Unsolved
This post is more than 5 years old
20 Posts
0
4082
Error code 80073EFE, unable to Update windows and browser problems.
Hello,
I am unable to update windows and whenever I use Google Chrome some webpages dont load or load incorrectly.
Thank you in advance for any help you can give me.
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:10:46, on 17/07/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 9427 bytes
kevinf80_1d0ac6
1.1K Posts
0
July 17th, 2011 14:00
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE
Please proceed as follows :-
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-
Link 1
Link 2
Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
**** Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.
*EXTRA NOTES*
Post the log in next reply please...
Kevin
RTitans
20 Posts
0
July 17th, 2011 15:00
Thank you for your help and the quick response.
here is combo fix log:
ComboFix 11-07-17.03 - Ross 17/07/2011 22:18:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4055.2698 [GMT 1:00]
Running from: c:\users\Ross\Desktop\Gotcha.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 21:32 . 2011-07-17 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 21:12 . 2011-07-17 21:14 -------- d-----w- C:\Gotcha
2011-07-17 06:35 . 2011-07-17 06:35 -------- d-----w- c:\program files\BatteryBar
2011-07-17 03:07 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D569DAA2-641A-4838-A5AD-6FFD2ACA19A3}\mpengine.dll
2011-07-17 00:32 . 2011-07-17 00:32 -------- d-----w- c:\program files (x86)\ESET
2011-07-17 00:27 . 2011-07-17 00:27 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-15 15:43 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-07-15 15:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\ca-ES
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\eu-ES
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\vi-VN
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\ca-ES
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\eu-ES
2011-07-15 15:13 . 2011-07-15 15:13 -------- d-----w- c:\windows\system32\vi-VN
2011-07-15 14:45 . 2011-07-15 14:45 -------- d-----w- c:\windows\system32\EventProviders
2011-07-15 14:42 . 2009-04-11 07:11 796672 ----a-w- c:\windows\system32\mssvp.dll
2011-07-15 14:40 . 2009-04-11 07:11 622592 ----a-w- c:\windows\system32\WMVXENCD.DLL
2011-07-15 14:39 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-07-15 14:39 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll
2011-07-15 14:39 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll
2011-07-15 14:39 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll
2011-07-15 14:39 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-15 14:39 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll
2011-07-15 14:39 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-07-15 14:39 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-15 14:39 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-07-15 14:39 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-15 14:38 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll
2011-07-15 14:38 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-15 14:38 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll
2011-07-15 01:50 . 2011-07-15 01:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-07-15 01:49 . 2011-07-15 15:35 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-07-15 01:49 . 2011-07-15 01:49 -------- d-----w- c:\windows\PCHEALTH
2011-07-15 01:46 . 2011-07-15 01:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-07-15 01:44 . 2011-07-15 01:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----r- C:\MSOCache
2011-07-14 22:03 . 2011-07-14 22:05 -------- d-----w- c:\program files (x86)\Auslogics
2011-07-14 21:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\programdata\Malwarebytes
2011-07-14 21:39 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-14 21:39 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-14 05:23 . 2011-07-14 05:24 -------- d-----w- c:\program files (x86)\PowerISO
2011-07-14 05:23 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-07-13 22:04 . 2011-07-13 23:21 -------- d-----w- c:\program files (x86)\JDownloader
2011-07-13 21:37 . 2011-07-13 21:37 -------- d-----w- c:\program files (x86)\PC SleepTimer
2011-07-13 21:35 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-13 21:33 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-07-13 21:33 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll
2011-07-13 21:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2011-07-13 21:33 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-13 21:33 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll
2011-07-13 21:33 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-13 21:33 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-07-13 21:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2011-07-13 19:14 . 2011-07-13 19:14 -------- d-----w- c:\program files\7-Zip
2011-07-13 19:04 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-13 19:01 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll
2011-07-13 19:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-07-13 19:00 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys
2011-07-13 19:00 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll
2011-07-13 19:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-07-13 18:53 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-07-13 18:53 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-07-13 18:53 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-13 18:53 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-07-13 18:53 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-13 18:53 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-07-13 18:53 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-07-13 18:53 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-13 18:53 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-13 18:53 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-13 18:29 . 2011-07-13 19:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-13 18:29 . 2011-07-17 21:37 -------- d-----w- c:\program files (x86)\Steam
2011-07-13 15:32 . 2011-07-13 15:32 -------- d-----w- c:\windows\SMINST
2011-07-13 09:32 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-07-13 09:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-07-13 09:32 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-13 09:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-13 09:32 . 2010-05-15 15:30 453720 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\program files (x86)\Zone Labs
2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\programdata\CheckPoint
2011-07-13 09:32 . 2011-07-17 21:36 -------- d-----w- c:\windows\Internet Logs
2011-07-13 09:27 . 2011-07-13 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2011-07-13 09:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs
2011-07-13 09:02 . 2009-06-10 11:52 3547136 ----a-w- c:\windows\system32\mf.dll
2011-07-13 09:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll
2011-07-13 09:00 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll
2011-07-13 08:55 . 2010-01-25 12:08 460288 ----a-w- c:\windows\system32\msdrm.dll
2011-07-13 08:54 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi
2011-07-13 08:53 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-07-13 08:52 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-13 08:52 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-13 08:52 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-13 08:52 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-07-13 08:52 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-13 08:52 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-13 08:52 . 2010-08-26 17:46 189952 ----a-w- c:\windows\system32\t2embed.dll
2011-07-13 08:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-07-13 08:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 08:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 08:51 . 2010-08-31 15:46 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-07-13 08:51 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-07-13 08:51 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2011-07-13 08:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll
2011-07-13 08:51 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-07-13 08:51 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-07-13 08:51 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb
2011-07-13 08:51 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb
2011-07-13 08:51 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-13 08:51 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-07-13 08:51 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll
2011-07-13 08:50 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-07-13 08:50 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-07-13 08:50 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-07-13 08:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-07-13 08:47 . 2009-06-15 15:11 656896 ----a-w- c:\windows\system32\kerberos.dll
2011-07-13 08:46 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-13 08:46 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-13 08:44 . 2009-06-10 11:53 203264 ----a-w- c:\windows\system32\wkssvc.dll
2011-07-13 08:44 . 2010-01-29 16:03 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-07-13 08:44 . 2010-01-29 15:40 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-07-13 08:44 . 2010-01-21 15:05 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm
2011-07-13 08:44 . 2010-01-21 15:37 72192 ----a-w- c:\windows\system32\l3codeca.acm
2011-07-13 08:44 . 2009-04-11 07:09 181760 ----a-w- c:\windows\system32\l3codecp.acm
2011-07-13 08:44 . 2009-04-11 06:27 220672 ----a-w- c:\windows\SysWow64\l3codecp.acm
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 14:25 . 2011-04-27 14:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-07-13 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BatteryBar.lnk - c:\program files\BatteryBar\BatteryBar.exe [2011-6-11 69632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000Core.job
- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000UA.job
- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2011-07-17 22:44:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-17 21:44
.
Pre-Run: 120,928,473,088 bytes free
Post-Run: 120,855,711,744 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 6B5FABEAF26193A3E2A096B5D20C6015
kevinf80_1d0ac6
1.1K Posts
0
July 18th, 2011 02:00
Thanks for the log, run the following :-
Please read carefully and follow these steps.
