need help in checking for virus issues

**ramesh help** · 27-08-2011

gmer l og

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-27 16:04:01
Windows 6.1.7601 Service Pack 1
Running: 1bm8he54.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\c0cb38acdc8b

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\c0cb38acdc8b@ec9b5b250636

0xEB 0x64 0xA4 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\c0cb38acdc8b@5063139217d6

0xEF 0xB5 0x58 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\c0cb38acdc8b@80501b37bf3d

0xC5 0x52 0xD4 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\c0cb38acdc8b@60334ba8d54a

0xCA 0x36 0x9A 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\c0cb38acdc8b@0021ab461a8a

0xC2 0x35 0xED 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\c0cb38acdc8b (not active

ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\c0cb38acdc8b@ec9b5b250636

0xEB 0x64 0xA4 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\c0cb38acdc8b@5063139217d6

0xEF 0xB5 0x58 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\c0cb38acdc8b@80501b37bf3d

0xC5 0x52 0xD4 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\c0cb38acdc8b@60334ba8d54a

0xCA 0x36 0x9A 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\c0cb38acdc8b@0021ab461a8a

0xC2 0x35 0xED 0x3A ...

---- EOF - GMER 1.0.15 ----

aswmbr log

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-27 16:05:20
-----------------------------
16:05:20.482 OS Version: Windows x64 6.1.7601 Service Pack 1
16:05:20.482 Number of processors: 4 586 0x2505
16:05:20.483 ComputerName: RAMESH UserName: ell
16:05:23.002 Initialize success
16:05:23.500 AVAST engine defs: 11082601
16:05:26.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:05:26.464 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
16:05:26.478 Disk 0 MBR read successfully
16:05:26.481 Disk 0 MBR scan
16:05:26.484 Disk 0 Windows VISTA default MBR code
16:05:26.487 Service scanning
16:05:28.620 Modules scanning
16:05:28.625 Disk 0 trace - called modules:
16:05:28.687 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:05:28.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800520c060]
16:05:28.701 3 CLASSPNP.SYS[fffff88001bab43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f7d050]
16:05:30.560 AVAST engine scan C:\Windows
16:05:32.760 AVAST engine scan C:\Windows\system32
16:07:00.293 AVAST engine scan C:\Windows\system32\drivers
16:07:09.984 AVAST engine scan C:\Users\ell
16:24:43.201 AVAST engine scan C:\ProgramData
16:48:00.519 Disk 0 MBR has been saved successfully to "C:\Users\ell\Desktop\MBR.dat"
16:48:00.525 The log file has been saved successfully to "C:\Users\ell\Desktop\aswMBR.txt"

dds log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by ell at 16:50:47 on 2011-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.3828.1344 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
E:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\xampp\apache\bin\apache.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\OneUpIndustries\Bins\v0.9.8.188\Bins.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\OneUpIndustries\Bins\v0.9.8.188\Bins32on64.e xe
C:\Program Files\OneUpIndustries\Bins\v0.9.8.188\Bins.exe
C:\Program Files\OneUpIndustries\Bins\v0.9.8.188\Bins32on64.e xe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Users\ell\AppData\Local\RockMelt\Update\1.2.189 .1\RockMeltCrashHandler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\pcdrcui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Dell Support Center\pcdrrealtime.p5x
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://mirostart.com/?cfg=2-365-0-...
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10211&bi=400
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/lionskin/{CF3FC8B1-1817-4CE8-AFC9-1118FF257D3D}
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbhelper.dll
BHO: iDownloader: {00000001-ab3b-4334-9da2-ec6b2a02afc7} - C:\Program Files (x86)\iDownloader\iDownloaderBHO.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll
TB: Lion Skin DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [USB Safely Remove] E:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
uRun: [fsm]
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Download with iDownloader - C:\Program Files (x86)\iDownloader\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978} : NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\14355535 : NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\14355535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E4540204023556 3627564702255636960756 : NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E4540204023556 3627564702255636960756 : DhcpNameServer = 10.10.10.1 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E454020402B464 34 : NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E454020402B464 34 : DhcpNameServer = 10.10.10.1 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\4557E65684F64756C637 : NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\4557E65684F64756C637 : DhcpNameServer = 10.138.0.1
TCP: Interfaces\{B4405618-1190-43A7-BD63-B332AC4E8BE1} : NameServer = 202.188.0.133
TCP: Interfaces\{E1B89A9C-BDB4-4F0D-95EC-01AD6454B894} : NameServer = 202.188.0.133
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: iDownloader: {00000001-AB3B-4334-9DA2-EC6B2A02AFC7} - C:\Program Files (x86)\iDownloader\iDownloaderBHO.dll
BHO-X64: iDownloader - No File
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: Lion Skin DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Lion Skin DB Toolbar\tbcore3.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
Hosts: 0.0.0.0 localhost
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ell\AppData\Roaming\Mozilla\Firefox\Profi les\mo783nd6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://mirostart.com/?cfg=2-365-0-...
FF - prefs.js: network.proxy.ftp - 172.17.0.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.17.0.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.17.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.17.0.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.17.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ell\AppData\Local\Facebook\Video\Skype\np FacebookVideoCalling.dll
FF - plugin: C:\Users\ell\AppData\Local\Google\Update\1.3.21.65 \npGoogleUpdate3.dll
FF - plugin: C:\Users\ell\AppData\Local\RockMelt\Update\1.2.189 .1\npRockMeltOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: E:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
FF - plugin: e:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpc iflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHl pa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.s ys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-1 98208]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2007-3-5 16896]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswF sBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\driver s\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-8-18 42184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-18 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-1-18 1997416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-18 689472]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPO RT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-18 2533400]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;E:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-3-28 539032]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.s ys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NdisrdMP;NdisrdMP;C:\Windows\system32\DRIVERS\ndis rd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-6 340240]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.s ys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 Ndisrd;WinpkFilter Service;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-6-24 393112]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TeamViewer6;TeamViewer 6;E:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
.
=============== Created Last 30 ================
.
2011-08-27 06:35:13 -------- d-----w- C:\ProgramData\Driver Tool
2011-08-27 06:34:18 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP8Z.DLL
2011-08-27 06:34:18 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD8Z.DLL
2011-08-27 06:33:58 258560 ----a-w- C:\Windows\System32\CNMLM8Z.DLL
2011-08-27 06:33:39 3584 ----a-w- C:\Windows\System32\CNCFLdUS.DLL
2011-08-27 06:33:39 3072 ----a-w- C:\Windows\System32\CNCFLdJP.DLL
2011-08-27 06:33:39 143360 ----a-w- C:\Windows\System32\CNCFMSd.EXE
2011-08-27 06:33:38 183296 ----a-w- C:\Windows\System32\CNCF2Ld.DLL
2011-08-27 02:47:11 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C4C32CF7-86F8-4794-81AF-F9C5E896EE0B}\mpengine.dll
2011-08-26 13:47:55 -------- d-----w- C:\Users\ell\AppData\Local\{9C7E4025-A088-4A9D-80A3-9C4F66BD4B99}
2011-08-26 13:44:11 -------- d-----w- C:\Users\ell\AppData\Local\{81D5686E-72F7-4544-968D-1E0A04C8CA44}
2011-08-26 12:29:54 -------- d-----w- C:\Users\ell\AppData\Local\VMware
2011-08-26 10:34:50 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-08-26 10:34:47 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-08-26 10:34:07 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-08-26 10:34:04 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-08-26 10:34:03 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-08-26 10:33:59 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-08-26 10:33:36 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-08-26 10:33:35 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-08-26 10:33:01 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-08-26 10:32:31 -------- d-----w- C:\Program Files (x86)\VMware
2011-08-26 09:05:13 -------- d-----w- C:\Users\ell\AppData\Local\{0340DEC6-6ABF-4497-B5B1-1E30804769D9}
2011-08-25 19:29:19 -------- d-----w- C:\Users\ell\AppData\Local\{284E300A-F7E4-43CB-B132-E329B1AF8786}
2011-08-25 19:29:07 -------- d-----w- C:\Users\ell\AppData\Local\{5CD39F61-E758-426E-B34B-9D8E4BBB9E34}
2011-08-25 16:43:51 -------- d-----w- C:\New folder
2011-08-25 07:28:37 -------- d-----w- C:\Users\ell\AppData\Local\{9F51D995-54D8-45EB-A9DF-B8A6EB416953}
2011-08-25 07:26:55 -------- d-----w- C:\Users\ell\AppData\Local\{2CAF6E0C-D394-4061-8B66-BDED73415CAB}
2011-08-24 17:28:00 -------- d-----w- C:\Users\ell\AppData\Local\{B40A1617-1424-493D-AC5D-873A1E0150DE}
2011-08-24 17:27:49 -------- d-----w- C:\Users\ell\AppData\Local\{850047DE-27EE-41C8-9CB6-D492C65E8693}
2011-08-24 14:05:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 14:05:06 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 05:27:22 -------- d-----w- C:\Users\ell\AppData\Local\{5C1EB7D8-9874-445F-A399-EF7435086C89}
2011-08-24 05:26:59 -------- d-----w- C:\Users\ell\AppData\Local\{03E5C2DF-6DBD-4509-80C5-658F7A92BE11}
2011-08-23 15:32:23 -------- d-----w- C:\Users\ell\AppData\Local\{357CDC3E-8194-4B4D-A90D-9BB0C4A91A85}
2011-08-23 15:32:11 -------- d-----w- C:\Users\ell\AppData\Local\{C2EA50B6-F849-4566-94CA-FDA683C6AA03}
2011-08-22 15:23:52 -------- d-----w- C:\Users\ell\AppData\Local\{B32258EC-43E3-4C93-8EF4-AE8D448ED3AD}
2011-08-22 15:23:29 -------- d-----w- C:\Users\ell\AppData\Local\{6D588340-E422-481E-ABC5-F7C138D156E5}
2011-08-22 10:38:45 -------- d-----w- C:\Users\ell\AppData\Roaming\PCF-VLC
2011-08-22 09:22:18 -------- d-----w- C:\Program Files (x86)\GetMiro Toolbar
2011-08-22 09:22:17 -------- d-----w- C:\Users\ell\AppData\Roaming\Participatory Culture Foundation
2011-08-22 09:19:13 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2011-08-22 04:58:49 -------- d-----w- C:\Users\ell\AppData\Roaming\IDM
2011-08-22 04:58:36 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2011-08-21 12

36 -------- d-----w- C:\Users\ell\AppData\Local\{4F1020C6-A604-4698-862C-BE610C416F57}
2011-08-21 12

