0x05717000 \SystemRoot\System32\Drivers\secdrv.SYS

0x05722000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0574F000 \SystemRoot\System32\drivers\tcpipreg.sys

0x05761000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07EFE000 \SystemRoot\System32\DRIVERS\srv.sys

0x07F93000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x07FC4000 \SystemRoot\System32\Drivers\fastfat.SYS

0x07E71000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x07E8A000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0x07ED0000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x07EED000 \??\c:\program files\dell support center\pcdsrvc_x64.pkms

0x77320000 \Windows\System32\ntdll.dll

0x47BB0000 \Windows\System32\smss.exe

0xFF640000 \Windows\System32\apisetschema.dll

0xFFD80000 \Windows\System32\autochk.exe

0xFF560000 \Windows\System32\usp10.dll

0xFF350000 \Windows\System32\ole32.dll

0xFF340000 \Windows\System32\nsi.dll

0xFF2F0000 \Windows\System32\Wldap32.dll

0xFF270000 \Windows\System32\difxapi.dll

0xFF1F0000 \Windows\System32\shlwapi.dll

0xFF1A0000 \Windows\System32\ws2_32.dll

0xFF190000 \Windows\System32\lpk.dll

0xFF060000 \Windows\System32\rpcrt4.dll

0x77200000 \Windows\System32\kernel32.dll

0xFE2D0000 \Windows\System32\shell32.dll

0xFE260000 \Windows\System32\gdi32.dll

0x774F0000 \Windows\System32\normaliz.dll

0xFE1C0000 \Windows\System32\clbcatq.dll

0xFE0E0000 \Windows\System32\advapi32.dll

0xFE040000 \Windows\System32\msvcrt.dll

0xFDF60000 \Windows\System32\oleaut32.dll

0x77100000 \Windows\System32\user32.dll

0xFDEC0000 \Windows\System32\comdlg32.dll

0x774E0000 \Windows\System32\psapi.dll

0xFDD40000 \Windows\System32\urlmon.dll

0xFDC10000 \Windows\System32\wininet.dll

0xFDBE0000 \Windows\System32\imm32.dll

0xFDA00000 \Windows\System32\setupapi.dll

0xFD9E0000 \Windows\System32\sechost.dll

0xFD9C0000 \Windows\System32\imagehlp.dll

0xFD8B0000 \Windows\System32\msctf.dll

0xFD650000 \Windows\System32\iertutil.dll

0xFD610000 \Windows\System32\wintrust.dll

0xFD570000 \Windows\System32\comctl32.dll

0xFD400000 \Windows\System32\crypt32.dll

0xFD390000 \Windows\System32\KernelBase.dll

0xFD350000 \Windows\System32\cfgmgr32.dll

0xFD330000 \Windows\System32\devobj.dll

0xFD320000 \Windows\System32\msasn1.dll

0x774D0000 \Windows\SysWOW64\normaliz.dll

Processes (total 73):

0 System Idle Process

4 System

388 C:\Windows\System32\smss.exe

520 csrss.exe

584 C:\Windows\System32\wininit.exe

604 csrss.exe

640 C:\Windows\System32\services.exe

668 C:\Windows\System32\lsass.exe

676 C:\Windows\System32\lsm.exe

764 C:\Windows\System32\winlogon.exe

828 C:\Windows\System32\svchost.exe

920 C:\Windows\System32\svchost.exe

968 C:\Windows\System32\atiesrxx.exe

156 C:\Windows\System32\svchost.exe

528 C:\Windows\System32\svchost.exe

732 C:\Windows\System32\svchost.exe

1124 C:\Windows\System32\svchost.exe

1180 C:\Program Files\Dell\DellDock\DockLogin.exe

1224 C:\Windows\System32\atieclxx.exe

1276 C:\Windows\System32\svchost.exe

1408 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

1784 C:\Windows\System32\spoolsv.exe

1820 C:\Windows\System32\svchost.exe

1936 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1964 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1988 C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPA_TS.exe

2100 C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe

2332 C:\Windows\System32\dleacoms.exe

2432 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2492 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

2560 C:\Windows\System32\svchost.exe

2624 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

2668 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

2760 C:\Windows\System32\taskhost.exe

2816 C:\Windows\System32\dwm.exe

2848 C:\Windows\explorer.exe

1884 C:\Users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAEM.exe

3024 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

3636 C:\Windows\System32\svchost.exe

3724 C:\Windows\System32\svchost.exe

3840 WUDFHost.exe

2128 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

1056 C:\Windows\System32\rundll32.exe

1036 C:\Windows\System32\rundll32.exe

3940 C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe

2968 C:\Windows\System32\SearchIndexer.exe

2064 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

3860 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

4196 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

4308 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

4448 C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

4456 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4464 C:\Program Files\Windows Media Player\wmpnetwk.exe