Let me see he log in next reply,
Kevin
RTitans
20 Posts
0
July 18th, 2011 02:00
Here is the TDSSKiller Log:
2011/07/18 09:54:39.0368 0644 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/18 09:54:40.0632 0644 ================================================================================
2011/07/18 09:54:40.0632 0644 SystemInfo:
2011/07/18 09:54:40.0632 0644
2011/07/18 09:54:40.0632 0644 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/18 09:54:40.0632 0644 Product type: Workstation
2011/07/18 09:54:40.0632 0644 ComputerName: ROSS-PC
2011/07/18 09:54:40.0632 0644 UserName: Ross
2011/07/18 09:54:40.0647 0644 Windows directory: C:\Windows
2011/07/18 09:54:40.0647 0644 System windows directory: C:\Windows
2011/07/18 09:54:40.0647 0644 Running under WOW64
2011/07/18 09:54:40.0647 0644 Processor architecture: Intel x64
2011/07/18 09:54:40.0647 0644 Number of processors: 2
2011/07/18 09:54:40.0647 0644 Page size: 0x1000
2011/07/18 09:54:40.0647 0644 Boot type: Normal boot
2011/07/18 09:54:40.0647 0644 ================================================================================
2011/07/18 09:54:41.0474 0644 Initialize success
2011/07/18 09:54:43.0861 1404 ================================================================================
2011/07/18 09:54:43.0861 1404 Scan started
2011/07/18 09:54:43.0861 1404 Mode: Manual;
2011/07/18 09:54:43.0861 1404 ================================================================================
2011/07/18 09:54:44.0610 1404 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/18 09:54:44.0766 1404 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/07/18 09:54:45.0000 1404 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/07/18 09:54:45.0031 1404 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/07/18 09:54:45.0078 1404 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/07/18 09:54:45.0546 1404 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/18 09:54:45.0686 1404 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/07/18 09:54:45.0811 1404 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/18 09:54:45.0920 1404 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/07/18 09:54:46.0014 1404 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/07/18 09:54:46.0107 1404 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/07/18 09:54:46.0216 1404 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/18 09:54:46.0341 1404 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/07/18 09:54:46.0482 1404 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/07/18 09:54:46.0560 1404 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/18 09:54:46.0669 1404 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
2011/07/18 09:54:46.0794 1404 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/18 09:54:46.0950 1404 BCM43XX (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/18 09:54:47.0152 1404 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/07/18 09:54:47.0293 1404 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/18 09:54:47.0402 1404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/18 09:54:47.0433 1404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/18 09:54:47.0542 1404 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/18 09:54:47.0636 1404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/18 09:54:47.0745 1404 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/18 09:54:47.0886 1404 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/18 09:54:47.0979 1404 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/18 09:54:48.0073 1404 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/18 09:54:48.0166 1404 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/18 09:54:48.0307 1404 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/07/18 09:54:48.0400 1404 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/18 09:54:48.0541 1404 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/18 09:54:48.0572 1404 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/07/18 09:54:48.0681 1404 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/18 09:54:48.0790 1404 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/18 09:54:48.0915 1404 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/18 09:54:49.0040 1404 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/18 09:54:49.0212 1404 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/18 09:54:49.0336 1404 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/18 09:54:49.0446 1404 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/07/18 09:54:49.0555 1404 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/18 09:54:49.0648 1404 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/18 09:54:49.0773 1404 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/07/18 09:54:49.0867 1404 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/07/18 09:54:49.0992 1404 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/18 09:54:50.0101 1404 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/18 09:54:50.0132 1404 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/18 09:54:50.0241 1404 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/18 09:54:50.0319 1404 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/18 09:54:50.0413 1404 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/18 09:54:50.0506 1404 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/18 09:54:50.0569 1404 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/18 09:54:50.0662 1404 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/18 09:54:50.0787 1404 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/18 09:54:50.0896 1404 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/18 09:54:50.0974 1404 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/07/18 09:54:51.0068 1404 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/18 09:54:51.0177 1404 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/07/18 09:54:51.0271 1404 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/18 09:54:51.0411 1404 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/07/18 09:54:51.0505 1404 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/18 09:54:51.0630 1404 iaStor (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\drivers\iastor.sys