25 -------- d-----w- C:\Users\ell\AppData\Local\{6A60A030-228D-4D2A-A3E6-5424027E773D}
2011-08-21 09:06:55 -------- d-----w- C:\Users\ell\AppData\Roaming\Torrent Episode Downloader
2011-08-21 00:55:51 -------- d-----w- C:\Users\ell\AppData\Local\{4F41C240-4CB1-4754-AC6C-AE54007D2863}
2011-08-21 00:54:24 -------- d-----w- C:\Users\ell\AppData\Local\{112641C0-1CE3-4113-9FD8-1D5C068674BC}
2011-08-20 09:49:58 81408 ----a-w- C:\Windows\SysWow64\devcon_x64.exe
2011-08-20 09:49:58 -------- d-----w- C:\Program Files (x86)\Driver Checker
2011-08-20 07:28:37 -------- d-----w- C:\Users\ell\AppData\Roaming\Mipony
2011-08-20 07:28:32 -------- d-----w- C:\Program Files (x86)\MiPony
2011-08-20 03:36:56 -------- d-----w- C:\Users\ell\AppData\Roaming\Postbox
2011-08-20 03:36:56 -------- d-----w- C:\Users\ell\AppData\Local\Postbox
2011-08-19 20:01:30 -------- d-----w- C:\Users\ell\AppData\Local\{DF502B3E-0845-425B-ADA0-154BBD5A0F93}
2011-08-19 20:01:19 -------- d-----w- C:\Users\ell\AppData\Local\{A24FCF50-3165-4805-9028-6D00A7147AF4}
2011-08-19 08:00:44 -------- d-----w- C:\Users\ell\AppData\Local\{500C12D6-91D6-498B-8417-F68374C2886C}
2011-08-19 07:59:26 -------- d-----w- C:\Users\ell\AppData\Local\{80082094-C1B9-4386-A408-45211F5DE555}
2011-08-19 06:41:36 -------- d--h--w- C:\ProgramData\CanonIJScan
2011-08-19 05:11:56 92672 ----a-w- C:\Windows\System32\CNC320I.DLL
2011-08-19 05:11:56 299520 ----a-w- C:\Windows\System32\CNC320L.DLL
2011-08-19 05:11:56 235008 ----a-w- C:\Windows\System32\CNC320O.DLL
2011-08-19 05:11:56 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2011-08-19 05:11:56 1342976 ----a-w- C:\Windows\System32\CNC320C.DLL
2011-08-18 17:20:38 -------- d-----w- C:\Users\ell\AppData\Local\{24E79C9B-D63A-4464-B7A8-E53E2E123B33}
2011-08-18 17:20:26 -------- d-----w- C:\Users\ell\AppData\Local\{2F82030F-294E-46E9-A6B9-290EA222C74B}
2011-08-18 09:30:29 -------- d-----w- C:\Program Files (x86)\Canon
2011-08-18 06:25:23 -------- d-----w- C:\Users\ell\.Virtualbox
2011-08-18 06:08:04 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-08-18 06:08:04 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-08-18 06:07:53 40648 ----a-w- C:\Windows\avastSS.scr
2011-08-18 05:38:41 17408 ----a-w- C:\Windows\System32\cnqo2411.dll
2011-08-18 05:38:40 49664 ----a-w- C:\Windows\System32\CNQI2411.DLL
2011-08-18 05:38:40 171008 ----a-w- C:\Windows\System32\CNQL2411.DLL
2011-08-18 05:38:40 1336320 ----a-w- C:\Windows\System32\CNQC2411.DLL
2011-08-18 05:36:52 -------- d-----w- C:\Program Files\Common Files\CANON
2011-08-18 05:20:00 -------- d-----w- C:\Users\ell\AppData\Local\{8F4360C7-7A52-4657-BB47-E158D07D4043}
2011-08-18 05:18:30 -------- d-----w- C:\Users\ell\AppData\Local\{6FB11EBC-D33F-4D03-B64C-986170638D7A}
2011-08-18 05:12:48 -------- d-----w- C:\Users\ell\AppData\Roaming\RadarSync
2011-08-18 02:59:04 -------- d-----w- C:\Users\ell\AppData\Local\Geckofx
2011-08-17 14:13:37 -------- d-----w- C:\Users\ell\AppData\Local\{D149853B-7F64-4B37-B59A-35DF079CF11E}
2011-08-17 14:12:05 -------- d-----w- C:\Users\ell\AppData\Local\{AD503ACC-91C4-42AB-8ABF-6BD23965147F}
2011-08-17 11:31:45 -------- d-----w- C:\Users\ell\AppData\Local\Captcha_Brotherhood
2011-08-17 11:31:45 -------- d-----w- C:\Program Files (x86)\JDownloader
2011-08-17 08:17:27 -------- d-----w- C:\Users\ell\AppData\Local\iDownloader
2011-08-17 08:17:12 -------- d-----w- C:\ProgramData\iDownloader Limited
2011-08-17 08:17:12 -------- d-----w- C:\Program Files (x86)\iDownloader
2011-08-17 08:10:00 -------- d-----w- C:\ProgramData\Web Installer
2011-08-17 00:57:48 -------- d-----w- C:\Users\ell\AppData\Local\{4FBCA0CF-AFF5-4C14-A59E-7897F2713E73}
2011-08-17 00:57:26 -------- d-----w- C:\Users\ell\AppData\Local\{63EE50C2-9B08-49B9-A572-39484428FF89}
2011-08-15 17:43:48 -------- d-----w- C:\Users\ell\AppData\Local\{57B4549D-C0B3-4E27-92D3-7F6C582E77BA}
2011-08-15 17:43:25 -------- d-----w- C:\Users\ell\AppData\Local\{2586B331-798A-4F22-B1A0-46EC88584353}
2011-08-15 04:45:28 -------- d-----w- C:\Users\ell\AppData\Local\{FBBAD097-B2F8-495A-8144-E7DD358FC36D}
2011-08-15 04:45:16 -------- d-----w- C:\Users\ell\AppData\Local\{14E80901-BDBB-43BC-AD87-DB2A93F76AD5}
2011-08-15 04:15:36 -------- d-----w- C:\Users\ell\AppData\Local\{D4D95CD5-5CC4-4C9B-B838-063C2DF34B5C}
2011-08-14 14:57:03 -------- d-----w- C:\Users\ell\AppData\Local\{88A3F4B5-DE97-4F51-B429-27D57580CABC}
2011-08-14 14

40 -------- d-----w- C:\Users\ell\AppData\Local\{21ADFD6C-6A31-47CF-A67E-91A8F4641BDF}
2011-08-14 02

15 -------- d-----w- C:\Users\ell\AppData\Local\{3FBED0C8-810C-4EA4-B358-61B7530CFAEC}
2011-08-14 02:55:52 -------- d-----w- C:\Users\ell\AppData\Local\{E67B8CA3-37E1-460C-8BEA-816924A8782E}
2011-08-13 14:55:34 -------- d-----w- C:\Users\ell\AppData\Local\{340D6FE1-88E1-4519-A9A3-DD868CD0C1DB}
2011-08-13 14:54:56 -------- d-----w- C:\Users\ell\AppData\Local\{B17F9D4A-E819-48D4-B376-ECEAFBB20FC7}
2011-08-13 10:59:28 -------- d-----w- C:\Users\ell\AppData\Local\MySpaces
2011-08-13 10:41:59 813568 ----a-w- C:\Windows\System32\TSWorkspace.dll
2011-08-13 02:24:57 -------- d-----w- C:\Users\ell\AppData\Local\{483E9790-FF5D-4018-B265-ABF1D6E99E1C}
2011-08-13 02:24:33 -------- d-----w- C:\Users\ell\AppData\Local\{F91D408E-CCDC-4346-B14B-B38CCBA1C3F4}
2011-08-12 18:17:54 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2011-08-12 18:17:54 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-08-12 18:17:54 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-08-12 18:16:53 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-08-12 15:24:06 -------- d-----w- C:\Windows\SysWow64\directx
2011-08-12 14:08:57 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-08-12 13:04:54 -------- d-----w- C:\Users\ell\AppData\Local\{88B5B529-FD78-4B4D-BF6E-31ADC0AE1D4B}
2011-08-12 13:03:30 -------- d-----w- C:\Users\ell\AppData\Local\{C4AB5758-1398-43AD-9160-729D4792FBC7}
2011-08-12 05:58:31 -------- d-----w- C:\Program Files (x86)\DiskInternals
2011-08-12 01:06:05 -------- d--h--w- C:\Windows\Ubuntu Skin Pack X64
2011-08-11 14:11:08 -------- d-----w- C:\Users\ell\AppData\Local\{324CE9D0-23E0-438A-9654-B9BB88DC710F}
2011-08-11 14:10:44 -------- d-----w- C:\Users\ell\AppData\Local\{666E8E61-1C58-48D3-A65B-2EC3F0A754E2}
2011-08-11 05:06:03 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2011-08-11 02:10:18 -------- d-----w- C:\Users\ell\AppData\Local\{41BE968E-9E4D-47BF-ABC9-3181EC2AC917}
2011-08-11 02:10:06 -------- d-----w- C:\Users\ell\AppData\Local\{AC6C600E-1632-4DEA-8E57-DEA984243E33}
2011-08-10 14:10:04 -------- d-----w- C:\Users\ell\AppData\Local\{9B443335-878A-409B-9064-689034DB07BB}
2011-08-10 09:57:59 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-10 09:57:57 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-10 02:11:50 -------- d-----w- C:\ProgramData\ALM
2011-08-10 02:00:55 -------- d-----w- C:\Users\ell\AppData\Local\{B1EAF2EE-87E5-480A-902D-EB7F11F72FC8}
2011-08-10 02:00:31 -------- d-----w- C:\Users\ell\AppData\Local\{109F62D7-D1D9-4A3F-9F27-2FD42B34EA77}
2011-08-10 01:05:10 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-08-09 14:27:25 -------- d-----w- C:\Windows\SysWow64\spool
2011-08-09 14:00:03 -------- d-----w- C:\Users\ell\AppData\Local\{9B6DBE56-AE68-44B2-AF27-B1CDD8734D23}
2011-08-09 13:59:40 -------- d-----w- C:\Users\ell\AppData\Local\{D82818A7-FD96-4CD3-B005-27B20CDD7EFA}
2011-08-09 01:59:26 -------- d-----w- C:\Users\ell\AppData\Local\{B9B89995-6B34-478F-A20A-9DD7694BCF08}
2011-08-09 01:59:13 -------- d-----w- C:\Users\ell\AppData\Local\{185DFC48-9145-46BC-9A09-8378EDBAB8DE}
2011-08-08 17:46:12 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2011-08-08 13:58:46 -------- d-----w- C:\Users\ell\AppData\Local\{F3E57821-CDB2-4A95-A8E1-BE14DA4E8672}
2011-08-08 13:58:20 -------- d-----w- C:\Users\ell\AppData\Local\{6B4B59D1-4DE8-48A6-987D-6841D5A013D2}
2011-08-08 03:41:29 -------- d-----w- C:\Program Files (x86)\Hibernator
2011-08-08 01:58:06 -------- d-----w- C:\Users\ell\AppData\Local\{648A87DD-09E3-4309-9F4B-E11E4211EEE4}
2011-08-08 01:57:37 -------- d-----w- C:\Users\ell\AppData\Local\{92F186C1-3DB5-4E39-B399-DF9550ADF010}
2011-08-07 13:57:24 -------- d-----w- C:\Users\ell\AppData\Local\{89066DCB-CC6C-4FCF-BCCA-44589D694F69}
2011-08-07 13:57:02 -------- d-----w- C:\Users\ell\AppData\Local\{271BE179-C5C4-4FD6-860F-9E4411937739}
2011-08-07 01

48 -------- d-----w- C:\Users\ell\AppData\Local\{D406290E-114E-4F37-A8EF-4024E1E088B6}
2011-08-07 01