4472 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

4480 C:\Program Files\AVAST Software\Avast\AvastUI.exe

4516 C:\Program Files (x86)\iTunes\iTunesHelper.exe

4556 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

4908 C:\Windows\System32\svchost.exe

5112 C:\Program Files\iPod\bin\iPodService.exe

3344 C:\Windows\SysWOW64\ctfmon.exe

4936 C:\Windows\System32\svchost.exe

4240 C:\Windows\System32\wuauclt.exe

1876 C:\Windows\System32\audiodg.exe

856 C:\Windows\SysWOW64\svchost.exe

6324 C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

8184 C:\Windows\System32\taskhost.exe

5564 C:\Windows\System32\SearchProtocolHost.exe

6604 C:\Program Files\Dell Support Center\pcdrcui.exe

4136 C:\Windows\System32\SearchFilterHost.exe

8364 C:\Windows\System32\notepad.exe

8356 C:\Program Files (x86)\Real\RealPlayer\realplay.exe

4108 C:\Users\troyswi\Desktop\MBRCheck.exe

7052 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`bae00000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC46

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected

SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

Done!

--

aswMBR

Run date: 2011-07-31 16:20:21

-----------------------------

16:20:21.042 OS Version: Windows x64 6.1.7600

16:20:21.042 Number of processors: 8 586 0x1E05

16:20:21.043 ComputerName: STEVESWI-PC UserName: troyswi

16:20:25.472 Initialize success

16:20:25.710 AVAST engine defs: 11073100

16:20:29.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:20:29.182 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8

16:20:29.198 Disk 0 MBR read successfully

16:20:29.201 Disk 0 MBR scan

16:20:29.203 Disk 0 Windows VISTA default MBR code

16:20:29.205 Service scanning

16:20:31.915 Modules scanning

16:20:31.918 Disk 0 trace - called modules:

16:20:31.936 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

16:20:31.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e78060]

16:20:31.942 3 CLASSPNP.SYS[fffff88001a5e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007adf050]

16:20:33.749 AVAST engine scan C:\Windows

16:20:37.087 AVAST engine scan C:\Windows\system32

16:21:49.487 AVAST engine scan C:\Windows\system32\drivers

16:22:03.181 AVAST engine scan C:\Users\troyswi

16:22:47.118 Disk 0 MBR has been saved successfully to "C:\Users\troyswi\Desktop\MBR.dat"

16:22:47.123 The log file has been saved successfully to "C:\Users\troyswi\Desktop\aswMBR.txt"

MBR.zip

D-FRED-BROWN · July 31, 2011

Could you please run another scan with ComboFix.exe, and post the newly-created C:\ComboFix.txt in your next reply. Also, if asked to update, please allow ComboFix to update itself

Charade · August 1, 2011

ComboFix 11-07-31.04 - troyswi 08/01/2011 11:46:50.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6316 [GMT -4:00]

Running from: c:\users\troyswi\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))

.

2011-08-01 15:54 . 2011-08-01 15:54 -------- d-----w- c:\users\tammiswi\AppData\Local\temp

2011-08-01 15:54 . 2011-08-01 15:54 -------- d-----w- c:\users\steveswi\AppData\Local\temp

2011-08-01 15:54 . 2011-08-01 15:54 -------- d-----w- c:\users\steffiswi\AppData\Local\temp

2011-08-01 15:54 . 2011-08-01 15:54 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-08-01 15:54 . 2011-08-01 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-31 17:43 . 2011-07-31 17:43 376320 ----a-r- c:\users\troyswi\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe

2011-07-31 17:37 . 2011-07-31 17:37 -------- d-----w- c:\program files (x86)\2K Games

2011-07-31 17:35 . 2011-07-31 17:35 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2011-07-31 17:35 . 2011-07-31 17:35 -------- d-----w- c:\windows\SysWow64\AGEIA

2011-07-31 17:30 . 2011-07-31 17:30 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro

2011-07-31 17:29 . 2011-07-31 17:32 -------- d-----w- c:\users\troyswi\AppData\Roaming\DAEMON Tools Pro

2011-07-31 17:29 . 2011-07-31 17:30 -------- d-----w- c:\programdata\DAEMON Tools Pro

2011-07-20 14:24 . 2011-07-20 14:24 -------- d-----w- c:\users\Default\AppData\Roaming\Xfire

2011-07-20 14:21 . 2011-07-20 14:21 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing

2011-07-20 14:18 . 2011-07-20 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-07-13 12:15 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-13 12:15 . 2011-06-02 06:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-13 12:15 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-13 12:15 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-13 12:15 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-13 12:15 . 2011-06-02 05:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-13 12:15 . 2011-06-02 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-13 12:15 . 2011-06-02 03:50 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-08 18:01 . 2011-07-08 18:01 -------- d-----w- c:\program files\iPod

2011-07-08 18:00 . 2011-07-08 18:00 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-07-08 17:59 . 2011-07-08 17:59 -------- d-----w- c:\program files\Bonjour

2011-07-08 17:59 . 2011-07-08 17:59 -------- d-----w- c:\program files (x86)\Bonjour

2011-07-03 20:02 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-03 20:02 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-03 20:02 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-03 20:02 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-03 20:02 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-03 20:02 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-03 20:02 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-07-03 20:02 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-07-03 20:02 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-07-03 20:02 . 2011-07-03 20:02 -------- d-----w- c:\programdata\AVAST Software

2011-07-03 20:02 . 2011-07-03 20:02 -------- d-----w- c:\program files\AVAST Software

2011-07-03 01:30 . 2011-07-03 01:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-07 15:51 . 2011-05-17 17:50 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-06 23:52 . 2010-09-08 19:50 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-09-08 19:50 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-20 12:57 . 2011-06-29 23:33 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BF790A-8F23-4DC6-9B78-347AE6DC5A9E}\mpengine.dll

2011-06-02 05:56 . 2011-07-13 12:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-29 21:17 . 2003-03-19 01:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-05-29 21:17 . 2003-02-21 09:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-05-28 03:25 . 2011-06-16 09:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-28 03:00 . 2011-06-16 09:57 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-05-24 23:14 . 2011-06-29 23:33 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 11:21 . 2011-06-29 23:15 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:34 . 2011-06-29 23:15 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:34 . 2011-06-29 23:15 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:34 . 2011-06-29 23:15 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32 . 2011-06-29 23:15 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-08 14:59 . 2011-05-08 14:59 380008 ----a-w- c:\windows\SysWow64\PMangAX0.dll

2011-05-04 05:30 . 2011-06-29 23:15 2326016 ----a-w- c:\windows\system32\tquery.dll

2011-05-04 05:28 . 2011-06-29 23:15 2228224 ----a-w- c:\windows\system32\mssrch.dll

2011-05-04 05:28 . 2011-06-29 23:15 779264 ----a-w- c:\windows\system32\mssvp.dll

2011-05-04 05:28 . 2011-06-29 23:15 75264 ----a-w- c:\windows\system32\msscntrs.dll

2011-05-04 05:28 . 2011-06-29 23:15 491520 ----a-w- c:\windows\system32\mssph.dll

2011-05-04 05:28 . 2011-06-29 23:15 288256 ----a-w- c:\windows\system32\mssphtb.dll

2011-05-04 05:24 . 2011-06-29 23:15 593408 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-05-04 05:24 . 2011-06-29 23:15 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-05-04 05:24 . 2011-06-29 23:15 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-05-04 04:53 . 2011-06-29 23:15 1553920 ----a-w- c:\windows\SysWow64\tquery.dll

2011-05-04 04:52 . 2011-06-29 23:15 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll

2011-05-04 04:52 . 2011-06-29 23:15 666624 ----a-w- c:\windows\SysWow64\mssvp.dll

2011-05-04 04:52 . 2011-06-29 23:15 337408 ----a-w- c:\windows\SysWow64\mssph.dll

2011-05-04 04:52 . 2011-06-29 23:15 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll

2011-05-04 04:52 . 2011-06-29 23:15 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll

2011-05-04 04:52 . 2011-06-29 23:15 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:52 . 2011-06-29 23:15 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe

2011-05-04 04:52 . 2011-06-29 23:15 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe

2011-05-04 02:51 . 2011-06-16 09:57 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-04 02:51 . 2011-06-16 09:57 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-04 02:51 . 2011-06-16 09:57 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-07-31_15.12.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-29 13:03 . 2008-10-29 13:03 70936 c:\windows\SysWOW64\PhysXLoader.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 23320 c:\windows\SysWOW64\PhysXDevice.dll

+ 2009-07-14 04:54 . 2011-08-01 15:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-07-31 15:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-07-31 15:11 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-01 15:56 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-31 15:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-01 15:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelTraditionalChinese.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelSwedish.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelSpanish.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelSimplifiedChinese.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelPortugese.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelKorean.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelJapanese.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelGerman.dll

+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\SysWOW64\AgCPanelFrench.dll