2011/07/18 09:54:51.0723 1404 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/07/18 09:54:52.0051 1404 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/18 09:54:52.0332 1404 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/18 09:54:52.0441 1404 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/07/18 09:54:52.0456 1404 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/18 09:54:52.0566 1404 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/18 09:54:52.0690 1404 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/18 09:54:52.0800 1404 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/18 09:54:52.0893 1404 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/18 09:54:53.0002 1404 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/07/18 09:54:53.0112 1404 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/18 09:54:53.0205 1404 ISWKL (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/07/18 09:54:53.0330 1404 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/18 09:54:53.0424 1404 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/18 09:54:53.0517 1404 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/18 09:54:53.0595 1404 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/18 09:54:53.0689 1404 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/18 09:54:53.0814 1404 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/18 09:54:53.0923 1404 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/18 09:54:54.0032 1404 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/18 09:54:54.0126 1404 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/18 09:54:54.0235 1404 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/18 09:54:54.0313 1404 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/18 09:54:54.0406 1404 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/07/18 09:54:54.0500 1404 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/07/18 09:54:54.0625 1404 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/18 09:54:54.0734 1404 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/18 09:54:54.0843 1404 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/18 09:54:54.0921 1404 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/18 09:54:55.0015 1404 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/18 09:54:55.0093 1404 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/18 09:54:55.0202 1404 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/07/18 09:54:55.0296 1404 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/18 09:54:55.0374 1404 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/18 09:54:55.0467 1404 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/18 09:54:55.0576 1404 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/18 09:54:55.0670 1404 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/18 09:54:55.0748 1404 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/18 09:54:55.0873 1404 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/18 09:54:55.0951 1404 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/07/18 09:54:56.0044 1404 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/07/18 09:54:56.0154 1404 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/18 09:54:56.0247 1404 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/18 09:54:56.0356 1404 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/18 09:54:56.0497 1404 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/18 09:54:56.0606 1404 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/18 09:54:56.0715 1404 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/18 09:54:56.0824 1404 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/18 09:54:56.0856 1404 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/18 09:54:56.0965 1404 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/18 09:54:57.0090 1404 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/18 09:54:57.0230 1404 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/18 09:54:57.0324 1404 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/18 09:54:57.0402 1404 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/18 09:54:57.0511 1404 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/18 09:54:57.0604 1404 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/18 09:54:57.0682 1404 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/18 09:54:57.0792 1404 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/18 09:54:57.0870 1404 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/18 09:54:57.0948 1404 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/18 09:54:58.0072 1404 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/18 09:54:58.0119 1404 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/18 09:54:58.0275 1404 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/18 09:54:58.0369 1404 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/18 09:54:58.0462 1404 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/07/18 09:54:58.0556 1404 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/07/18 09:54:58.0650 1404 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/07/18 09:54:58.0837 1404 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/07/18 09:54:58.0993 1404 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/18 09:54:59.0102 1404 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/18 09:54:59.0149 1404 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/18 09:54:59.0242 1404 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/07/18 09:54:59.0336 1404 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/18 09:54:59.0445 1404 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/18 09:54:59.0632 1404 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/18 09:54:59.0726 1404 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/07/18 09:54:59.0882 1404 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/18 09:54:59.0991 1404 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/18 09:55:00.0100 1404 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/07/18 09:55:00.0194 1404 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/18 09:55:00.0288 1404 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/18 09:55:00.0444 1404 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/18 09:55:00.0584 1404 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/18 09:55:00.0678 1404 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/18 09:55:00.0724 1404 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/18 09:55:00.0802 1404 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/18 09:55:00.0880 1404 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/18 09:55:00.0974 1404 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/18 09:55:01.0114 1404 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/07/18 09:55:01.0208 1404 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/18 09:55:01.0317 1404 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/18 09:55:01.0458 1404 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/18 09:55:01.0536 1404 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/07/18 09:55:01.0645 1404 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/18 09:55:01.0738 1404 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/18 09:55:01.0910 1404 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/18 09:55:02.0019 1404 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/18 09:55:02.0113 1404 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/18 09:55:02.0191 1404 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/18 09:55:02.0331 1404 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/07/18 09:55:02.0425 1404 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/18 09:55:02.0503 1404 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/18 09:55:02.0596 1404 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/18 09:55:02.0706 1404 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/07/18 09:55:02.0799 1404 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/07/18 09:55:02.0924 1404 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/18 09:55:03.0049 1404 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/18 09:55:03.0158 1404 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/18 09:55:03.0252 1404 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/18 09:55:03.0330 1404 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/18 09:55:03.0470 1404 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/18 09:55:03.0595 1404 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/18 09:55:03.0704 1404 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/18 09:55:03.0798 1404 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/18 09:55:03.0876 1404 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/18 09:55:04.0000 1404 Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
2011/07/18 09:55:04.0125 1404 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/18 09:55:04.0219 1404 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/18 09:55:04.0312 1404 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/18 09:55:04.0406 1404 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/18 09:55:04.0515 1404 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/18 09:55:04.0624 1404 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/18 09:55:04.0765 1404 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/18 09:55:04.0858 1404 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/18 09:55:04.0983 1404 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/18 09:55:05.0061 1404 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/07/18 09:55:05.0186 1404 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/18 09:55:05.0311 1404 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/18 09:55:05.0404 1404 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/07/18 09:55:05.0498 1404 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/18 09:55:05.0592 1404 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/18 09:55:05.0670 1404 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/18 09:55:05.0779 1404 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/18 09:55:05.0904 1404 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/18 09:55:06.0028 1404 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/18 09:55:06.0106 1404 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/18 09:55:06.0216 1404 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/07/18 09:55:06.0309 1404 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/07/18 09:55:06.0372 1404 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/18 09:55:06.0496 1404 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/18 09:55:06.0621 1404 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/18 09:55:06.0715 1404 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/18 09:55:06.0746 1404 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/07/18 09:55:06.0871 1404 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/18 09:55:06.0949 1404 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/18 09:55:07.0105 1404 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/18 09:55:07.0198 1404 Vsdatant (f3099c3d724816493df8bbc5168f81cd) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/07/18 09:55:07.0354 1404 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/07/18 09:55:07.0479 1404 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/18 09:55:07.0588 1404 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/18 09:55:07.0620 1404 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/18 09:55:07.0729 1404 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/07/18 09:55:07.0838 1404 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/18 09:55:08.0025 1404 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/18 09:55:08.0181 1404 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/18 09:55:08.0290 1404 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/18 09:55:08.0400 1404 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/07/18 09:55:08.0446 1404 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/18 09:55:08.0478 1404 Boot (0x1200) (e7d520ac42f006b606fa67a86d2be6f8) \Device\Harddisk0\DR0\Partition0
2011/07/18 09:55:08.0493 1404 Boot (0x1200) (fd0f3cdc31c462c926452028b0ff961e) \Device\Harddisk0\DR0\Partition1
2011/07/18 09:55:08.0509 1404 ================================================================================
2011/07/18 09:55:08.0509 1404 Scan finished
2011/07/18 09:55:08.0509 1404 ================================================================================
2011/07/18 09:55:08.0509 3992 Detected object count: 0
2011/07/18 09:55:08.0509 3992 Actual detected object count: 0
kevinf80_1d0ac6
1.1K Posts
0
July 18th, 2011 03:00
Not seeing anything really conclusive in your logs, OK continue as follows please :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in between the dotted lines below into it:
---------------------------------------------------------------------------------------------------------------------------------
KillAll::
FixCset::
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
---------------------------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.
Also be aware this scan can take between one and several hours to complete depending on the size of your system.
ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".
Let me see those two logs in next reply,also give update on current issues/concerns....
Kevin
RTitans
20 Posts
0
July 18th, 2011 19:00
I am still unable to update windows due to error code 80073EFE. When browsing on the internet pages are not loading properly or not at all and pictures are distorted also my system is slower than usual. here are the logs:
ComboFix 11-07-17.03 - Ross 18/07/2011 11:10:35.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4055.2669 [GMT 1:00]
Running from: c:\users\Ross\Desktop\Gotcha.exe
Command switches used :: c:\users\Ross\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-18 10:21 . 2011-07-18 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 21:45 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4A176AF-875F-4E4F-B5D4-AD85BF27CD8A}\mpengine.dll
2011-07-17 21:12 . 2011-07-17 21:14 -------- d-----w- C:\Gotcha
2011-07-17 06:35 . 2011-07-17 21:59 -------- d-----w- c:\program files\BatteryBar
2011-07-17 00:32 . 2011-07-17 00:32 -------- d-----w- c:\program files (x86)\ESET
2011-07-17 00:27 . 2011-07-17 00:27 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-15 15:43 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-07-15 15:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\ca-ES
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\eu-ES
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\vi-VN
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\ca-ES
2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\eu-ES
2011-07-15 15:13 . 2011-07-15 15:13 -------- d-----w- c:\windows\system32\vi-VN
2011-07-15 14:45 . 2011-07-15 14:45 -------- d-----w- c:\windows\system32\EventProviders
2011-07-15 14:42 . 2009-04-11 07:11 796672 ----a-w- c:\windows\system32\mssvp.dll
2011-07-15 14:40 . 2009-04-11 07:11 622592 ----a-w- c:\windows\system32\WMVXENCD.DLL
2011-07-15 14:39 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-07-15 14:39 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll
2011-07-15 14:39 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll
2011-07-15 14:39 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll
2011-07-15 14:39 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-07-15 14:39 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll
2011-07-15 14:39 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-07-15 14:39 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-15 14:39 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-07-15 14:39 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-15 14:38 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll
2011-07-15 14:38 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-15 14:38 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll
2011-07-15 01:50 . 2011-07-15 01:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-07-15 01:49 . 2011-07-15 15:35 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-07-15 01:49 . 2011-07-15 01:49 -------- d-----w- c:\windows\PCHEALTH
2011-07-15 01:46 . 2011-07-15 01:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-07-15 01:44 . 2011-07-15 01:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----r- C:\MSOCache
2011-07-14 22:03 . 2011-07-14 22:05 -------- d-----w- c:\program files (x86)\Auslogics
2011-07-14 21:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\programdata\Malwarebytes
2011-07-14 21:39 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-14 21:39 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-14 05:23 . 2011-07-14 05:24 -------- d-----w- c:\program files (x86)\PowerISO
2011-07-14 05:23 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-07-13 22:04 . 2011-07-13 23:21 -------- d-----w- c:\program files (x86)\JDownloader
2011-07-13 21:37 . 2011-07-13 21:37 -------- d-----w- c:\program files (x86)\PC SleepTimer
2011-07-13 21:35 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-13 21:33 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-07-13 21:33 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll
2011-07-13 21:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2011-07-13 21:33 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-13 21:33 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll
2011-07-13 21:33 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-13 21:33 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-07-13 21:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2011-07-13 19:14 . 2011-07-13 19:14 -------- d-----w- c:\program files\7-Zip
2011-07-13 19:04 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-13 19:01 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll
2011-07-13 19:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2011-07-13 19:00 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys
2011-07-13 19:00 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll
2011-07-13 19:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll
2011-07-13 18:53 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-07-13 18:53 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-07-13 18:53 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-13 18:53 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-07-13 18:53 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-13 18:53 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-07-13 18:53 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-07-13 18:53 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-13 18:53 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-13 18:53 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-13 18:29 . 2011-07-13 19:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-13 18:29 . 2011-07-18 10:23 -------- d-----w- c:\program files (x86)\Steam
2011-07-13 15:32 . 2011-07-13 15:32 -------- d-----w- c:\windows\SMINST
2011-07-13 09:32 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-07-13 09:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-07-13 09:32 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-13 09:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-13 09:32 . 2010-05-15 15:30 453720 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\program files (x86)\Zone Labs
2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\programdata\CheckPoint
2011-07-13 09:32 . 2011-07-18 10:23 -------- d-----w- c:\windows\Internet Logs
2011-07-13 09:27 . 2011-07-13 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2011-07-13 09:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs
2011-07-13 09:02 . 2009-06-10 11:52 3547136 ----a-w- c:\windows\system32\mf.dll
2011-07-13 09:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll
2011-07-13 09:00 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll
2011-07-13 08:55 . 2010-01-25 12:08 460288 ----a-w- c:\windows\system32\msdrm.dll
2011-07-13 08:54 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi
2011-07-13 08:53 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-07-13 08:52 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-13 08:52 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-13 08:52 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-13 08:52 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-07-13 08:52 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-13 08:52 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-13 08:52 . 2010-08-26 17:46 189952 ----a-w- c:\windows\system32\t2embed.dll
2011-07-13 08:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-07-13 08:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 08:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 08:51 . 2010-08-31 15:46 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-07-13 08:51 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-07-13 08:51 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2011-07-13 08:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll
2011-07-13 08:51 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-07-13 08:51 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-07-13 08:51 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb
2011-07-13 08:51 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb
2011-07-13 08:51 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-13 08:51 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-07-13 08:51 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll
2011-07-13 08:50 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-07-13 08:50 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-07-13 08:50 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-07-13 08:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-07-13 08:47 . 2009-06-15 15:11 656896 ----a-w- c:\windows\system32\kerberos.dll
2011-07-13 08:46 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-13 08:46 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-13 08:44 . 2009-06-10 11:53 203264 ----a-w- c:\windows\system32\wkssvc.dll
2011-07-13 08:44 . 2010-01-29 16:03 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-07-13 08:44 . 2010-01-29 15:40 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-07-13 08:44 . 2010-01-21 15:05 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm
2011-07-13 08:44 . 2010-01-21 15:37 72192 ----a-w- c:\windows\system32\l3codeca.acm
2011-07-13 08:44 . 2009-04-11 07:09 181760 ----a-w- c:\windows\system32\l3codecp.acm
2011-07-13 08:44 . 2009-04-11 06:27 220672 ----a-w- c:\windows\SysWow64\l3codecp.acm
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 14:25 . 2011-04-27 14:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-17_21.36.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-07-17 21:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-07-18 10:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-07-17 21:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-18 10:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-17 21:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-18 10:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-07-18 10:24 44976 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-07-18 10:24 66846 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-09-01 14:11 . 2011-07-17 20:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-01 14:11 . 2011-07-18 01:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-01 19:58 . 2011-07-18 01:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-01 19:58 . 2011-07-17 20:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-01 19:58 . 2011-07-17 20:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-01 19:58 . 2011-07-18 01:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-13 06:57 . 2011-07-18 10:24 5192 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-96148779-2948309731-3870321898-1000_UserData.bin
+ 2011-07-18 10:22 . 2011-07-18 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-17 21:33 . 2011-07-17 21:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-18 10:22 . 2011-07-18 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-17 21:33 . 2011-07-17 21:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-13 18:19 . 2011-07-18 09:39 200492 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-07-17 21:14 611296 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-07-18 10:08 611296 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-07-17 21:14 109672 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-07-18 10:08 109672 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-07-13 1242448]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BatteryBar.lnk - c:\program files\BatteryBar\BatteryBar.exe [2011-6-11 69632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000Core.job
- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000UA.job
- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-07-18 11:42:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-18 10:42
ComboFix2.txt 2011-07-17 21:44
.
Pre-Run: 113,504,993,280 bytes free
Post-Run: 112,591,646,720 bytes free
.
- - End Of File - - 467779AE0787B8CAD75DCC3C32BD82F3
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=36882
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=b031edb61e34f54499eb9c7a71e127d2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-19 01:10:07
# local_time=2011-07-19 02:10:07 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 45 110149648 148554935 0 0
# compatibility_mode=8192 67108863 100 0 739 739 0 0
# compatibility_mode=9217 16777214 75 70 481299 10628341 0 0
# scanned=161809
# found=0
# cleaned=0
# scan_time=6778
kevinf80_1d0ac6
1.1K Posts
0
July 19th, 2011 00:00
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
Kevin
RTitans
20 Posts
0
July 19th, 2011 02:00
How do I attach a file to a post?
Here is the aswMBR log:
aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-19 08:44:47
-----------------------------
08:44:47.448 OS Version: Windows x64 6.0.6002 Service Pack 2
08:44:47.449 Number of processors: 2 586 0x170A
08:44:47.449 ComputerName: ROSS-PC UserName: Ross
08:44:50.236 Initialize success
08:49:51.850 AVAST engine defs: 11071801
08:51:14.839 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:51:14.842 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
08:51:14.866 Disk 0 MBR read successfully
08:51:14.869 Disk 0 MBR scan
08:51:14.876 Disk 0 unknown MBR code
08:51:14.880 Service scanning
08:51:16.568 Disk 0 trace - called modules:
08:51:16.610 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
08:51:16.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006096790]
08:51:16.618 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045c7050]
08:51:17.481 AVAST engine scan C:\Windows
08:51:22.114 AVAST engine scan C:\Windows\system32
08:54:22.733 AVAST engine scan C:\Windows\system32\drivers
08:54:39.090 AVAST engine scan C:\Users\Ross
08:56:17.191 Disk 0 MBR has been saved successfully to "C:\Users\Ross\Desktop\MBR.dat"
08:56:17.207 The log file has been saved successfully to "C:\Users\Ross\Desktop\aswMBR.txt"
RTitans
20 Posts
0
July 19th, 2011 04:00
Is this what you needed?
Antivirus Version Last Update Result
AhnLab-V3 2011.07.19.02 2011.07.19 -
AntiVir 7.11.11.208 2011.07.19 -
Antiy-AVL 2.0.3.7 2011.07.15 -
Avast 4.8.1351.0 2011.07.19 -
Avast5 5.0.677.0 2011.07.19 -
AVG 10.0.0.1190 2011.07.19 -
BitDefender 7.2 2011.07.19 -
CAT-QuickHeal 11.00 2011.07.19 -
ClamAV 0.97.0.0 2011.07.19 -
Commtouch 5.3.2.6 2011.07.19 -
Comodo 9429 2011.07.19 -
DrWeb 5.0.2.03300 2011.07.19 -
Emsisoft 5.1.0.8 2011.07.19 -
eSafe 7.0.17.0 2011.07.18 -
eTrust-Vet 36.1.8450 2011.07.18 -
F-Prot 4.6.2.117 2011.07.18 -
F-Secure 9.0.16440.0 2011.07.19 -
Fortinet 4.2.257.0 2011.07.19 -
GData 22 2011.07.19 -
Ikarus T3.1.1.104.0 2011.07.19 -
Jiangmin 13.0.900 2011.07.18 -
K7AntiVirus 9.108.4919 2011.07.18 -
Kaspersky 9.0.0.837 2011.07.19 -
McAfee 5.400.0.1158 2011.07.19 -
McAfee-GW-Edition 2010.1D 2011.07.19 -
Microsoft 1.7000 2011.07.19 -
NOD32 6306 2011.07.19 -
Norman 6.07.10 2011.07.18 -
nProtect 2011-07-19.01 2011.07.19 -
Panda 10.0.3.5 2011.07.18 -
PCTools 8.0.0.5 2011.07.13 -
Prevx 3.0 2011.07.19 -
Rising 23.67.01.05 2011.07.19 -
Sophos 4.67.0 2011.07.19 -
SUPERAntiSpyware 4.40.0.1006 2011.07.19 -
Symantec 20111.1.0.186 2011.07.19 -
TheHacker 6.7.0.1.257 2011.07.18 -
TrendMicro 9.200.0.1012 2011.07.19 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.19 -
VBA32 3.12.16.4 2011.07.19 -
VIPRE 9901 2011.07.19 -
ViRobot 2011.7.19.4577 2011.07.19 -
VirusBuster 14.0.129.0 2011.07.18 -
Additional informationShow all
MD5 : ab3f08b6fb75a4105063923d10231325
SHA1 : 7b26425621b27a77d419a0d511bb7671f8719efa
SHA256: a9943bc8b97014ac2512e0f08e94a2429d80fcc807433ecd44b7bc7433acc74e
ssdeep: 12:ch10l6lc1EBKMwTBlBRWyStYcWLT8+lvlhs:ch10lOExMwTBdFjvJlvs
File size : 512 bytes
First seen: 2011-07-19 10:34:19
Last seen : 2011-07-19 10:34:19
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
kevinf80_1d0ac6
1.1K Posts
0
July 19th, 2011 04:00
To be honest i`m not sure how you attach a file on these forums, no problem. You can upload the MBR.dat file for analysis yourself..
Upload a File to Virustotal
Please visit Virustotal
Kevin
kevinf80_1d0ac6
1.1K Posts
0
July 19th, 2011 15:00
This is proving very difficult to find, OK lets try a different scan,
Your system will re-boot and the scan will commence, allow it to completed.
You will see the following if nothing is found:
If an infection is found, follow the prompts and let me know how you get on.
RTitans
20 Posts
0
July 19th, 2011 20:00
After running the scan a box came up saying nothing had been found. I have just rechecked widows update and it seems to be allowing me to update, should I update or leave it?. However, all other problems remain the same
Ross.
kevinf80_1d0ac6
1.1K Posts
0
July 20th, 2011 02:00
Yes allow the updates from Windows, does the issue you mention with Chrome happen with any other browser? if not re-install Chrome and see how it responds....
Kevin
RTitans
20 Posts
0
July 20th, 2011 03:00
I get the same problems in IE. I reinstalled chrome and the same problems returned.
Ross
kevinf80_1d0ac6
1.1K Posts
0
July 20th, 2011 14:00
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.