24 -------- d-----w- C:\Users\ell\AppData\Local\{FBAACD1C-65F4-494A-B558-E444E0F811B1}
2011-08-06 16:35:58 -------- d-----w- C:\Users\ell\AppData\Roaming\AVS4YOU
2011-08-06 16:25:59 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2011-08-06 16:25:58 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
2011-08-06 16:25:52 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-08-06 16:25:52 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-08-06 16:25:52 -------- d-----w- C:\ProgramData\AVS4YOU
2011-08-06 16:25:52 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-08-06 16:25:52 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-08-06 12:11:01 -------- d-----w- C:\Users\ell\AppData\Local\{8C4A961A-228E-4A4E-828B-6D95A55B2080}
2011-08-06 12:10:49 -------- d-----w- C:\Users\ell\AppData\Local\{62214CF0-9D02-4C3B-A28E-A8899FCA538F}
2011-08-06 05:44:03 -------- d-----w- C:\Users\ell\AppData\Local\Ahead
2011-08-06 03:27:24 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2011-08-06 03:27:11 -------- d-----w- C:\Program Files (x86)\Sigil
2011-08-06 00:10:35 -------- d-----w- C:\Users\ell\AppData\Local\{80CE1BBD-371E-43E1-BF65-9A8B0A741D62}
2011-08-06 00:09:10 -------- d-----w- C:\Users\ell\AppData\Local\{B4457713-B60D-4F6E-B48F-7983D759039B}
2011-08-05 09:42:25 -------- d-----w- C:\Users\ell\AppData\Local\{71C90B9D-1B36-4142-B46C-AC898A557590}
2011-08-05 09:42:13 -------- d-----w- C:\Users\ell\AppData\Local\{9080AE62-9FEB-4916-B254-6F6B499E3EE8}
2011-08-04 14:19:51 -------- d-----w- C:\Users\ell\AppData\Local\{AA12B5CC-1276-45B5-8D6F-D1AFF31A1E2C}
2011-08-04 14:10:01 -------- d-----w- C:\Users\ell\AppData\Local\{EB88AED2-EFA8-41C6-8A27-FFD71D18E845}
2011-08-04 01

33 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\SSGB1pc.dll
2011-08-04 01

00 89600 ----a-w- C:\Windows\System32\SSGB1ci.dll
2011-08-04 01

00 151552 ----a-w- C:\Windows\System32\SSGB1ci.exe
2011-08-04 01:55:14 53816 ------w- C:\Windows\System32\drivers\DGIVECP.SYS
2011-08-04 01:55:14 11576 ------w- C:\Windows\System32\drivers\SSPORT.SYS
2011-08-04 01:55:12 -------- d-----w- C:\Program Files (x86)\SAMSUNG
2011-08-04 01:26:50 -------- d-----w- C:\Users\ell\AppData\Local\{6CA5F66E-D531-44A4-B51F-F95BC5AF57B6}
2011-08-04 01:26:28 -------- d-----w- C:\Users\ell\AppData\Local\{F970AE2F-0165-47CC-8FA4-37DCB82C320F}
2011-08-04 00:02:33 -------- d-----r- C:\Program Files (x86)\Skype
2011-08-03 14:58:38 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-08-03 14:57:01 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-08-03 14:42:30 -------- d-----r- C:\Users\ell\AppData\Roaming\Brother
2011-08-03 14:31:45 77824 ------w- C:\Windows\SysWow64\brlmw03a.dll
2011-08-03 14:31:45 24223 ------w- C:\Windows\SysWow64\brlm03a.dll
2011-08-03 14:31:45 176128 ------w- C:\Windows\SysWow64\BROSNMP.DLL
2011-08-03 14:31:45 111928 ------w- C:\Windows\SysWow64\BRRBTOOL.EXE
2011-08-03 14:31:45 -------- d-----w- C:\Program Files (x86)\Brownie
2011-08-03 14:31:26 196608 ------w- C:\Windows\SysWow64\Pdrvinst.dll
2011-08-03 14:31:26 -------- d-----w- C:\Program Files (x86)\Brother
2011-08-03 14:30:44 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iKernel.dll
2011-08-03 14:30:44 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\ctor.dll
2011-08-03 14:30:44 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\DotNetInstaller.exe
2011-08-03 14:30:44 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iscript.dll
2011-08-03 14:30:44 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iuser.dll
2011-08-03 14:30:43 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\setup.dll
2011-08-03 14:30:43 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iGdi.dll
2011-08-03 13:25:59 -------- d-----w- C:\Users\ell\AppData\Local\{596406FA-39C1-46D1-8DED-94C0F19B035E}
2011-08-03 13:24:19 -------- d-----w- C:\Users\ell\AppData\Local\{3EE8153E-98FA-4ADC-A45C-D958CF47C4DD}
2011-08-03 04:39:12 -------- d-----w- C:\Users\ell\AppData\Roaming\Online TV
2011-08-03 04:38:43 -------- d-----w- C:\Program Files (x86)\Live TV on PC 2012
2011-08-02 07:42:24 -------- d-----w- C:\Users\ell\AppData\Local\{9CC847D4-74FA-412E-964D-2A8CD2531DDC}
2011-08-02 07:42:05 -------- d-----w- C:\Users\ell\AppData\Local\{95E2F5E6-AFF3-40CB-83DE-7A1CDB27F293}
2011-08-01 09:13:15 -------- d-----w- C:\Users\ell\AppData\Local\{AA03A019-B4FA-4910-8D5A-D91CC00E623C}
2011-08-01 09:12:52 -------- d-----w- C:\Users\ell\AppData\Local\{96E1E093-681F-4630-AD52-56CD061E0F4D}
2011-08-01 01:04:46 -------- d-----w- C:\Users\ell\AppData\Local\{4E28993E-770B-49B3-9918-3EFEE279DE14}
2011-08-01 01:02:49 -------- d-----w- C:\Users\ell\AppData\Local\{557C4E43-6197-4628-A964-78E555E85FD8}
2011-07-31 11:48:02 -------- d-----w- C:\Users\ell\AppData\Local\{7B865713-38FF-4449-A787-E21F945FA940}
2011-07-31 11:47:40 -------- d-----w- C:\Users\ell\AppData\Local\{098774B7-F9DD-4655-A09C-B7B184158C17}
.
==================== Find3M ====================
.
2011-08-13 10:41:31 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.tmp
2011-08-13 10:41:29 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.tmp
2011-08-12 03:38:56 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-09 00:29:03 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-17 00:08:00 251392 ----a-w- C:\Windows\system\iertutil.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02

44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02

41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 07:32:22 103784 ----a-w- C:\Users\ell\GoToAssistDownloadHelper.exe
2011-07-06 11:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 20:34:48 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-17 15:32:35 210109 ----a-w- C:\Users\ell\AppData\Roaming\rpc412_setup.exe
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-12 14:48:48 27648 ----a-w- C:\Windows\System32\drivers\Ndisrd.sys
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:53:19.36 ===============

mam log

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7576

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26/8/2011 10:02:40 PM
mbam-log-2011-08-26 (22-02-40).txt

Scan type: Quick scan
Objects scanned: 201367
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.

**broni** · 27-08-2011

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ========

You're pretty frequent visitor in this forum.
It looks like there is something wrong with your computer habits.

You're not saying what the issues are.

Attach.txt part of DDS is missing.

**ramesh help** · 28-08-2011

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16/2/2011 10:33:15 AM
System Uptime: 26/8/2011 11:32:23 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 00CKNG
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | U2E1 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 2.719 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 41 GiB total, 31.021 GiB free.
F: is FIXED (NTFS) - 330 GiB total, 14.518 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Service: btwavdt
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Headset
Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Headset
PNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Service: btwavdt
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Service:
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth L2CAP Interface
Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}

_LOCALMFG&0000\8&25366A9&0&000000000000_00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth L2CAP Interface
PNP Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}

_LOCALMFG&0000\8&25366A9&0&000000000000_00000000
Service: btwl2cap
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth AV Source
Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth AV Source
PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Service: btwavdt
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Headset AG
Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Headset AG
PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Service: btwavdt
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Service:
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}

_LOCALMFG&0000\8&25366A9&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}

_LOCALMFG&0000\8&25366A9&0&000000000000_00000000
Service: btwrchid
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth AV Source
Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Manufacturer: Broadcom Corp.
Name: Bluetooth AV Source
PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Service: btwavdt
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Headset AG
Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Headset AG
PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Service: btwavdt
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}

_VID&000205AC_PID&1294\8&25366A9&0&60334BA8D54A_C0 0000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}

_VID&000205AC_PID&1294\8&25366A9&0&60334BA8D54A_C0 0000000
Service:
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth AV Source
Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Manufacturer: Broadcom Corp.
Name: Bluetooth AV Source
PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Service: btwavdt
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Service: btwavdt
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Headset AG
Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Headset AG
PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&0103\8&25366A9&0&80501B37BF3D_C0 0000000
Service: btwavdt
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}

_VID&00010001_PID&0050\8&25366A9&0&0021AB461A8A_C0 0000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}

_VID&00010001_PID&0050\8&25366A9&0&0021AB461A8A_C0 0000000
Service:
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Manufacturer: Broadcom Corp.
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00B1\8&25366A9&0&EC9B5B250636_C0 0000000
Service: btwavdt
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth AV
Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth AV
PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F

\8&25366A9&0&5063139217D6_C00000000
Service: btwavdt
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Hands-free Audio
Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}

_LOCALMFG&0000\8&25366A9&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Hands-free Audio
PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}

_LOCALMFG&0000\8&25366A9&0&000000000000_00000000
Service: btwaudio
.
==== System Restore Points ===================
.
RP249: 27/8/2011 2:32:56 PM - Installed Driver Tool.
.
==== Installed Programs ======================
.
µTorrent
Acoustica MP3 Audio Mixer
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Creative Suite 5 Master Collection
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Premiere Pro CS4
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced Audio FX Engine
AI Viewer
AIDA64 Extreme Edition v1.80
Alarm
Angry Birds
Apple Application Support
Apple Software Update
Aquarius Soft PC Alarm Clock Professional
ASIO4ALL
aTube Catcher
AutocompletePro
avast! Pro Antivirus
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Brother HL-2040
Canon CanoScan Toolbox 5.0
Canon MP Navigator EX 2.1
Canon Utilities Solution Menu
Chit Chat For Facebook 1.42
CineForm HD CODEC
Click to Call with Skype
****roach on Desktop 1.0
Collab
Computer Alarm Clock
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
DELL Drivers Update Utility 2.8
Dell Getting Started Guide
Dell Webcam Central
Digital Line Detect
DirectX 9 Runtime
Divine
Driver Checker v2.7.5
DriverGuide Toolkit
DriverIdentifier 3.3
Elcomsoft Wireless Security Auditor
ESET Online Scanner v3
Facebook Video Calling 1.0.0.7930
FileHippo.com Update Checker
FL Studio 8
Fraps (remove only)
Google Chrome
Google Talk (remove only)
GoToAssist Corporate
Hibernator version 1.0
HiJackThis
HP USB Disk Storage Format Tool
iDownloader 1.0.0.549
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Integrated Performance Primitives RTI 4.0
Intel(R) Management Engine Components
Intel(R) Processor ID Utility
Intel(R) Rapid Storage Technology
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 24
JMicron Flash Media Controller Driver
Keyboard Lock Status
Knoll Light Factory EZ Studio
Lion Skin DB Toolbar
Lion Skin Pack 6.0
Lion Skin Pack x64 V8.0
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic Bullet Looks Studio
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware version 1.51.1.1800
Maxis Broadband
Maxthon 3
Messenger Companion
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiPony 1.5.0
Movie Subtitles Searcher 1.0
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Netwaiting
NVIDIA Stereoscopic 3D Driver
NVIDIA Updatus
PDF Settings CS5
Photoshop Camera Raw
PhotoShowExpress
Picasa 3
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
Pixel ****** Toolkit
PoiZone
PowerISO
Premium Link Generator 1.00
PSD Viewer
Quick Startup 2.8.0.718
QuickTime
Rainmeter
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Reliance Netconnect - Broadband+
Renesas Electronics USB 3.0 Host Controller Driver
RockMelt
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samsung ML-1710 Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
SetPoint
Sigil
Skype™ 5.5
SnowFox YouTube Downloader HD 2.0.0.0
Software Informer 1.1
Sonic CinePlayer Decoder Pack
Sony Vegas Pro 8.0
Suite Shared Configuration CS4
Tata Photon Whiz
TeamViewer 6
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Total Video Converter 3.60 100204
Total Video Converter 3.71 100812
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
Ubuntu Skin Pack 5.0
Ubuntu Skin Pack X64 V6.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
USB over Network (Client) 4.6
USB Safely Remove 4.5
VCRedistSetup
VLC media player 1.1.11
VMware Workstation
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR 4.00 (32-bit)
XAMPP 1.6.3a
Yahoo! Messenger
YouTube Downloader 3.3
Youtube Downloader HD v. 2.6
YouTube Downloader Toolbar v4.5
.
==== Event Viewer Messages From Past Week ========
.
27/8/2011 10:37:09 AM, Error: Disk [11] - The driver detected a controller error on \Device

\Harddisk1\DR1.
26/8/2011 9:45:20 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX

Red Bend Device Management Service service hung on starting.
26/8/2011 5:04:07 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX

Red Bend Device Management Service service hung on starting.
26/8/2011 2:49:56 AM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX

Red Bend Device Management Service service hung on starting.
26/8/2011 2:39:22 AM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX

Red Bend Device Management Service service hung on starting.
26/8/2011 11:34:56 PM, Error: Service Control Manager [7034] - The Wireless PAN DHCP Server

service terminated unexpectedly. It has done this 1 time(s).
26/8/2011 11:34:56 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless

WiMAX Red Bend Device Management Service service hung on starting.
26/8/2011 11:33:04 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to

start due to the following error: The system cannot find the device specified.
26/8/2011 11:32:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer

has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004,

0x0000000000000258, 0xfffffa800416e680, 0xfffff80003c07510). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 082611-24601-01.
25/8/2011 3:28:30 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX

Red Bend Device Management Service service hung on starting.
25/8/2011 3:19:45 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted

because the shadow copy storage failed to grow.
25/8/2011 11:00:18 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless

WiMAX Red Bend Device Management Service service hung on starting.
24/8/2011 10:15:41 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted

because the shadow copy storage could not grow due to a user imposed limit.
24/8/2011 10:10:27 PM, Error: volsnap [9] - The flush and hold writes operation on volume C:

timed out while waiting for file system cleanup.
24/8/2011 10:10:27 PM, Error: volsnap [9] - The flush and hold writes operation on volume \\?

\Volume{42f791b6-2294-11e0-add4-806e6f6e6963} timed out while waiting for file system cleanup.
24/8/2011 10:09:05 PM, Error: volsnap [9] - The flush and hold writes operation on volume E:

timed out while waiting for file system cleanup.
23/8/2011 5:50:05 PM, Error: Disk [11] - The driver detected a controller error on \Device

\Harddisk1\DR10.
22/8/2011 8:00:18 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond

within the timeout period.
21/8/2011 8:55:32 AM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX

Red Bend Device Management Service service hung on starting.
21/8/2011 5:19:52 PM, Error: Disk [11] - The driver detected a controller error on \Device

\Harddisk1\DR5.
21/8/2011 12:33:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)

was reached while waiting for a transaction response from the WSearch service.
21/8/2011 12:25:17 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and

unusable. Please run the chkdsk utility on the volume Ramesh FreeAgent Drive.
.
==== End Of File ===========================

**ramesh help** · 28-08-2011

1)when ever i open programs, it hangs for a while before loading
2)start up is abit slow even after disabling some programs during the start up
3) overall process is abit slow when working even tough hving 4gb ram

**broni** · 28-08-2011

As I said before:

You're pretty frequent visitor in this forum.
It looks like there is something wrong with your computer habits.

Running P2P programs like µTorrent for instance.
You can NOT expect us to clean your computer every couple of months because you don't practice safe computing.
This is your record:

p4486072.gif

This is your 6th visit just this year!

================================================== ==

Make sure to disable "word wrap" in Notepad because your logs are hard to read.

==================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**ramesh help** · 28-08-2011

the combo worked well. no problem. that is the only test if it worked well right?
2) u mentioned that there are few post already few months. cuz those are few of the computers i have at home. i have 4 computers at home. thats is the reason

here is the combo log

ComboFix 11-08-27.01 - ell 28/08/2011 13:22:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.3828.1791 [GMT 8:00]
Running from: c:\users\ell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Lion Skin DB Toolbar\tbHElper.dll
c:\users\ell\AppData\Local\TempDIR
c:\users\ell\AppData\Local\TempDIR\BetterInstaller .exe
c:\users\ell\AppData\Roaming\rpc412_setup.exe
c:\users\ell\GoToAssistDownloadHelper.exe
c:\windows\My.ini
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\ReadMe.txt
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\html
c:\windows\SysWow64\images
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 05:18 . 2011-08-28 05:18 -------- d-----w- c:\users\ell\AppData\Local\Minibar
2011-08-28 05:17 . 2011-08-28 06:02 -------- d-----w- c:\program files (x86)\Lion Skin DB Toolbar
2011-08-27 06:35 . 2011-08-27 06:35 -------- d-----w- c:\programdata\Driver Tool
2011-08-27 06:34 . 2007-04-16 06:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8Z.DLL
2011-08-27 06:34 . 2007-04-16 06:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8Z.DLL
2011-08-27 06:33 . 2007-04-16 06:00 258560 ----a-w- c:\windows\system32\CNMLM8Z.DLL
2011-08-27 06:33 . 2007-04-25 20:10 143360 ----a-w- c:\windows\system32\CNCFMSd.EXE
2011-08-27 06:33 . 2007-04-25 20:06 3584 ----a-w- c:\windows\system32\CNCFLdUS.DLL
2011-08-27 06:33 . 2007-04-25 20:06 3072 ----a-w- c:\windows\system32\CNCFLdJP.DLL
2011-08-27 06:33 . 2007-04-25 20:15 183296 ----a-w- c:\windows\system32\CNCF2Ld.DLL
2011-08-27 02:47 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4C32CF7-86F8-4794-81AF-F9C5E896EE0B}\mpengine.dll
2011-08-26 12:29 . 2011-08-26 12:43 -------- d-----w- c:\users\ell\AppData\Local\VMware
2011-08-26 12:29 . 2011-08-26 12:43 -------- d-----w- c:\users\ell\AppData\Roaming\VMware
2011-08-26 10:34 . 2011-03-25 15:43 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-08-26 10:34 . 2011-03-25 15:43 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-26 10:34 . 2011-03-25 15:42 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-08-26 10:34 . 2011-03-25 15:42 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-08-26 10:34 . 2011-03-25 15:41 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-08-26 10:33 . 2011-03-25 15:43 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-08-26 10:33 . 2011-03-25 15:41 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-08-26 10:33 . 2011-03-25 14:27 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-26 10:33 . 2011-08-26 10:33 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-08-26 10:32 . 2011-08-26 10:32 -------- d-----w- c:\program files (x86)\VMware
2011-08-25 16:43 . 2011-08-25 16:43 -------- d-----w- C:\New folder
2011-08-25 07:20 . 2011-08-28 05:08 -------- d-----w- c:\programdata\VMware
2011-08-24 14:05 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 14:05 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-22 10:38 . 2011-08-22 10:39 -------- d-----w- c:\users\ell\AppData\Roaming\PCF-VLC
2011-08-22 09:22 . 2011-08-22 09:22 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-08-22 09:22 . 2011-08-22 09:22 -------- d-----w- c:\users\ell\AppData\Roaming\Participatory Culture Foundation
2011-08-22 09:19 . 2011-08-22 09:19 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-08-22 04:58 . 2011-08-22 09:17 -------- d-----w- c:\users\ell\AppData\Roaming\IDM
2011-08-22 04:58 . 2011-08-22 04:59 -------- d-----w- c:\program files (x86)\Internet Download Manager
2011-08-21 09:06 . 2011-08-21 09:09 -------- d-----w- c:\users\ell\AppData\Roaming\Torrent Episode Downloader
2011-08-20 09:49 . 2011-08-20 09:52 -------- d-----w- c:\program files (x86)\Driver Checker
2011-08-20 09:49 . 2008-12-03 09:40 81408 ----a-w- c:\windows\SysWow64\devcon_x64.exe
2011-08-20 07:28 . 2011-08-20 09:53 -------- d-----w- c:\users\ell\AppData\Roaming\Mipony
2011-08-20 07:28 . 2011-08-20 07:28 -------- d-----w- c:\program files (x86)\MiPony
2011-08-20 03:36 . 2011-08-20 03:36 -------- d-----w- c:\users\ell\AppData\Roaming\Postbox
2011-08-20 03:36 . 2011-08-20 03:36 -------- d-----w- c:\users\ell\AppData\Local\Postbox
2011-08-19 06:41 . 2011-08-19 06:41 -------- d--h--w- c:\programdata\CanonIJScan
2011-08-19 05:11 . 2009-06-16 03:37 1342976 ----a-w- c:\windows\system32\CNC320C.DLL
2011-08-19 05:11 . 2009-06-16 03:36 92672 ----a-w- c:\windows\system32\CNC320I.DLL
2011-08-19 05:11 . 2009-02-19 05:20 299520 ----a-w- c:\windows\system32\CNC320L.DLL
2011-08-19 05:11 . 2008-08-25 10:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-08-19 05:11 . 2008-07-16 01:39 235008 ----a-w- c:\windows\system32\CNC320O.DLL
2011-08-18 09:30 . 2011-08-19 06:41 -------- d-----w- c:\users\ell\AppData\Roaming\Canon
2011-08-18 09:30 . 2011-08-19 06:40 -------- d-----w- c:\program files (x86)\Canon
2011-08-18 06:25 . 2011-08-18 06:25 -------- d-----w- c:\users\ell\.Virtualbox
2011-08-18 06:08 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-18 06:08 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-18 06:08 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-18 06:08 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-18 06:08 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-18 06:08 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-18 06:07 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-08-18 06:07 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-18 05:38 . 2011-08-27 06:34 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-08-18 05:38 . 2006-06-29 06:30 17408 ----a-w- c:\windows\system32\cnqo2411.dll
2011-08-18 05:38 . 2011-08-19 06:40 -------- d--h--w- c:\program files\CanonBJ
2011-08-18 05:38 . 2006-07-20 08:14 1336320 ----a-w- c:\windows\system32\CNQC2411.DLL
2011-08-18 05:38 . 2006-07-20 08:14 49664 ----a-w- c:\windows\system32\CNQI2411.DLL
2011-08-18 05:38 . 2006-05-31 00:49 171008 ----a-w- c:\windows\system32\CNQL2411.DLL
2011-08-18 05:36 . 2011-08-18 05:36 -------- d-----w- c:\program files\Common Files\CANON
2011-08-18 05:12 . 2011-08-18 05:12 -------- d-----w- c:\users\ell\AppData\Roaming\RadarSync
2011-08-18 02:59 . 2011-08-18 02:59 -------- d-----w- c:\users\ell\AppData\Local\Geckofx
2011-08-17 11:31 . 2011-08-18 05:33 -------- d-----w- c:\users\ell\AppData\Local\Captcha_Brotherhood
2011-08-17 11:31 . 2011-08-17 12:51 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-17 08:17 . 2011-08-18 04:42 -------- d-----w- c:\users\ell\AppData\Local\iDownloader
2011-08-17 08:17 . 2011-08-17 08:17 -------- d-----w- c:\program files (x86)\iDownloader
2011-08-17 08:17 . 2011-08-17 08:17 -------- d-----w- c:\programdata\iDownloader Limited
2011-08-17 08:10 . 2011-08-17 08:10 -------- d-----w- c:\programdata\Web Installer
2011-08-13 10:59 . 2011-08-13 10:59 -------- d-----w- c:\users\ell\AppData\Local\MySpaces
2011-08-13 10:41 . 2010-11-20 13:27 829440 ----a-w- c:\windows\system32\TSWorkspace.dll
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\Application Updater
2011-08-12 18:16 . 2011-08-12 18:16 -------- d-----w- c:\programdata\YouTube Downloader
2011-08-12 14:10 . 2011-08-12 14:10 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-12 14:08 . 2010-02-04 02:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-08-12 05:58 . 2011-08-12 05:58 -------- d-----w- c:\program files (x86)\DiskInternals
2011-08-12 01:06 . 2011-08-12 13:02 -------- d--h--w- c:\windows\Ubuntu Skin Pack X64
2011-08-11 05:06 . 2011-08-11 05:06 -------- d--h--w- c:\programdata\CanonBJ
2011-08-11 05:06 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-08-10 09:57 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:57 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 02:11 . 2011-08-10 02:11 -------- d-----w- c:\programdata\ALM
2011-08-10 01:05 . 2011-08-10 01:05 -------- d-----w- c:\program files (x86)\MagicISO
2011-08-09 14:27 . 2011-08-09 14:27 -------- d-----w- c:\windows\SysWow64\spool
2011-08-08 17:46 . 2011-07-06 15:14 145008 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-08 03:41 . 2011-08-08 03:41 -------- d-----w- c:\program files (x86)\Hibernator
2011-08-06 16:35 . 2011-08-06 17:08 -------- d-----w- c:\users\ell\AppData\Roaming\AVS4YOU
2011-08-06 16:25 . 2011-06-22 03:50 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-08-06 16:25 . 2011-06-22 03:50 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-08-06 16:25 . 2011-08-07 00:49 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-08-06 16:25 . 2011-08-06 16:35 -------- d-----w- c:\programdata\AVS4YOU
2011-08-06 16:25 . 2011-08-06 16:26 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-08-06 16:25 . 2011-06-22 03:51 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-08-06 16:25 . 2011-06-22 03:51 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-06 16:07 . 2011-08-06 16:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-06 05:44 . 2011-08-06 05:44 -------- d-----w- c:\users\ell\AppData\Local\Ahead
2011-08-06 03:27 . 2011-08-06 03:27 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2011-08-06 03:27 . 2011-08-06 03:27 -------- d-----w- c:\program files (x86)\Sigil
2011-08-04 01:56 . 2006-08-20 22:06 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\SSGB1pc.dll
2011-08-04 01:56 . 2006-11-21 03:40 89600 ----a-w- c:\windows\system32\SSGB1ci.dll
2011-08-04 01:56 . 2006-11-20 00:22 151552 ----a-w- c:\windows\system32\SSGB1ci.exe
2011-08-04 01:55 . 2009-03-02 06:12 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-08-04 01:55 . 2009-03-02 06:12 53816 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2011-08-04 01:55 . 2011-08-04 01:55 -------- d-----w- c:\program files (x86)\SAMSUNG
2011-08-04 00:02 . 2011-08-04 00:06 -------- d-----r- c:\program files (x86)\Skype
2011-08-03 15:06 . 2011-08-03 15:06 -------- d-----r- C:\MSOCache
2011-08-03 14:58 . 2011-08-03 14:58 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-03 14:57 . 2011-08-03 14:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-08-03 14:42 . 2011-08-03 14:42 -------- d-----r- c:\users\ell\AppData\Roaming\Brother
2011-08-03 14:31 . 2011-08-03 14:31 -------- d-----w- c:\program files (x86)\Brownie
2011-08-03 14:31 . 2008-10-22 18:30 111928 ------w- c:\windows\SysWow64\BRRBTOOL.EXE
2011-08-03 14:31 . 2007-01-15 18:30 24223 ------w- c:\windows\SysWow64\brlm03a.dll
2011-08-03 14:31 . 2006-12-21 05:53 176128 ------w- c:\windows\SysWow64\BROSNMP.DLL
2011-08-03 14:31 . 2004-08-09 19:12 77824 ------w- c:\windows\SysWow64\brlmw03a.dll
2011-08-03 14:31 . 2011-08-03 14:31 -------- d-----w- c:\program files (x86)\Brother
2011-08-03 14:31 . 2009-05-25 13:44 196608 ------w- c:\windows\SysWow64\Pdrvinst.dll
2011-08-03 14:30 . 2004-04-18 18:12 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iKernel.dll
2011-08-03 14:30 . 2004-04-18 18:10 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\ctor.dll
2011-08-03 14:30 . 2004-04-18 18:09 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iscript.dll
2011-08-03 14:30 . 2004-04-18 18:09 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iuser.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-13 10:41 . 2011-06-09 10:54 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.tmp
2011-08-13 10:41 . 2011-06-09 10:54 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.tmp
2011-08-12 03:38 . 2011-05-22 10:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-09 00:29 . 2011-01-17 22:03 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-17 00:08 . 2011-07-17 00:39 251392 ----a-w- c:\windows\system\iertutil.dll
2011-07-16 04:26 . 2011-08-10 09:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 10:38 . 2011-07-13 10:38 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-07-06 11:52 . 2011-02-16 08:33 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52 . 2011-02-16 08:33 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 20:34 . 2011-06-23 20:34 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-06-12 14:48 . 2011-06-12 14:48 27648 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2011-06-11 03:07 . 2011-07-13 09:50 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\ERDNT\cache64\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\Ubuntu Skin Pack X64\Backup\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_8 8a5cc7effe2dfca\comres.dll
[-] 2009-07-14 . 488669FCAB97FB199E1B64CF1BC68316 . 1368576 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe
[-] 2011-02-25 . 2BF68DB3E5DCEB173685E6763E5FE461 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe
[7] 2011-01-17 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc5 08f19359a007\explorer.exe
[7] 2011-01-17 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46 d6aeac7ca7c7\explorer.exe
[7] 2011-01-17 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff 19b5932d79ae\explorer.exe
[7] 2011-01-17 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84 b558ac4eb41c\explorer.exe
[7] 2011-01-17 . 6D4F9E4B640B413C6F73414327484C80 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_adde a9f19345cd81\explorer.exe
[7] 2011-01-17 . CA17F8620815267DC838E30B68CB5052 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b 763cac6d568e\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
[-] 2010-11-20 . 425F58DDC0729B81477DBAE9A4578C52 . 2637824 . . [6.1.7600.16385] .. c:\windows\Ubuntu Skin Pack X64\Backup\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afda ac81905bf900\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada9 98b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC7}]
2011-08-16 08:37 1358448 ----a-w- c:\program files (x86)\iDownloader\iDownloaderBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"USB Safely Remove"="e:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-28 1239040]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
Refresh.lnk - c:\windows\Lion Skin Pack x64\Tools\Refresh.cmd [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-29 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 04:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.s ys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;e:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpc iflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-03-05 16896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.s ys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;e:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 539032]
S2 VBoxDrv;VBox Support Driver;e:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2010-07-15 203864]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.s ys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndis rd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 556544 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\Facebook\Update\Faceboo kUpdate.exe [2011-07-06 03:41]
.
2011-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\Facebook\Update\Faceboo kUpdate.exe [2011-07-06 03:41]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\Google\Update\GoogleUpd ate.exe [2011-08-03 14:05]
.
2011-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\Google\Update\GoogleUpd ate.exe [2011-08-03 14:05]
.
2011-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2011-08-27 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\RockMelt\Update\RockMel tUpdate.exe [2011-06-15 00:07]
.
2011-08-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\RockMelt\Update\RockMel tUpdate.exe [2011-06-15 00:07]
.
2011-08-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-09-02 415256]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-23 312936]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-28F378FEA264}"= "c:\program files\OneUpIndustries\Bins\v0.9.8.188\TaskbarDockL oader64.dll" [2011-06-26 587264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10211&bi=400
mStart Page = hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download with iDownloader - c:\program files (x86)\iDownloader\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\14355535: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E4540204023556 3627564702255636960756: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E454020402B464 34: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\4557E65684F64756C637: NameServer = 202.188.0.133
TCP: Interfaces\{B4405618-1190-43A7-BD63-B332AC4E8BE1}: NameServer = 202.188.0.133
TCP: Interfaces\{E1B89A9C-BDB4-4F0D-95EC-01AD6454B894}: NameServer = 202.188.0.133
FF - ProfilePath - c:\users\ell\AppData\Roaming\Mozilla\Firefox\Profi les\mo783nd6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://mirostart.com/?cfg=2-365-0-...
FF - prefs.js: network.proxy.ftp - 172.17.0.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.17.0.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.17.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.17.0.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.17.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\P CDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-28 14:06:26
ComboFix-quarantined-files.txt 2011-08-28 06:06
.
Pre-Run: 1,037,119,488 bytes free
Post-Run: 4,430,794,752 bytes free
.
- - End Of File - - 3A977D7598C412EFB922C5A176EB663F

**broni** · 28-08-2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box
Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy::
c:\windows\ERDNT\cache64\comres.dll | c:\windows\system32\comres.dll
c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe | c:\windows\explorer.exe

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**ramesh help** · 29-08-2011

ComboFix 11-08-28.01 - ell 29/08/2011 2:36.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.3828.2102 [GMT 8:00]
Running from: c:\users\ell\Desktop\ComboFix.exe
Command switches used :: c:\users\ell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache64\comres.dll --> c:\windows\system32\comres.dll
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 18:46 . 2011-08-28 18:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-28 18:46 . 2011-08-28 18:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-28 18:46 . 2011-08-28 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-28 05:18 . 2011-08-28 05:18 -------- d-----w- c:\users\ell\AppData\Local\Minibar
2011-08-28 05:17 . 2011-08-28 06:02 -------- d-----w- c:\program files (x86)\Lion Skin DB Toolbar
2011-08-27 06:35 . 2011-08-27 06:35 -------- d-----w- c:\programdata\Driver Tool
2011-08-27 06:34 . 2007-04-16 06:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8Z.DLL
2011-08-27 06:34 . 2007-04-16 06:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8Z.DLL
2011-08-27 06:33 . 2007-04-16 06:00 258560 ----a-w- c:\windows\system32\CNMLM8Z.DLL
2011-08-27 06:33 . 2007-04-25 20:10 143360 ----a-w- c:\windows\system32\CNCFMSd.EXE
2011-08-27 06:33 . 2007-04-25 20:06 3584 ----a-w- c:\windows\system32\CNCFLdUS.DLL
2011-08-27 06:33 . 2007-04-25 20:06 3072 ----a-w- c:\windows\system32\CNCFLdJP.DLL
2011-08-27 06:33 . 2007-04-25 20:15 183296 ----a-w- c:\windows\system32\CNCF2Ld.DLL
2011-08-27 02:47 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4C32CF7-86F8-4794-81AF-F9C5E896EE0B}\mpengine.dll
2011-08-26 12:29 . 2011-08-26 12:43 -------- d-----w- c:\users\ell\AppData\Local\VMware
2011-08-26 12:29 . 2011-08-26 12:43 -------- d-----w- c:\users\ell\AppData\Roaming\VMware
2011-08-26 10:34 . 2011-03-25 15:43 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-08-26 10:34 . 2011-03-25 15:43 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-26 10:34 . 2011-03-25 15:42 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-08-26 10:34 . 2011-03-25 15:42 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-08-26 10:34 . 2011-03-25 15:41 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-08-26 10:33 . 2011-03-25 15:43 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-08-26 10:33 . 2011-03-25 15:41 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-08-26 10:33 . 2011-03-25 14:27 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-26 10:33 . 2011-08-26 10:33 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-08-26 10:32 . 2011-08-26 10:32 -------- d-----w- c:\program files (x86)\VMware
2011-08-25 16:43 . 2011-08-25 16:43 -------- d-----w- C:\New folder
2011-08-25 07:20 . 2011-08-28 09:13 -------- d-----w- c:\programdata\VMware
2011-08-24 14:05 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 14:05 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-22 10:38 . 2011-08-22 10:39 -------- d-----w- c:\users\ell\AppData\Roaming\PCF-VLC
2011-08-22 09:22 . 2011-08-22 09:22 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-08-22 09:22 . 2011-08-22 09:22 -------- d-----w- c:\users\ell\AppData\Roaming\Participatory Culture Foundation
2011-08-22 09:19 . 2011-08-22 09:19 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-08-22 04:58 . 2011-08-22 09:17 -------- d-----w- c:\users\ell\AppData\Roaming\IDM
2011-08-22 04:58 . 2011-08-22 04:59 -------- d-----w- c:\program files (x86)\Internet Download Manager
2011-08-21 09:06 . 2011-08-21 09:09 -------- d-----w- c:\users\ell\AppData\Roaming\Torrent Episode Downloader
2011-08-20 09:49 . 2011-08-20 09:52 -------- d-----w- c:\program files (x86)\Driver Checker
2011-08-20 09:49 . 2008-12-03 09:40 81408 ----a-w- c:\windows\SysWow64\devcon_x64.exe
2011-08-20 07:28 . 2011-08-20 09:53 -------- d-----w- c:\users\ell\AppData\Roaming\Mipony
2011-08-20 07:28 . 2011-08-20 07:28 -------- d-----w- c:\program files (x86)\MiPony
2011-08-20 03:36 . 2011-08-20 03:36 -------- d-----w- c:\users\ell\AppData\Roaming\Postbox
2011-08-20 03:36 . 2011-08-20 03:36 -------- d-----w- c:\users\ell\AppData\Local\Postbox
2011-08-19 06:41 . 2011-08-19 06:41 -------- d--h--w- c:\programdata\CanonIJScan
2011-08-19 05:11 . 2009-06-16 03:37 1342976 ----a-w- c:\windows\system32\CNC320C.DLL
2011-08-19 05:11 . 2009-06-16 03:36 92672 ----a-w- c:\windows\system32\CNC320I.DLL
2011-08-19 05:11 . 2009-02-19 05:20 299520 ----a-w- c:\windows\system32\CNC320L.DLL
2011-08-19 05:11 . 2008-08-25 10:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-08-19 05:11 . 2008-07-16 01:39 235008 ----a-w- c:\windows\system32\CNC320O.DLL
2011-08-18 09:30 . 2011-08-19 06:41 -------- d-----w- c:\users\ell\AppData\Roaming\Canon
2011-08-18 09:30 . 2011-08-19 06:40 -------- d-----w- c:\program files (x86)\Canon
2011-08-18 06:25 . 2011-08-18 06:25 -------- d-----w- c:\users\ell\.Virtualbox
2011-08-18 06:08 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-18 06:08 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-18 06:08 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-18 06:08 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-18 06:08 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-18 06:08 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-18 06:07 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-08-18 06:07 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-18 05:38 . 2011-08-27 06:34 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-08-18 05:38 . 2006-06-29 06:30 17408 ----a-w- c:\windows\system32\cnqo2411.dll
2011-08-18 05:38 . 2011-08-19 06:40 -------- d--h--w- c:\program files\CanonBJ
2011-08-18 05:38 . 2006-07-20 08:14 1336320 ----a-w- c:\windows\system32\CNQC2411.DLL
2011-08-18 05:38 . 2006-07-20 08:14 49664 ----a-w- c:\windows\system32\CNQI2411.DLL
2011-08-18 05:38 . 2006-05-31 00:49 171008 ----a-w- c:\windows\system32\CNQL2411.DLL
2011-08-18 05:36 . 2011-08-18 05:36 -------- d-----w- c:\program files\Common Files\CANON
2011-08-18 05:12 . 2011-08-18 05:12 -------- d-----w- c:\users\ell\AppData\Roaming\RadarSync
2011-08-18 02:59 . 2011-08-18 02:59 -------- d-----w- c:\users\ell\AppData\Local\Geckofx
2011-08-17 11:31 . 2011-08-18 05:33 -------- d-----w- c:\users\ell\AppData\Local\Captcha_Brotherhood
2011-08-17 11:31 . 2011-08-17 12:51 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-17 08:17 . 2011-08-18 04:42 -------- d-----w- c:\users\ell\AppData\Local\iDownloader
2011-08-17 08:17 . 2011-08-17 08:17 -------- d-----w- c:\program files (x86)\iDownloader
2011-08-17 08:17 . 2011-08-17 08:17 -------- d-----w- c:\programdata\iDownloader Limited
2011-08-17 08:10 . 2011-08-17 08:10 -------- d-----w- c:\programdata\Web Installer
2011-08-13 10:59 . 2011-08-13 10:59 -------- d-----w- c:\users\ell\AppData\Local\MySpaces
2011-08-13 10:41 . 2010-11-20 13:27 829440 ----a-w- c:\windows\system32\TSWorkspace.dll
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\Application Updater
2011-08-12 18:16 . 2011-08-12 18:16 -------- d-----w- c:\programdata\YouTube Downloader
2011-08-12 14:10 . 2011-08-12 14:10 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-12 14:08 . 2010-02-04 02:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-08-12 05:58 . 2011-08-12 05:58 -------- d-----w- c:\program files (x86)\DiskInternals
2011-08-12 01:06 . 2011-08-12 13:02 -------- d--h--w- c:\windows\Ubuntu Skin Pack X64
2011-08-11 05:06 . 2011-08-11 05:06 -------- d--h--w- c:\programdata\CanonBJ
2011-08-11 05:06 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-08-10 09:57 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:57 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 02:11 . 2011-08-10 02:11 -------- d-----w- c:\programdata\ALM
2011-08-10 01:05 . 2011-08-10 01:05 -------- d-----w- c:\program files (x86)\MagicISO
2011-08-09 14:27 . 2011-08-09 14:27 -------- d-----w- c:\windows\SysWow64\spool
2011-08-08 17:46 . 2011-07-06 15:14 145008 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-08 03:41 . 2011-08-08 03:41 -------- d-----w- c:\program files (x86)\Hibernator
2011-08-06 16:35 . 2011-08-06 17:08 -------- d-----w- c:\users\ell\AppData\Roaming\AVS4YOU
2011-08-06 16:25 . 2011-06-22 03:50 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-08-06 16:25 . 2011-06-22 03:50 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-08-06 16:25 . 2011-08-07 00:49 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-08-06 16:25 . 2011-08-06 16:35 -------- d-----w- c:\programdata\AVS4YOU
2011-08-06 16:25 . 2011-08-06 16:26 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-08-06 16:25 . 2011-06-22 03:51 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-08-06 16:25 . 2011-06-22 03:51 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-06 16:07 . 2011-08-06 16:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-06 05:44 . 2011-08-06 05:44 -------- d-----w- c:\users\ell\AppData\Local\Ahead
2011-08-06 03:27 . 2011-08-06 03:27 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2011-08-06 03:27 . 2011-08-06 03:27 -------- d-----w- c:\program files (x86)\Sigil
2011-08-04 01:56 . 2006-08-20 22:06 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\SSGB1pc.dll
2011-08-04 01:56 . 2006-11-21 03:40 89600 ----a-w- c:\windows\system32\SSGB1ci.dll
2011-08-04 01:56 . 2006-11-20 00:22 151552 ----a-w- c:\windows\system32\SSGB1ci.exe
2011-08-04 01:55 . 2009-03-02 06:12 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-08-04 01:55 . 2009-03-02 06:12 53816 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2011-08-04 01:55 . 2011-08-04 01:55 -------- d-----w- c:\program files (x86)\SAMSUNG
2011-08-04 00:02 . 2011-08-04 00:06 -------- d-----r- c:\program files (x86)\Skype
2011-08-03 15:06 . 2011-08-03 15:06 -------- d-----r- C:\MSOCache
2011-08-03 14:58 . 2011-08-03 14:58 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-03 14:57 . 2011-08-03 14:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-08-03 14:42 . 2011-08-03 14:42 -------- d-----r- c:\users\ell\AppData\Roaming\Brother
2011-08-03 14:31 . 2011-08-03 14:31 -------- d-----w- c:\program files (x86)\Brownie
2011-08-03 14:31 . 2008-10-22 18:30 111928 ------w- c:\windows\SysWow64\BRRBTOOL.EXE
2011-08-03 14:31 . 2007-01-15 18:30 24223 ------w- c:\windows\SysWow64\brlm03a.dll
2011-08-03 14:31 . 2006-12-21 05:53 176128 ------w- c:\windows\SysWow64\BROSNMP.DLL
2011-08-03 14:31 . 2004-08-09 19:12 77824 ------w- c:\windows\SysWow64\brlmw03a.dll
2011-08-03 14:31 . 2011-08-03 14:31 -------- d-----w- c:\program files (x86)\Brother
2011-08-03 14:31 . 2009-05-25 13:44 196608 ------w- c:\windows\SysWow64\Pdrvinst.dll
2011-08-03 14:30 . 2004-04-18 18:12 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iKernel.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-13 10:41 . 2011-06-09 10:54 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.tmp
2011-08-13 10:41 . 2011-06-09 10:54 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.tmp
2011-08-12 03:38 . 2011-05-22 10:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-09 00:29 . 2011-01-17 22:03 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-17 00:08 . 2011-07-17 00:39 251392 ----a-w- c:\windows\system\iertutil.dll
2011-07-16 04:26 . 2011-08-10 09:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 10:38 . 2011-07-13 10:38 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-07-06 11:52 . 2011-02-16 08:33 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52 . 2011-02-16 08:33 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 20:34 . 2011-06-23 20:34 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-06-12 14:48 . 2011-06-12 14:48 27648 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2011-06-11 03:07 . 2011-07-13 09:50 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe
[-] 2011-02-25 . 2BF68DB3E5DCEB173685E6763E5FE461 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe
[7] 2011-01-17 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc5 08f19359a007\explorer.exe
[7] 2011-01-17 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46 d6aeac7ca7c7\explorer.exe
[7] 2011-01-17 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff 19b5932d79ae\explorer.exe
[7] 2011-01-17 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84 b558ac4eb41c\explorer.exe
[7] 2011-01-17 . 6D4F9E4B640B413C6F73414327484C80 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_adde a9f19345cd81\explorer.exe
[7] 2011-01-17 . CA17F8620815267DC838E30B68CB5052 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b 763cac6d568e\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
[-] 2010-11-20 . 425F58DDC0729B81477DBAE9A4578C52 . 2637824 . . [6.1.7600.16385] .. c:\windows\Ubuntu Skin Pack X64\Backup\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afda ac81905bf900\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada9 98b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_06.02.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-28 05:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-28 17:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-28 05:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-28 17:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-28 05:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2011-08-28 17:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2011-01-17 22:10 . 2011-08-28 09:16 63194 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-28 09:17 48860 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2011-02-16 03:53 . 2011-08-28 09:17 21694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-153830059-1863615693-2551223645-1001_UserData.bin
- 2011-02-16 02:33 . 2011-08-28 05:08 49152 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-16 02:33 . 2011-08-28 09:13 49152 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-21 12:33 . 2011-08-28 05:08 49152 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-21 12:33 . 2011-08-28 09:13 49152 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-28 09:13 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2011-08-28 05:08 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2011-01-17 23:54 . 2011-08-28 06:13 5457 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-01-17 23:54 . 2011-08-28 05:07 5457 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-08-28 05:08 . 2011-08-28 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-08-28 09:13 . 2011-08-28 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-08-28 09:13 . 2011-08-28 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2011-08-28 05:08 . 2011-08-28 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-02-16 04:07 . 2011-08-28 14:54 500496 c:\windows\system32\wdi\SuspendPerformanceDiagnost ics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-08-28 05:14 667714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-28 09:19 667714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-28 09:19 126944 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-28 05:14 126944 c:\windows\system32\perfc009.dat
- 2011-08-25 14:57 . 2011-08-28 05:02 774568 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2011-08-25 14:57 . 2011-08-28 06:13 774568 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-08-28 06:13 855728 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-28 05:07 855728 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2011-02-20 12:15 . 2011-08-28 06:13 5695332 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-8192.dat
- 2011-02-20 12:15 . 2011-08-28 05:07 5695332 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-8192.dat
+ 2011-03-29 02:01 . 2011-08-28 06:13 2517306 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-12288.dat
- 2011-03-29 02:01 . 2011-08-26 13:37 2517306 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC7}]
2011-08-16 08:37 1358448 ----a-w- c:\program files (x86)\iDownloader\iDownloaderBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"USB Safely Remove"="e:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-28 1239040]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
Refresh.lnk - c:\windows\Lion Skin Pack x64\Tools\Refresh.cmd [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-29 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 04:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.s ys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;e:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpc iflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-03-05 16896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.s ys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;e:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 539032]
S2 VBoxDrv;VBox Support Driver;e:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2010-07-15 203864]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.s ys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndis rd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 556544 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\Facebook\Update\Faceboo kUpdate.exe [2011-07-06 03:41]
.
2011-08-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\Facebook\Update\Faceboo kUpdate.exe [2011-07-06 03:41]
.
2011-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\Google\Update\GoogleUpd ate.exe [2011-08-03 14:05]
.
2011-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\Google\Update\GoogleUpd ate.exe [2011-08-03 14:05]
.
2011-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2011-08-27 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\RockMelt\Update\RockMel tUpdate.exe [2011-06-15 00:07]
.
2011-08-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\RockMelt\Update\RockMel tUpdate.exe [2011-06-15 00:07]
.
2011-08-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-09-02 415256]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-23 312936]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-28F378FEA264}"= "c:\program files\OneUpIndustries\Bins\v0.9.8.188\TaskbarDockL oader64.dll" [2011-06-26 587264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10211&bi=400
mStart Page = hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download with iDownloader - c:\program files (x86)\iDownloader\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\14355535: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E4540204023556 3627564702255636960756: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E454020402B464 34: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\4557E65684F64756C637: NameServer = 202.188.0.133
TCP: Interfaces\{B4405618-1190-43A7-BD63-B332AC4E8BE1}: NameServer = 202.188.0.133
TCP: Interfaces\{E1B89A9C-BDB4-4F0D-95EC-01AD6454B894}: NameServer = 202.188.0.133
FF - ProfilePath - c:\users\ell\AppData\Roaming\Mozilla\Firefox\Profi les\mo783nd6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}?q=
FF - prefs.js: network.proxy.ftp - 172.17.0.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.17.0.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.17.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.17.0.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.17.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\P CDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-29 02:58:34
ComboFix-quarantined-files.txt 2011-08-28 18:58
ComboFix2.txt 2011-08-28 06:06
.
Pre-Run: 4,021,051,392 bytes free
Post-Run: 5,026,172,928 bytes free
.
- - End Of File - - DDC44521C791715FB8DE79A40A3C68EE

**broni** · 29-08-2011

One file copy didn't take because of this board bug....

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box
Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe | c:\windows\explorer.exe

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**ramesh help** · 29-08-2011

ComboFix 11-08-28.01 - ell 29/08/2011 14:27:09.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.3828.1802 [GMT 8:00]
Running from: c:\users\ell\Desktop\ComboFix.exe
Command switches used :: c:\users\ell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 06:34 . 2011-08-29 06:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-29 06:34 . 2011-08-29 06:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-29 06:34 . 2011-08-29 06:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-28 05:18 . 2011-08-28 05:18 -------- d-----w- c:\users\ell\AppData\Local\Minibar
2011-08-28 05:17 . 2011-08-28 06:02 -------- d-----w- c:\program files (x86)\Lion Skin DB Toolbar
2011-08-27 06:35 . 2011-08-27 06:35 -------- d-----w- c:\programdata\Driver Tool
2011-08-27 06:34 . 2007-04-16 06:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8Z.DLL
2011-08-27 06:34 . 2007-04-16 06:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8Z.DLL
2011-08-27 06:33 . 2007-04-16 06:00 258560 ----a-w- c:\windows\system32\CNMLM8Z.DLL
2011-08-27 06:33 . 2007-04-25 20:10 143360 ----a-w- c:\windows\system32\CNCFMSd.EXE
2011-08-27 06:33 . 2007-04-25 20:06 3584 ----a-w- c:\windows\system32\CNCFLdUS.DLL
2011-08-27 06:33 . 2007-04-25 20:06 3072 ----a-w- c:\windows\system32\CNCFLdJP.DLL
2011-08-27 06:33 . 2007-04-25 20:15 183296 ----a-w- c:\windows\system32\CNCF2Ld.DLL
2011-08-27 02:47 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4C32CF7-86F8-4794-81AF-F9C5E896EE0B}\mpengine.dll
2011-08-26 12:29 . 2011-08-26 12:43 -------- d-----w- c:\users\ell\AppData\Local\VMware
2011-08-26 12:29 . 2011-08-26 12:43 -------- d-----w- c:\users\ell\AppData\Roaming\VMware
2011-08-26 10:34 . 2011-03-25 15:43 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-08-26 10:34 . 2011-03-25 15:43 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-08-26 10:34 . 2011-03-25 15:42 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-08-26 10:34 . 2011-03-25 15:42 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-08-26 10:34 . 2011-03-25 15:41 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-08-26 10:33 . 2011-03-25 15:43 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-08-26 10:33 . 2011-03-25 15:41 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-08-26 10:33 . 2011-03-25 14:27 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-08-26 10:33 . 2011-08-26 10:33 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-08-26 10:32 . 2011-08-26 10:32 -------- d-----w- c:\program files (x86)\VMware
2011-08-25 16:43 . 2011-08-25 16:43 -------- d-----w- C:\New folder
2011-08-25 07:20 . 2011-08-28 09:13 -------- d-----w- c:\programdata\VMware
2011-08-24 14:05 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 14:05 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-22 10:38 . 2011-08-22 10:39 -------- d-----w- c:\users\ell\AppData\Roaming\PCF-VLC
2011-08-22 09:22 . 2011-08-22 09:22 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-08-22 09:22 . 2011-08-22 09:22 -------- d-----w- c:\users\ell\AppData\Roaming\Participatory Culture Foundation
2011-08-22 09:19 . 2011-08-22 09:19 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-08-22 04:58 . 2011-08-22 09:17 -------- d-----w- c:\users\ell\AppData\Roaming\IDM
2011-08-22 04:58 . 2011-08-22 04:59 -------- d-----w- c:\program files (x86)\Internet Download Manager
2011-08-21 09:06 . 2011-08-21 09:09 -------- d-----w- c:\users\ell\AppData\Roaming\Torrent Episode Downloader
2011-08-20 09:49 . 2011-08-20 09:52 -------- d-----w- c:\program files (x86)\Driver Checker
2011-08-20 09:49 . 2008-12-03 09:40 81408 ----a-w- c:\windows\SysWow64\devcon_x64.exe
2011-08-20 07:28 . 2011-08-20 09:53 -------- d-----w- c:\users\ell\AppData\Roaming\Mipony
2011-08-20 07:28 . 2011-08-20 07:28 -------- d-----w- c:\program files (x86)\MiPony
2011-08-20 03:36 . 2011-08-20 03:36 -------- d-----w- c:\users\ell\AppData\Roaming\Postbox
2011-08-20 03:36 . 2011-08-20 03:36 -------- d-----w- c:\users\ell\AppData\Local\Postbox
2011-08-19 06:41 . 2011-08-19 06:41 -------- d--h--w- c:\programdata\CanonIJScan
2011-08-19 05:11 . 2009-06-16 03:37 1342976 ----a-w- c:\windows\system32\CNC320C.DLL
2011-08-19 05:11 . 2009-06-16 03:36 92672 ----a-w- c:\windows\system32\CNC320I.DLL
2011-08-19 05:11 . 2009-02-19 05:20 299520 ----a-w- c:\windows\system32\CNC320L.DLL
2011-08-19 05:11 . 2008-08-25 10:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2011-08-19 05:11 . 2008-07-16 01:39 235008 ----a-w- c:\windows\system32\CNC320O.DLL
2011-08-18 09:30 . 2011-08-19 06:41 -------- d-----w- c:\users\ell\AppData\Roaming\Canon
2011-08-18 09:30 . 2011-08-19 06:40 -------- d-----w- c:\program files (x86)\Canon
2011-08-18 06:25 . 2011-08-18 06:25 -------- d-----w- c:\users\ell\.Virtualbox
2011-08-18 06:08 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-18 06:08 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-18 06:08 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-18 06:08 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-18 06:08 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-18 06:08 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-18 06:07 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-08-18 06:07 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-18 05:38 . 2011-08-27 06:34 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-08-18 05:38 . 2006-06-29 06:30 17408 ----a-w- c:\windows\system32\cnqo2411.dll
2011-08-18 05:38 . 2011-08-19 06:40 -------- d--h--w- c:\program files\CanonBJ
2011-08-18 05:38 . 2006-07-20 08:14 1336320 ----a-w- c:\windows\system32\CNQC2411.DLL
2011-08-18 05:38 . 2006-07-20 08:14 49664 ----a-w- c:\windows\system32\CNQI2411.DLL
2011-08-18 05:38 . 2006-05-31 00:49 171008 ----a-w- c:\windows\system32\CNQL2411.DLL
2011-08-18 05:36 . 2011-08-18 05:36 -------- d-----w- c:\program files\Common Files\CANON
2011-08-18 05:12 . 2011-08-18 05:12 -------- d-----w- c:\users\ell\AppData\Roaming\RadarSync
2011-08-18 02:59 . 2011-08-18 02:59 -------- d-----w- c:\users\ell\AppData\Local\Geckofx
2011-08-17 11:31 . 2011-08-18 05:33 -------- d-----w- c:\users\ell\AppData\Local\Captcha_Brotherhood
2011-08-17 11:31 . 2011-08-17 12:51 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-17 08:17 . 2011-08-18 04:42 -------- d-----w- c:\users\ell\AppData\Local\iDownloader
2011-08-17 08:17 . 2011-08-17 08:17 -------- d-----w- c:\program files (x86)\iDownloader
2011-08-17 08:17 . 2011-08-17 08:17 -------- d-----w- c:\programdata\iDownloader Limited
2011-08-17 08:10 . 2011-08-17 08:10 -------- d-----w- c:\programdata\Web Installer
2011-08-13 10:59 . 2011-08-13 10:59 -------- d-----w- c:\users\ell\AppData\Local\MySpaces
2011-08-13 10:41 . 2010-11-20 13:27 829440 ----a-w- c:\windows\system32\TSWorkspace.dll
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-08-12 18:17 . 2011-08-12 18:17 -------- d-----w- c:\program files (x86)\Application Updater
2011-08-12 18:16 . 2011-08-12 18:16 -------- d-----w- c:\programdata\YouTube Downloader
2011-08-12 14:10 . 2011-08-12 14:10 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-12 14:08 . 2010-02-04 02:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-08-12 05:58 . 2011-08-12 05:58 -------- d-----w- c:\program files (x86)\DiskInternals
2011-08-12 01:06 . 2011-08-12 13:02 -------- d--h--w- c:\windows\Ubuntu Skin Pack X64
2011-08-11 05:06 . 2011-08-11 05:06 -------- d--h--w- c:\programdata\CanonBJ
2011-08-11 05:06 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-08-10 09:57 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:57 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 02:11 . 2011-08-10 02:11 -------- d-----w- c:\programdata\ALM
2011-08-10 01:05 . 2011-08-10 01:05 -------- d-----w- c:\program files (x86)\MagicISO
2011-08-09 14:27 . 2011-08-09 14:27 -------- d-----w- c:\windows\SysWow64\spool
2011-08-08 17:46 . 2011-07-06 15:14 145008 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-08-08 03:41 . 2011-08-08 03:41 -------- d-----w- c:\program files (x86)\Hibernator
2011-08-06 16:35 . 2011-08-06 17:08 -------- d-----w- c:\users\ell\AppData\Roaming\AVS4YOU
2011-08-06 16:25 . 2011-06-22 03:50 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-08-06 16:25 . 2011-06-22 03:50 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-08-06 16:25 . 2011-08-07 00:49 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-08-06 16:25 . 2011-08-06 16:35 -------- d-----w- c:\programdata\AVS4YOU
2011-08-06 16:25 . 2011-08-06 16:26 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-08-06 16:25 . 2011-06-22 03:51 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-08-06 16:25 . 2011-06-22 03:51 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-06 16:07 . 2011-08-06 16:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-06 05:44 . 2011-08-06 05:44 -------- d-----w- c:\users\ell\AppData\Local\Ahead
2011-08-06 03:27 . 2011-08-06 03:27 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2011-08-06 03:27 . 2011-08-06 03:27 -------- d-----w- c:\program files (x86)\Sigil
2011-08-04 01:56 . 2006-08-20 22:06 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\SSGB1pc.dll
2011-08-04 01:56 . 2006-11-21 03:40 89600 ----a-w- c:\windows\system32\SSGB1ci.dll
2011-08-04 01:56 . 2006-11-20 00:22 151552 ----a-w- c:\windows\system32\SSGB1ci.exe
2011-08-04 01:55 . 2009-03-02 06:12 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-08-04 01:55 . 2009-03-02 06:12 53816 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2011-08-04 01:55 . 2011-08-04 01:55 -------- d-----w- c:\program files (x86)\SAMSUNG
2011-08-04 00:02 . 2011-08-04 00:06 -------- d-----r- c:\program files (x86)\Skype
2011-08-03 15:06 . 2011-08-03 15:06 -------- d-----r- C:\MSOCache
2011-08-03 14:58 . 2011-08-03 14:58 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-03 14:57 . 2011-08-03 14:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-08-03 14:42 . 2011-08-03 14:42 -------- d-----r- c:\users\ell\AppData\Roaming\Brother
2011-08-03 14:31 . 2011-08-03 14:31 -------- d-----w- c:\program files (x86)\Brownie
2011-08-03 14:31 . 2008-10-22 18:30 111928 ------w- c:\windows\SysWow64\BRRBTOOL.EXE
2011-08-03 14:31 . 2007-01-15 18:30 24223 ------w- c:\windows\SysWow64\brlm03a.dll
2011-08-03 14:31 . 2006-12-21 05:53 176128 ------w- c:\windows\SysWow64\BROSNMP.DLL
2011-08-03 14:31 . 2004-08-09 19:12 77824 ------w- c:\windows\SysWow64\brlmw03a.dll
2011-08-03 14:31 . 2011-08-03 14:31 -------- d-----w- c:\program files (x86)\Brother
2011-08-03 14:31 . 2009-05-25 13:44 196608 ------w- c:\windows\SysWow64\Pdrvinst.dll
2011-08-03 14:30 . 2004-04-18 18:12 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Int el32\iKernel.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-13 10:41 . 2011-06-09 10:54 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.tmp
2011-08-13 10:41 . 2011-06-09 10:54 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.tmp
2011-08-12 03:38 . 2011-05-22 10:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-09 00:29 . 2011-01-17 22:03 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-17 00:08 . 2011-07-17 00:39 251392 ----a-w- c:\windows\system\iertutil.dll
2011-07-16 04:26 . 2011-08-10 09:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 10:38 . 2011-07-13 10:38 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-07-06 11:52 . 2011-02-16 08:33 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52 . 2011-02-16 08:33 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 20:34 . 2011-06-23 20:34 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-06-12 14:48 . 2011-06-12 14:48 27648 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2011-06-11 03:07 . 2011-07-13 09:50 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe
[-] 2011-02-25 . 2BF68DB3E5DCEB173685E6763E5FE461 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe
[7] 2011-01-17 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc5 08f19359a007\explorer.exe
[7] 2011-01-17 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46 d6aeac7ca7c7\explorer.exe
[7] 2011-01-17 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff 19b5932d79ae\explorer.exe
[7] 2011-01-17 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84 b558ac4eb41c\explorer.exe
[7] 2011-01-17 . 6D4F9E4B640B413C6F73414327484C80 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_adde a9f19345cd81\explorer.exe
[7] 2011-01-17 . CA17F8620815267DC838E30B68CB5052 . 2868736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b 763cac6d568e\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\explorer.exe
[-] 2010-11-20 . 425F58DDC0729B81477DBAE9A4578C52 . 2637824 . . [6.1.7600.16385] .. c:\windows\Ubuntu Skin Pack X64\Backup\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afda ac81905bf900\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada9 98b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_06.02.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-28 05:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-29 05:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-28 05:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-29 05:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-28 05:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2011-08-29 05:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2011-01-17 22:10 . 2011-08-28 09:16 63194 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-28 09:17 48860 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2011-02-16 03:53 . 2011-08-28 09:17 21694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-153830059-1863615693-2551223645-1001_UserData.bin
- 2011-02-16 02:33 . 2011-08-28 05:08 49152 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-16 02:33 . 2011-08-28 09:13 49152 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-21 12:33 . 2011-08-28 05:08 49152 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-21 12:33 . 2011-08-28 09:13 49152 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-28 09:13 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2011-08-28 05:08 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2011-01-17 23:54 . 2011-08-28 06:13 5457 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-01-17 23:54 . 2011-08-28 05:07 5457 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-08-28 05:08 . 2011-08-28 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-08-28 09:13 . 2011-08-28 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-08-28 09:13 . 2011-08-28 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2011-08-28 05:08 . 2011-08-28 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-02-16 04:07 . 2011-08-28 14:54 500496 c:\windows\system32\wdi\SuspendPerformanceDiagnost ics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-08-28 05:14 667714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-28 09:19 667714 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-28 05:14 126944 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-28 09:19 126944 c:\windows\system32\perfc009.dat
- 2011-08-25 14:57 . 2011-08-28 05:02 774568 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2011-08-25 14:57 . 2011-08-28 06:13 774568 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-08-28 06:13 855728 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-28 05:07 855728 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2011-08-13 10:41 . 2009-07-14 01:26 1297408 c:\windows\system32\comres.dll
- 2011-02-20 12:15 . 2011-08-28 05:07 5695332 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-8192.dat
+ 2011-02-20 12:15 . 2011-08-28 06:13 5695332 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-8192.dat
+ 2011-03-29 02:01 . 2011-08-28 06:13 2517306 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-12288.dat
- 2011-03-29 02:01 . 2011-08-26 13:37 2517306 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-153830059-1863615693-2551223645-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC7}]
2011-08-16 08:37 1358448 ----a-w- c:\program files (x86)\iDownloader\iDownloaderBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"USB Safely Remove"="e:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-28 1239040]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
Refresh.lnk - c:\windows\Lion Skin Pack x64\Tools\Refresh.cmd [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-29 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 04:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.s ys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;e:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpc iflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-03-05 16896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.s ys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;e:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 539032]
S2 VBoxDrv;VBox Support Driver;e:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2010-07-15 203864]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.s ys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndis rd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 556544 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\Facebook\Update\Faceboo kUpdate.exe [2011-07-06 03:41]
.
2011-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\Facebook\Update\Faceboo kUpdate.exe [2011-07-06 03:41]
.
2011-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\Google\Update\GoogleUpd ate.exe [2011-08-03 14:05]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\Google\Update\GoogleUpd ate.exe [2011-08-03 14:05]
.
2011-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 07:47]
.
2011-08-28 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001Core.job
- c:\users\ell\AppData\Local\RockMelt\Update\RockMel tUpdate.exe [2011-06-15 00:07]
.
2011-08-29 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-153830059-1863615693-2551223645-1001UA.job
- c:\users\ell\AppData\Local\RockMelt\Update\RockMel tUpdate.exe [2011-06-15 00:07]
.
2011-08-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 07:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-09-02 415256]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-23 312936]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-28F378FEA264}"= "c:\program files\OneUpIndustries\Bins\v0.9.8.188\TaskbarDockL oader64.dll" [2011-06-26 587264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10211&bi=400
mStart Page = hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download with iDownloader - c:\program files (x86)\iDownloader\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\14355535: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E4540204023556 3627564702255636960756: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\3747275616D6978702A5F4E454020402B464 34: NameServer = 202.188.0.133
TCP: Interfaces\{6A3BC3C6-4378-4C32-81ED-7BEAB7762978}\4557E65684F64756C637: NameServer = 202.188.0.133
TCP: Interfaces\{B4405618-1190-43A7-BD63-B332AC4E8BE1}: NameServer = 202.188.0.133
TCP: Interfaces\{E1B89A9C-BDB4-4F0D-95EC-01AD6454B894}: NameServer = 202.188.0.133
FF - ProfilePath - c:\users\ell\AppData\Roaming\Mozilla\Firefox\Profi les\mo783nd6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/lionskin/{D4855649-D6F0-49EC-94FF-D1CB60D36AA2}?q=
FF - prefs.js: network.proxy.ftp - 172.17.0.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.17.0.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.17.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.17.0.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.17.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\P CDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-29 14:37:27
ComboFix-quarantined-files.txt 2011-08-29 06:37
ComboFix2.txt 2011-08-28 18:58
ComboFix3.txt 2011-08-28 06:06
.
Pre-Run: 3,960,213,504 bytes free
Post-Run: 4,551,155,712 bytes free
.
- - End Of File - - A0972A2392E7F6F5044CB2AB45DFA547

need help in checking for virus issues

need help in checking for virus issues

Similar Threads

Can u check my computer for virus issues or any security issues (7)

[Closed] can u check my computer for virus issues or any security issues

Post-virus issues

Major virus issues, please help!

License Checking Issues