+ 2010-08-30 21:48 . 2011-08-01 15:57 71560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-01 15:43 31174 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-08 19:37 . 2011-08-01 15:57 21702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3033937009-333567816-1246851426-1003_UserData.bin

- 2009-07-14 05:30 . 2011-07-14 07:18 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-07-31 17:30 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2010-09-07 22:32 . 2011-07-31 17:43 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-07 22:32 . 2011-07-26 13:19 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-07 22:32 . 2011-07-26 13:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-07 22:32 . 2011-07-31 17:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-07-26 13:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-07-31 17:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-08 17:01 . 2011-07-31 15:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-08 17:01 . 2011-08-01 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-08 17:01 . 2011-07-31 15:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-08 17:01 . 2011-08-01 15:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-08 17:01 . 2011-07-31 15:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-08 17:01 . 2011-08-01 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-07 23:54 . 2011-07-31 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-07 23:54 . 2011-08-01 15:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-07 23:54 . 2011-08-01 15:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-07 23:54 . 2011-07-31 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-31 17:36 . 2011-07-31 17:36 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2010-12-22 21:54 . 2011-07-30 15:09 58880 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

+ 2010-12-22 21:54 . 2011-07-31 23:29 58880 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2010-12-22 21:54 . 2011-07-30 15:09 84992 c:\windows\.jagex_cache_32\runescape\jagdx.dll

+ 2010-12-22 21:54 . 2011-07-31 23:29 84992 c:\windows\.jagex_cache_32\runescape\jagdx.dll

- 2010-12-22 21:54 . 2011-07-30 15:09 65536 c:\windows\.jagex_cache_32\runescape\hw3d.dll

+ 2010-12-22 21:54 . 2011-07-31 23:29 65536 c:\windows\.jagex_cache_32\runescape\hw3d.dll

+ 2011-08-01 15:55 . 2011-08-01 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-31 15:11 . 2011-07-31 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-01 15:55 . 2011-08-01 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-31 15:11 . 2011-07-31 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-07 13:13 . 2008-10-07 13:13 197912 c:\windows\SysWOW64\physxcudart_20.dll

+ 2008-10-15 13:04 . 2008-10-15 13:04 288024 c:\windows\SysWOW64\PhysXCplUI.exe

+ 2008-10-15 13:04 . 2008-10-15 13:04 288024 c:\windows\SysWOW64\PhysXCompatCplUI.exe

- 2010-09-08 21:51 . 2011-07-31 15:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-09-08 21:51 . 2011-08-01 15:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2008-10-07 13:13 . 2008-10-07 13:13 116977 c:\windows\SysWOW64\AGEIA\AG1021\diag.bin

+ 2008-10-07 13:13 . 2008-10-07 13:13 214629 c:\windows\SysWOW64\AGEIA\AG1021\app.bin

+ 2008-10-07 13:13 . 2008-10-07 13:13 119473 c:\windows\SysWOW64\AGEIA\AG1011\diag.bin

+ 2008-10-07 13:13 . 2008-10-07 13:13 199885 c:\windows\SysWOW64\AGEIA\AG1011\app.bin

+ 2009-07-14 02:36 . 2011-08-01 15:48 660234 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-06-30 01:41 660234 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-08-01 15:48 121162 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-06-30 01:41 121162 c:\windows\system32\perfc009.dat

- 2009-07-14 05:30 . 2011-07-14 07:18 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-07-31 17:30 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-07-14 07:18 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2011-07-31 17:30 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-07-31 17:30 . 2011-07-31 17:30 272448 c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_amd64_neutral_4baca17e76db849b\dtsoftbus01.sys

+ 2009-07-14 05:01 . 2011-08-01 15:54 419036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-07-31 15:10 419036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-09-08 21:56 . 2010-09-08 21:56 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2010-12-22 21:54 . 2011-07-30 15:09 153088 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2010-12-22 21:54 . 2011-07-31 23:29 153088 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2010-12-22 21:54 . 2011-07-31 23:29 148480 c:\windows\.jagex_cache_32\runescape\jaclib.dll

- 2010-12-22 21:54 . 2011-07-30 15:09 148480 c:\windows\.jagex_cache_32\runescape\jaclib.dll

+ 2009-09-22 15:25 . 2009-09-22 15:25 1149952 c:\windows\Installer\847c10.msi

- 2010-09-08 21:56 . 2010-09-08 21:56 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-09-08 21:56 . 2010-09-08 21:56 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-07-31 17:36 . 2011-07-31 17:36 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2010-12-22 21:54 . 2011-07-31 23:29 1010688 c:\windows\.jagex_cache_32\runescape\sw3d.dll

- 2010-12-22 21:54 . 2011-07-30 15:09 1010688 c:\windows\.jagex_cache_32\runescape\sw3d.dll

+ 2009-07-14 02:34 . 2011-08-01 08:54 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2011-07-31 15:07 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2011-07-31 17:35 . 2011-07-31 17:35 34017280 c:\windows\Installer\847c0b.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{05560ADF-7B25-40FF-B408-3F6E6F512EB4}]

c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]

"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2010-01-18 316072]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-07 232104]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-29 273544]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\steffiswi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\steveswi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\tammiswi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\troyswi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BPA_Execution;AutoMate BPA Server 8 Execution Server;c:\users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAS_EXEC.exe [2011-02-11 376832]

R2 BPA_Management;AutoMate BPA Server 8 Management Server;c:\users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAS_MAN.exe [2011-02-11 376832]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 EFS32;Encrypting File System (EFS) ;c:\windows\system32\OnLineIDCpl32.exe [x]

R2 FLEXnet Licensing Service32;FLEXnet Licensing Service ;c:\windows\system32\catsrv32.exe [x]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\windows\system32\capiprovider32.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va003;X6va003;c:\users\troyswi\AppData\Local\Temp\003EA60.tmp [x]

R3 X6va005;X6va005;c:\users\troyswi\AppData\Local\Temp\0056A5A.tmp [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 BPAAgent8;AutoMate BPA Server 8 Agent;c:\users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPA_TS.exe [2011-02-11 11323392]

S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]

S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033937009-333567816-1246851426-1003Core.job

- c:\users\troyswi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 20:20]

.

2011-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033937009-333567816-1246851426-1003UA.job

- c:\users\troyswi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 20:20]

.

2011-07-26 c:\windows\Tasks\One-Click Tweak.job

- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-01-25 23:40]

.

2011-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-01 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]

"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://sigma.pokemonvortex.org/your_team.php

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {{602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {A310506F-6BA4-48c4-8887-1F462277AA12} - mscoree.dll

TCP: DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab

DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab

FF - ProfilePath - c:\users\troyswi\AppData\Roaming\Mozilla\Firefox\Profiles\mps0nv2i.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://forums.ijji.com/forumdisplay.php?f=79

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64848

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF

FF - Ext: Easy-Hide-IP Firefox Plugin: support@easy-hide-ip.com - c:\program files (x86)\Easy-Hide-IP\ff-extension

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

"ImagePath"="\??\c:\users\troyswi\AppData\Local\Temp\003EA60.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\troyswi\AppData\Local\Temp\0056A5A.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\users\troyswi\AppData\Local\Programs\AutoMate BPA Server 8\BPAEM.exe

c:\program files (x86)\Razer\DeathAdder\razertra.exe

c:\program files (x86)\Razer\DeathAdder\razerofa.exe

.

**************************************************************************

.

Completion time: 2011-08-01 12:01:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-01 16:01

ComboFix2.txt 2011-07-31 15:17

.

Pre-Run: 725,583,777,792 bytes free

Post-Run: 725,326,815,232 bytes free

.

- - End Of File - - 8A5A2CC6A0C103AC800C241464590617

D-FRED-BROWN · August 1, 2011

First, do you recognize these 2 websites?

bgweb.nowcdn.co.kr

pmang.com

Please let me know

-------

Next, please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Driver::
X6va003
X6va005
File::
c:\users\troyswi\AppData\Local\Temp\003EA60.tmp
c:\users\troyswi\AppData\Local\Temp\0056A5A.tmp
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Charade · August 1, 2011

The first website, I do not recognize.

The second, however, I do. It's Korean, but I play(ed) a game called "Special Force" hosted by the company.

--

ComboFix 11-08-01.02 - troyswi 08/01/2011 13:34:58.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6057 [GMT -4:00]

Running from: c:\users\troyswi\Desktop\ComboFix.exe

Command switches used :: c:\users\troyswi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\troyswi\AppData\Local\Temp\003EA60.tmp"

"c:\users\troyswi\AppData\Local\Temp\0056A5A.tmp"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_X6VA003

-------\Legacy_X6VA005

-------\Service_X6va003

-------\Service_X6va005

.

((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))

.

2011-08-01 17:40 . 2011-08-01 17:40 -------- d-----w- c:\users\tammiswi\AppData\Local\temp

2011-08-01 17:40 . 2011-08-01 17:40 -------- d-----w- c:\users\steveswi\AppData\Local\temp

2011-08-01 17:40 . 2011-08-01 17:40 -------- d-----w- c:\users\steffiswi\AppData\Local\temp

2011-08-01 17:40 . 2011-08-01 17:40 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-08-01 17:40 . 2011-08-01 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp