Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: skilz853 on May 20, 2011, 11:52:15 AM
-
I'm running Windows 7 64 bit. When I got up this morning a program (WinMHR) that scans processes and files for malware, reported 4 copies of explorer.exe as infected. I always thought there should only be one copy of it. I also did a search for explorer.exe in Everything. Here's a screenshot: http://clip2net.com/page/m80407/14047998. I actually shows 20 copies of it. I was running an online backup with Digital Lifeboat that I was concerned about, so I rolled back with Rollback Rx hoping to remove these copies of explorer.exe, thinking Lifeboat had something to do with them being there. After rollback, they're still there and that's why I'm posting this.
Here is a hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:57 PM, on 5/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CleanMem\mini_monitor.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Program Files (x86)\Clip2Net\clip2net.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\CX\Launcher.exe
C:\Program Files (x86)\Shield\shieldtray.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\WinMHR\WinMHR.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [shield] C:\Program Files (x86)\Shield\shieldtray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Clip2Net] C:\Program Files (x86)\Clip2Net\clip2net.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMHR] C:\Program Files (x86)\WinMHR\WinMHR.exe /minimize
O4 - HKCU\..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CX.lnk = C:\Program Files (x86)\CX\Launcher.exe
O4 - Startup: NetworkIndicator.exe
O4 - Startup: OpenVPN GUI.lnk = C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - Startup: ToolBox.lnk = C:\Program Files (x86)\ToolBox\toolbox.exe
O4 - Global Startup: Gladinet Cloud Desktop.lnk = C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GladFileMonSvc - Gladinet, INC - C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: SHDSERV - Unknown owner - C:\Program Files (x86)\Shield\shdserv.exe
O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files (x86)\Shield\shieldclnt.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11427 bytes
Hope someone can confirm that these copies of explorer.exe should be there or not and how they may have gotten there in the first place.
Thanks,
skilz853
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
-
Hey Dave, thanks for your help. Here's the logs from SAS and Mbam. I'll download and post the log from DDS next.
SAS:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/20/2011 at 04:49 PM
Application Version : 4.52.1000
Core Rules Database Version : 7101
Trace Rules Database Version: 4913
Scan type : Complete Scan
Total Scan Time : 01:25:33
Memory items scanned : 712
Memory threats detected : 0
Registry items scanned : 11869
Registry threats detected : 0
File items scanned : 112230
File threats detected : 3
Adware.Tracking Cookie
C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Cookies\harry@media6degrees[2].txt
C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Cookies\harry@insightexpressai[2].txt
C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Cookies\harry@invitemedia[1].txt
Mbam:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6628
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
5/20/2011 3:01:16 PM
mbam-log-2011-05-20 (15-01-16).txt
Scan type: Full scan (C:\|)
Objects scanned: 265400
Time elapsed: 47 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also here's a screenshot of WinMHR that detected the malware: http://clip2net.com/clip/m80407/1305925264-clip-84kb.png
skilz853
-
Here's the DDS.txt and Attach.txt
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Harry at 17:22:13 on 2011-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2488 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
C:\Program Files (x86)\CleanMem\mini_monitor.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Shield\shdserv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Shield\shieldclnt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Program Files (x86)\Clip2Net\clip2net.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\CX\Launcher.exe
C:\Program Files (x86)\Shield\shieldtray.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\Shield\ShieldTray64.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\WinMHR\WinMHR.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\taskmgr.exe
C:\Users\Harry\Downloads\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
mWinlogon: Userinit=userinit.exe
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
uRun: [Clip2Net] C:\Program Files (x86)\Clip2Net\clip2net.exe
uRun: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WinMHR] C:\Program Files (x86)\WinMHR\WinMHR.exe /minimize
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [shield] C:\Program Files (x86)\Shield\shieldtray.exe
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
StartupFolder: C:\Users\Harry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CX.lnk - C:\Program Files (x86)\CX\Launcher.exe
StartupFolder: C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetworkIndicator.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GLADIN~1.LNK - C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll
BHO-X64: Download Accelerator Plus Integration - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: C:\Windows\system32\guard64.dll
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\6sai5ehf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Users\Harry\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R0 Shield;Shield;C:\Windows\system32\DRIVERS\Shield.sys --> C:\Windows\system32\DRIVERS\Shield.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-12 42184]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-5-9 56200]
R2 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2011-5-3 29552]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-1-17 301720]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R2 ShieldClientService;Shield Client Service;C:\Program Files (x86)\Shield\ShieldClnt.exe [2011-5-3 45056]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\Windows\system32\drivers\cxfalcon_64.sys --> C:\Windows\system32\drivers\cxfalcon_64.sys [?]
R3 EUDISK;EASEUS Disk Enumerator;\??\C:\Windows\system32\drivers\eudisk.sys --> C:\Windows\system32\drivers\eudisk.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 Xbox360WirelessController;Xbox 360 Wireless Controller;C:\Windows\system32\DRIVERS\x360wchm.sys --> C:\Windows\system32\DRIVERS\x360wchm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PSMounter;Macrium Reflect Image Explorer Service;\??\C:\Windows\system32\drivers\psmounter.sys --> C:\Windows\system32\drivers\psmounter.sys [?]
S3 PSVolAcc;PSVolAcc;C:\Windows\system32\drivers\PSVolAcc.sys --> C:\Windows\system32\drivers\PSVolAcc.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-05-20 17:29:10 388096 ----a-r- C:\Users\Harry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 17:29:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-20 16:14:54 -------- d-----w- C:\Users\Harry\AppData\Local\{C3DB2317-8384-426C-9978-C16590568FE1}
2011-05-19 02:53:27 -------- d-----w- C:\Users\Harry\AppData\Local\{6842BF33-9593-4B50-9FCB-B2E1DBBF3FD6}
2011-05-18 14:52:26 -------- d-----w- C:\Users\Harry\AppData\Local\{AF7B3FF1-EF88-4FC7-BB58-D65305344E5B}
2011-05-18 02:51:38 -------- d-----w- C:\Users\Harry\AppData\Local\{E97AAABE-B0FE-4BBA-9255-2F015508C26F}
2011-05-18 02:28:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 14:50:50 -------- d-----w- C:\Users\Harry\AppData\Local\{7FDC9029-8CE3-4E5F-8480-8E8BCEDDCFB2}
2011-05-17 08:14:13 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{257B304E-5FCA-459D-9E2B-D6E0015B69D3}\mpengine.dll
2011-05-17 05:22:26 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-05-17 02:50:03 -------- d-----w- C:\Users\Harry\AppData\Local\{22CB2CB1-40BF-4A2C-84AD-FA440354F85B}
2011-05-16 14:49:14 -------- d-----w- C:\Users\Harry\AppData\Local\{33733DDF-FE48-44A9-B9CC-6ADC22928A9C}
2011-05-16 02:48:26 -------- d-----w- C:\Users\Harry\AppData\Local\{279E558A-220A-47B0-A4BE-65659B7C99E5}
2011-05-15 14:47:34 -------- d-----w- C:\Users\Harry\AppData\Local\{778D165D-C49B-44C9-B75D-7ADDC1D4D494}
2011-05-15 02:46:31 -------- d-----w- C:\Users\Harry\AppData\Local\{B7F174DE-3300-4B3A-A4AA-D757854F164E}
2011-05-14 21:44:40 -------- d-----w- C:\Program Files (x86)\Gladinet
2011-05-14 14:45:19 -------- d-----w- C:\Users\Harry\AppData\Local\{14EA7EF7-44C2-44A5-B458-028BC3BEFD8A}
2011-05-14 07:54:20 -------- d-----w- C:\Windows\WindowsMobile
2011-05-14 02:44:30 -------- d-----w- C:\Users\Harry\AppData\Local\{59FCD8C6-9C59-4EED-B46F-4B84715EEC14}
2011-05-13 14:43:37 -------- d-----w- C:\Users\Harry\AppData\Local\{90E376DC-0543-4005-8D16-04F2054693D3}
2011-05-13 02:42:50 -------- d-----w- C:\Users\Harry\AppData\Local\{E7735FFB-2836-47B4-9A7A-0014F20051E1}
2011-05-12 14:41:50 -------- d-----w- C:\Users\Harry\AppData\Local\{31592E06-62FD-4132-818B-FA67B816C765}
2011-05-12 05:53:35 -------- d-----w- C:\Users\Harry\AppData\Roaming\Ditto
2011-05-12 05:53:25 -------- d-----w- C:\Program Files (x86)\Ditto
2011-05-12 02:40:48 -------- d-----w- C:\Users\Harry\AppData\Local\{A236D2AA-1EAB-43A0-9C96-6D0A908E5E05}
2011-05-12 01:47:15 -------- d-----w- C:\Program Files (x86)\somototoolbar
2011-05-12 01:46:54 -------- d-----w- C:\Program Files (x86)\Subtitles.com.br FileBulldog Toolbar
2011-05-12 01:46:40 -------- d-----w- C:\Program Files (x86)\Subtitles-1.1.0.0
2011-05-12 01:43:22 -------- d-----w- C:\Users\Harry\AppData\Local\SublightCache
2011-05-12 01:40:18 -------- d-----w- C:\Users\Harry\AppData\Local\IsolatedStorage
2011-05-12 01:38:47 -------- d-----w- C:\Users\Harry\AppData\Local\Sublight_Labs
2011-05-12 01:38:43 -------- d-----w- C:\Program Files (x86)\Sublight
2011-05-11 14:39:45 -------- d-----w- C:\Users\Harry\AppData\Local\{372AA219-873B-4160-8ECB-8E1B855400A3}
2011-05-11 03:50:58 -------- d-----w- C:\Users\Harry\AppData\Local\Songr
2011-05-11 03:50:02 -------- d-----w- C:\Program Files (x86)\Songr
2011-05-11 03:19:29 -------- d-----w- C:\Program Files (x86)\CX
2011-05-11 02:38:57 -------- d-----w- C:\Users\Harry\AppData\Local\{A3ED94CA-D216-40B5-B6C5-7E0F454E6530}
2011-05-10 14:37:57 -------- d-----w- C:\Users\Harry\AppData\Local\{E782A724-CC84-45CD-8D15-3C99CC131863}
2011-05-10 07:42:53 -------- d-----w- C:\Users\Harry\AppData\Roaming\LockHunter
2011-05-10 07:42:27 -------- d-----w- C:\Program Files\LockHunter
2011-05-10 05:01:07 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2011-05-10 02:37:00 -------- d-----w- C:\Users\Harry\AppData\Local\{CF35AA17-BE25-4AAE-A008-EA7316F5AE1C}
2011-05-10 01:55:12 286720 --sha-w- C:\EUMONBMP.SYS
2011-05-10 01:33:17 -------- d-----w- C:\Users\Harry\My Music
2011-05-10 01:33:16 -------- d-----w- C:\Users\Harry\My Pictures
2011-05-10 01:33:15 -------- d-----w- C:\Users\Harry\My Movies
2011-05-10 01:16:40 193928 ----a-w- C:\Windows\System32\drivers\eudisk.sys
2011-05-10 01:16:39 36232 ----a-w- C:\Windows\System32\drivers\eubakup.sys
2011-05-10 01:16:39 26504 ----a-w- C:\Windows\System32\drivers\eufs.sys
2011-05-10 01:16:39 17800 ----a-w- C:\Windows\System32\drivers\eudskacs.sys
2011-05-10 01:16:38 42888 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys
2011-05-10 01:16:06 23432 ----a-w- C:\Windows\System32\fbnative.exe
2011-05-10 01:15:38 -------- d-----w- C:\Program Files (x86)\EASEUS
2011-05-10 00:16:40 -------- d-----w- C:\Users\Harry\AppData\Roaming\RoboSoft
2011-05-10 00:16:39 -------- d-----w- C:\ProgramData\RoboSoft
2011-05-09 14:35:35 -------- d-----w- C:\Users\Harry\AppData\Local\{B85C626D-8A4C-4B77-82C7-BC333CD86921}
2011-05-09 12:03:00 -------- d-----w- C:\Program Files (x86)\Jaangle
2011-05-09 11:38:15 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-05-09 11:37:58 -------- d-----w- C:\Users\Harry\AppData\Local\HuluDesktop
2011-05-09 11:37:28 -------- d-----w- C:\Program Files\Speccy
2011-05-09 10:13:47 -------- d-----w- C:\Program Files\FileMenu Tools
2011-05-09 06:41:47 -------- d-----w- C:\Program Files (x86)\Rainbow Folders
2011-05-09 05:33:05 -------- d-s---w- C:\Users\Harry\My Docs
2011-05-09 02:35:00 -------- d-----w- C:\Users\Harry\AppData\Local\{6A66D01F-413D-4643-A884-503CF2B566EF}
2011-05-09 01:42:35 -------- d-----w- C:\Users\Harry\AppData\Local\Apps
2011-05-08 14:34:37 -------- d-----w- C:\Users\Harry\AppData\Local\{00517F18-D7FB-4309-99F5-433754C9CB48}
2011-05-08 09:14:50 -------- d-----w- C:\Program Files (x86)\WinMHR
2011-05-08 07:23:10 -------- d-----w- C:\Users\Harry\AppData\Local\WinMHR
2011-05-08 02:33:47 -------- d-----w- C:\Users\Harry\AppData\Local\{67E52E2C-3AF1-4228-B362-3CA38BB97ADB}
2011-05-08 02:27:00 -------- d-----w- C:\Users\Harry\AppData\Local\{6F620F7D-5115-47FB-B247-C7FA6B92EF5D}
2011-05-07 14:33:11 -------- d-----w- C:\Users\Harry\AppData\Local\{AFF3A1CA-5200-4694-B4C8-761FCAA7B18F}
2011-05-07 05:39:03 -------- d-----w- C:\ProgramData\Macrium
2011-05-07 05:35:46 -------- d-----w- C:\Program Files\Macrium
2011-05-07 04:49:24 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2011-05-07 04:49:20 -------- d-----w- C:\Program Files (x86)\Stardock
2011-05-07 02:32:35 -------- d-----w- C:\Users\Harry\AppData\Local\{A1C2F5EB-835A-4E63-AE6C-C045FA20F355}
2011-05-07 02:28:45 -------- d-----w- C:\Users\Harry\AppData\Local\{85BBC584-A2B3-4FBF-824F-86E8F398BBE9}
2011-05-07 00:31:45 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-06 20:02:16 -------- d-----w- C:\Users\Harry\AppData\Local\Microsoft Games
2011-05-06 14:28:09 -------- d-----w- C:\Users\Harry\AppData\Local\{9E1F1B5B-2DCB-499A-83E7-F43C37445C8D}
2011-05-06 04:41:45 -------- d-----w- C:\Program Files\CCleaner
2011-05-06 04:39:54 -------- d-----w- C:\Users\Harry\AppData\Local\Google
2011-05-06 03:15:36 -------- d-----w- C:\Program Files\FolderSize
2011-05-06 02:27:32 -------- d-----w- C:\Users\Harry\AppData\Local\{F60C0A70-CEDB-4AF1-BC78-450608459F18}
2011-05-06 01:58:32 -------- d-----w- C:\Program Files (x86)\Everything
2011-05-05 14:26:57 -------- d-----w- C:\Users\Harry\AppData\Local\{ADFA3179-F238-46A3-A2B3-50F3210224CC}
2011-05-05 05:19:16 -------- d-----w- C:\Users\Harry\VirtualBox VMs
2011-05-05 05:17:24 -------- d-----w- C:\Users\Harry\.VirtualBox
2011-05-05 05:16:06 228272 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-05-05 05:15:02 56688 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-05-05 05:14:50 -------- d-----w- C:\Program Files\Oracle
2011-05-05 02:26:33 -------- d-----w- C:\Users\Harry\AppData\Local\{D1415F98-B066-4F3F-BB4D-493EFFA159CA}
2011-05-05 02:26:16 -------- d-----w- C:\Users\Harry\Tracing
2011-05-05 01:42:09 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-05-05 01:08:32 -------- d-----w- C:\Program Files (x86)\Movie Monkey
2011-05-05 01:01:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-05 00:58:55 -------- d-----w- C:\Users\Harry\AppData\Roaming\.minecraft
2011-05-04 23:45:20 78336 ----a-w- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetworkIndicator.exe
2011-05-04 23:42:26 -------- d-----w- C:\Program Files (x86)\Network Activity Indicator
2011-05-04 23:32:00 -------- d-----w- C:\Users\Harry\AppData\Roaming\SumatraPDF
2011-05-04 23:31:55 -------- d-----w- C:\Program Files (x86)\SumatraPDF
2011-05-04 15:36:41 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-05-04 15:17:46 74824 ----a-w- C:\Windows\System32\drivers\TfSysMon.sys
2011-05-04 15:17:46 65072 ----a-w- C:\Windows\System32\drivers\TfFsMon.sys
2011-05-04 15:17:46 41888 ----a-w- C:\Windows\System32\drivers\TfNetMon.sys
2011-05-04 15:17:43 -------- d-----w- C:\ProgramData\PC Tools
2011-05-04 15:17:43 -------- d-----w- C:\Program Files (x86)\ThreatFire
2011-05-04 15:04:24 -------- d-----w- C:\Users\Harry\AppData\Roaming\SUPERAntiSpyware.com
2011-05-04 15:04:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-05-04 15:04:14 -------- d-----w- C:\ProgramData\!SASCORE
2011-05-04 15:04:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-04 14:50:50 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-05-04 14:50:50 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-05-04 14:50:49 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-05-04 13:25:58 2075712 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-05-03 20:27:58 -------- d-----w- C:\Users\Harry\AppData\Local\Innovative Solutions
2011-05-03 20:27:58 -------- d-----w- C:\ProgramData\Innovative Solutions
2011-05-03 20:27:45 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2011-05-03 20:00:50 57344 ----a-w- C:\Windows\SysWow64\CleanMem.exe
2011-05-03 20:00:43 -------- d-----w- C:\Windows\CleanMem
2011-05-03 20:00:42 -------- d-----w- C:\Program Files (x86)\CleanMem
2011-05-03 19:18:57 -------- d-----w- C:\Windows\System32\SPReview
2011-05-03 19:18:16 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-03 19:12:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-05-03 19:11:59 582656 ----a-w- C:\Windows\System32\sxs.dll
2011-05-03 19:10:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll
2011-05-03 19:09:59 743424 ----a-w- C:\Windows\SysWow64\blackbox.dll
2011-05-03 19:08:58 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-05-03 19:08:58 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-05-03 19:08:49 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-05-03 19:08:49 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-05-03 19:08:38 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-05-03 19:08:38 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-05-03 19:08:33 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-05-03 19:08:33 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-05-03 19:06:24 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-05-03 19:06:24 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-05-03 19:06:24 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-03 19:06:09 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-05-03 19:06:03 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-05-03 19:05:17 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-05-03 19:05:13 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-05-03 16:09:38 9160 ------w- C:\Windows\SysWow64\drivers\Shdbus.sys
2011-05-03 16:09:38 5120 ------w- C:\Windows\SysWow64\chkvdisk.exe
2011-05-03 16:09:38 31688 ------w- C:\Windows\SysWow64\drivers\Shieldf.sys
2011-05-03 16:09:38 17864 ------w- C:\Windows\SysWow64\drivers\Shieldm.sys
2011-05-03 16:09:38 105928 ------w- C:\Windows\System32\drivers\Shield.sys
2011-05-03 16:09:30 -------- d-----w- C:\Windows\SysWow64\configfix
2011-05-03 15:37:54 -------- d-----w- C:\Users\Harry\AppData\Local\Secunia PSI
2011-05-03 15:37:44 -------- d-----w- C:\Program Files (x86)\Secunia
2011-05-03 15:06:45 -------- d-----w- C:\Users\Harry\Cloud Sync Folder - Box.net
2011-05-03 14:44:43 -------- d-----w- C:\Users\Harry\Cloud Sync Folder - Amazon Cloud Drive
2011-05-03 14:35:53 -------- d-----w- C:\Users\Harry\Cloud Sync Folder - Windows Live SkyDrive
2011-05-03 14:26:53 -------- d-----w- C:\Users\Harry\AppData\Local\gladinet
2011-05-03 14:26:45 -------- d--h--w- C:\Gladinet
2011-05-03 14:02:44 -------- d-----w- C:\Users\Harry\AppData\Roaming\Stardock
2011-05-03 14:02:20 -------- d-----w- C:\Users\Harry\AppData\Local\PackageAware
2011-05-03 14:00:09 -------- d-----w- C:\Users\Harry\AppData\Roaming\Malwarebytes
2011-05-03 14:00:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-03 14:00:02 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-03 13:59:59 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-03 13:59:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-03 13:49:19 -------- d--h--w- C:\VritualRoot
2011-05-03 13:49:19 -------- d-----w- C:\Users\Harry\AppData\Roaming\Digiarty
2011-05-03 13:20:25 -------- d-----w- C:\Program Files (x86)\Shield
2011-05-03 12:51:05 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-05-03 12:51:04 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-05-03 12:49:51 40112 ----a-w- C:\Windows\avastSS.scr
2011-05-03 12:41:13 -------- d-----w- C:\Program Files (x86)\Clip2Net
2011-05-03 11:36:31 -------- d-----w- C:\Users\Harry\AppData\Local\BuildAGadget Content
2011-05-03 11:28:55 -------- d-----w- C:\Windows\Panther
2011-05-03 11:28:41 -------- d-sh--w- C:\Boot
2011-05-03 11:20:27 -------- d-----w- C:\Users\Harry\AppData\Local\ElevatedDiagnostics
2011-05-03 11:05:48 -------- d-----w- C:\Program Files\COMODO
2011-05-03 11:04:46 -------- d-----w- C:\ProgramData\Comodo
2011-05-03 10:34:41 -------- d-----w- C:\Users\Harry\AppData\Local\Windows Live
2011-05-03 10:34:40 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-05-03 10:22:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-03 10:03:41 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-05-03 10:03:22 -------- d-----w- C:\Windows\SysWow64\Plugins
2011-05-03 10:00:31 -------- d-----w- C:\Windows\SysWow64\Wat
2011-05-03 10:00:31 -------- d-----w- C:\Windows\System32\Wat
2011-05-03 09:59:06 -------- d-----w- C:\Users\Harry\AppData\Local\VS Revo Group
2011-05-03 09:59:04 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2011-05-03 09:59:03 -------- d-----w- C:\Program Files\VS Revo Group
2011-05-03 09:49:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-05-03 09:49:17 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-05-03 09:49:17 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-05-03 09:49:17 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-05-03 09:49:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-05-03 09:46:29 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-05-03 09:46:05 -------- d-----w- C:\Windows\PCHEALTH
2011-05-03 09:18:24 924632 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2011-05-03 09:18:24 105432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2011-05-03 08:58:21 -------- d-----w- C:\ProgramData\AVAST Software
2011-05-03 08:58:21 -------- d-----w- C:\Program Files\AVAST Software
2011-05-03 08:32:50 -------- d-----w- C:\Program Files\Realtek
2011-05-03 08:32:49 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-05-03 08:29:53 -------- d-----w- C:\Program Files\CONEXANT
2011-05-03 08:19:08 -------- d-----w- C:\Program Files (x86)\LastPass
2011-05-03 08:10:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-03 08:10:33 -------- d-----w- C:\Program Files (x86)\deepinvent
2011-05-03 08:07:46 -------- d-----w- C:\Users\Harry\AppData\Local\Thunderbird
2011-05-03 08:07:00 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-05-03 08:06:52 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-05-03 08:02:44 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-05-03 08:02:44 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-05-03 08:02:44 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-03 08:02:44 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-03 08:02:00 -------- d-----w- C:\ProgramData\SpeedBit
2011-05-03 08:00:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-05-03 08:00:57 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-03 08:00:57 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-03 08:00:57 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 07:52:49 -------- d-----w- C:\Users\Harry\AppData\Local\Mozilla
2011-05-03 07:41:02 -------- d-----w- C:\Users\Harry\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-05-05 09:13:39 360976 ----a-w- C:\Windows\System32\guard64.dll
2011-05-05 09:13:38 284744 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-05-05 09:13:37 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-05-05 09:13:37 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-05-05 09:13:36 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-05-03 19:26:53 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-03 19:26:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-03 08:01:56 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2011-05-03 08:01:54 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2011-04-13 19:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-04-12 17:01:38 52632 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2011-04-09 03:00:34 465920 ----a-w- C:\Windows\System32\itpcoin815.dll
2011-04-09 03:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll
2011-04-09 03:00:20 18944 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2011-04-08 03:19:38 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-04-08 03:19:36 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-04-08 03:19:36 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-04-08 03:19:26 6338152 ----a-w- C:\Windows\System32\nvcpl.dll
2011-04-08 03:19:08 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-05 06:02:48 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 22:21:10 2753512 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-22 15:16:26 2369128 ----a-w- C:\Windows\System32\RtPgEx64.dll
.
============= FINISH: 17:27:12.38 ===============
and Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/3/2011 3:40:42 AM
System Uptime: 5/20/2011 12:03:25 PM (5 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Basswood
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 199.846 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 83.437 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
Z: is NetworkDisk (FAT) - 279 GiB total, 199.846 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: HP 802.11b/g Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&24726DB3&0&00F0
Manufacturer: Atheros Communications Inc.
Name: HP 802.11b/g Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&24726DB3&0&00F0
Service: athr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
avast! Free Antivirus
CleanMem
Clip2Net 0.8.2b
CX 4.18.3600
D3DX10
Ditto 3.17.0.17
Download Accelerator Plus (DAP)
DriverMax 5
EASEUS Todo Backup Home 2.5
Eusing Free Registry Cleaner
Everything 1.2.1.371
Fences
Gladinet Cloud Desktop
HiJackThis
Hulu Desktop
Jaangle music management
Java Auto Updater
Java(TM) 6 Update 25
LastPass (uninstall only)
MailStore Home 4.2.0.5431
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Movie Monkey version 0.91
Mozilla Firefox 4.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.10)
MSVCRT
Rainbow Folders
Realtek High Definition Audio Driver
Rollback Rx
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Songr
SpeedFan (remove only)
SpywareBlaster 4.4
Sublight 2.7.1
Subtitles 1.1.0.0
SumatraPDF
System Requirements Lab CYRI
ThreatFire
VirusTotal Uploader 2.0
VLC media player 1.1.9
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinMHR beta 2
.
==== Event Viewer Messages From Past Week ========
.
5/20/2011 12:15:08 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
Thanks,
skilz853
-
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Eusing Free Registry Cleaner
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
********************************************
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
C:\Windows\SysWow64\EasyHook32.dll
C:\Windows\SysWow64\AniGIF.ocx
C:\Windows\System32\easyUpdatusAPIU64.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
***********************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
http://virusscan.jotti.org/en/scanresult/8c7fec5711e823306efec46f1d752c4ddf2b36a1
http://virusscan.jotti.org/en/scanresult/c18c533ad19dea64d9d792406e8511b69f88b09a
I've run into something really strange. When I try to enter C:\Windows\System32\easyUpdatusAPIU64.dll at jotti, I get a message that it cannot be found. If I go there in Windows Explorer it is there.
Is there another to get this file scanned?
Here's the ComboFix log:
ComboFix 11-05-19.02 - Harry 05/20/2011 19:54:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2744 [GMT -4:00]
Running from: c:\users\Harry\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 00:13 . 2011-05-21 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 23:12 . 2011-05-20 23:13 -------- d-----w- c:\program files (x86)\Aura
2011-05-20 22:18 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E13AE1FA-8157-497D-8351-F5F9F3AED60E}\mpengine.dll
2011-05-20 22:18 . 2011-05-20 22:18 -------- d-----w- C:\e8527c71ab1ae93a07
2011-05-20 17:29 . 2011-05-20 17:29 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-18 02:28 . 2011-05-18 02:32 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 05:22 . 2011-05-17 05:22 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-05-14 21:44 . 2011-05-14 21:44 -------- d-----w- c:\program files (x86)\Gladinet
2011-05-14 07:54 . 2011-05-14 08:00 -------- d-----w- c:\windows\WindowsMobile
2011-05-12 13:20 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-12 05:53 . 2011-05-12 05:53 -------- d-----w- c:\program files (x86)\Ditto
2011-05-12 01:47 . 2011-05-12 01:49 -------- d-----w- c:\program files (x86)\somototoolbar
2011-05-12 01:46 . 2011-05-12 01:46 -------- d-----w- c:\program files (x86)\Subtitles.com.br FileBulldog Toolbar
2011-05-12 01:46 . 2011-05-12 01:49 -------- d-----w- c:\program files (x86)\Subtitles-1.1.0.0
2011-05-12 01:38 . 2011-05-12 01:38 -------- d-----w- c:\program files (x86)\Sublight
2011-05-11 03:50 . 2011-05-11 03:50 -------- d-----w- c:\program files (x86)\Songr
2011-05-11 03:19 . 2011-05-20 16:12 -------- d-----w- c:\program files (x86)\CX
2011-05-10 07:42 . 2011-05-10 07:42 -------- d-----w- c:\program files\LockHunter
2011-05-10 05:01 . 2011-05-10 05:09 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2011-05-10 01:55 . 2011-05-10 01:55 286720 --sha-w- C:\EUMONBMP.SYS
2011-05-10 01:16 . 2011-04-22 22:26 193928 ----a-w- c:\windows\system32\drivers\eudisk.sys
2011-05-10 01:16 . 2011-04-22 22:26 26504 ----a-w- c:\windows\system32\drivers\eufs.sys
2011-05-10 01:16 . 2011-04-22 22:26 17800 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-05-10 01:16 . 2011-04-22 22:26 36232 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-05-10 01:16 . 2011-04-22 22:26 42888 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-05-10 01:16 . 2011-04-22 22:26 23432 ----a-w- c:\windows\system32\fbnative.exe
2011-05-10 01:15 . 2011-05-10 01:15 -------- d-----w- c:\program files (x86)\EASEUS
2011-05-10 00:16 . 2011-05-12 11:37 -------- d-----w- c:\programdata\RoboSoft
2011-05-09 12:03 . 2011-05-09 12:20 -------- d-----w- c:\program files (x86)\Jaangle
2011-05-09 11:38 . 2011-05-09 11:38 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-09 11:37 . 2011-05-09 11:37 -------- d-----w- c:\program files\Speccy
2011-05-09 10:13 . 2011-05-09 10:13 -------- d-----w- c:\program files\FileMenu Tools
2011-05-09 06:41 . 2011-05-09 06:41 -------- d-----w- c:\program files (x86)\Rainbow Folders
2011-05-08 09:14 . 2011-05-08 09:14 -------- d-----w- c:\program files (x86)\WinMHR
2011-05-07 05:39 . 2011-05-07 05:39 -------- d-----w- c:\programdata\Macrium
2011-05-07 05:35 . 2011-05-07 05:35 -------- d-----w- c:\program files\Macrium
2011-05-07 04:49 . 2011-05-07 04:49 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2011-05-07 04:49 . 2011-05-07 04:49 -------- d-----w- c:\program files (x86)\Stardock
2011-05-06 04:41 . 2011-05-06 04:57 -------- d-----w- c:\program files\CCleaner
2011-05-06 04:39 . 2011-05-06 05:45 -------- d-----w- c:\program files (x86)\Google
2011-05-06 03:15 . 2011-05-06 03:15 -------- d-----w- c:\program files\FolderSize
2011-05-06 01:58 . 2011-05-20 23:49 -------- d-----w- c:\program files (x86)\Everything
2011-05-05 05:16 . 2011-02-17 21:21 228272 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-05 05:15 . 2011-02-17 21:21 56688 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-05 05:15 . 2011-05-05 05:16 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-05 05:14 . 2011-05-05 05:14 -------- d-----w- c:\program files\Oracle
2011-05-05 02:07 . 2011-05-05 02:08 -------- d-----w- c:\program files (x86)\Windows Live
2011-05-05 01:47 . 2011-05-05 01:47 -------- d-----w- c:\windows\Sun
2011-05-05 01:42 . 2011-05-14 22:39 -------- d-----w- c:\program files (x86)\SpeedFan
2011-05-05 01:08 . 2011-05-05 01:13 -------- d-----w- c:\program files (x86)\Movie Monkey
2011-05-05 01:02 . 2011-05-05 01:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-05 01:01 . 2011-05-05 01:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-05 01:01 . 2011-05-05 01:01 -------- d-----w- c:\program files (x86)\Java
2011-05-05 01:01 . 2011-05-05 01:01 -------- d-----w- c:\programdata\McAfee
2011-05-04 23:42 . 2011-05-04 23:42 -------- d-----w- c:\program files (x86)\Network Activity Indicator
2011-05-04 23:31 . 2011-05-04 23:31 -------- d-----w- c:\program files (x86)\SumatraPDF
2011-05-04 15:36 . 2011-05-04 15:39 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2011-05-04 15:17 . 2011-02-22 17:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-04 15:17 . 2011-02-22 17:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-04 15:17 . 2011-02-22 17:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-04 15:17 . 2011-05-04 15:17 -------- d-----w- c:\program files (x86)\ThreatFire
2011-05-04 15:17 . 2011-05-04 15:17 -------- d-----w- c:\programdata\PC Tools
2011-05-04 15:04 . 2011-05-04 15:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-04 15:04 . 2011-05-04 15:04 -------- d-----w- c:\programdata\!SASCORE
2011-05-04 15:04 . 2011-05-06 08:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-04 14:50 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-05-04 14:50 . 2010-01-10 23:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2011-05-04 14:50 . 2011-05-16 18:55 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-05-04 13:25 . 2011-02-22 19:52 2075712 ----a-w- c:\windows\system32\FMAPO64.dll
2011-05-03 20:27 . 2011-05-03 20:27 -------- d-----w- c:\programdata\Innovative Solutions
2011-05-03 20:27 . 2011-05-03 20:27 -------- d-----w- c:\program files (x86)\Innovative Solutions
2011-05-03 20:00 . 2010-12-14 07:18 57344 ----a-w- c:\windows\SysWow64\CleanMem.exe
2011-05-03 20:00 . 2011-05-03 20:00 -------- d-----w- c:\windows\CleanMem
2011-05-03 20:00 . 2011-05-03 20:00 -------- d-----w- c:\program files (x86)\CleanMem
2011-05-03 19:18 . 2011-05-03 19:18 -------- d-----w- c:\windows\system32\SPReview
2011-05-03 19:18 . 2011-05-03 19:18 -------- d-----w- c:\windows\system32\EventProviders
2011-05-03 19:12 . 2010-11-20 13:27 263168 ----a-w- c:\windows\system32\spwizui.dll
2011-05-03 19:11 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-05-03 19:10 . 2010-11-20 13:26 232448 ----a-w- c:\windows\system32\ListSvc.dll
2011-05-03 19:09 . 2010-11-20 13:27 270848 ----a-w- c:\windows\system32\srrstr.dll
2011-05-03 19:08 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-05-03 19:08 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-05-03 19:08 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-05-03 19:08 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-05-03 19:08 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-05-03 19:08 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-05-03 19:08 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-05-03 19:08 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-05-03 19:06 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-03 19:06 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-03 19:06 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-03 19:06 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-03 19:06 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-03 19:05 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-05-03 19:05 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-05-03 16:09 . 2011-03-11 17:56 17864 ------w- c:\windows\SysWow64\drivers\Shieldm.sys
2011-05-03 16:09 . 2011-03-11 17:56 31688 ------w- c:\windows\SysWow64\drivers\Shieldf.sys
2011-05-03 16:09 . 2011-03-11 17:56 105928 ------w- c:\windows\system32\drivers\Shield.sys
2011-05-03 16:09 . 2011-03-11 17:55 9160 ------w- c:\windows\SysWow64\drivers\Shdbus.sys
2011-05-03 16:09 . 2009-10-14 16:20 5120 ------w- c:\windows\SysWow64\chkvdisk.exe
2011-05-03 16:09 . 2011-05-03 16:09 -------- d-----w- c:\windows\SysWow64\configfix
2011-05-03 15:37 . 2011-05-03 15:37 -------- d-----w- c:\program files (x86)\Secunia
2011-05-03 14:26 . 2011-05-03 14:26 -------- d-----w- C:\Gladinet
2011-05-03 14:00 . 2011-05-03 14:00 -------- d-----w- c:\programdata\Malwarebytes
2011-05-03 14:00 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-03 13:59 . 2011-05-03 14:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-03 13:59 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 13:49 . 2011-05-03 13:49 -------- d-----w- C:\VritualRoot
2011-05-03 13:20 . 2011-05-03 18:06 -------- d-----w- c:\program files (x86)\Shield
2011-05-03 12:51 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-03 12:51 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-03 12:51 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-03 12:51 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-03 12:51 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-03 12:51 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-03 12:49 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-03 12:41 . 2011-05-06 06:11 -------- d-----w- c:\program files (x86)\Clip2Net
2011-05-03 12:10 . 2011-05-03 12:10 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-03 11:43 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-03 11:28 . 2011-05-03 07:40 -------- d-----w- c:\windows\Panther
2011-05-03 11:28 . 2011-05-10 01:17 -------- d-----w- C:\Boot
2011-05-03 11:05 . 2011-05-03 11:05 -------- d-----w- c:\program files\COMODO
2011-05-03 11:04 . 2011-05-03 18:49 -------- d-----w- c:\programdata\Comodo
2011-05-03 10:55 . 2011-05-03 10:55 -------- d-----w- c:\program files\7-Zip
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 01:35 . 2011-01-06 21:37 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 09:13 . 2010-12-29 05:42 360976 ----a-w- c:\windows\system32\guard64.dll
2011-05-05 09:13 . 2010-12-29 05:42 284744 ----a-w- c:\windows\SysWow64\guard32.dll
2011-05-05 09:13 . 2011-01-06 21:37 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 09:13 . 2011-01-06 21:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 09:13 . 2011-01-06 21:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-03 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-03 10:38 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
2011-04-12 17:01 . 2011-04-12 17:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-09 03:00 . 2011-04-09 03:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-09 03:00 . 2011-04-09 03:00 18944 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-08 12:14 . 2010-07-10 09:38 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 12:14 . 2009-07-13 21:59 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-08 12:14 . 2009-07-13 21:59 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 03:19 . 2011-04-08 03:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 03:19 . 2011-04-08 03:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-08 03:19 . 2011-04-08 03:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 03:19 . 2011-04-08 03:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 03:19 . 2011-04-08 03:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-05 06:02 . 2011-03-05 06:02 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-03-04 06:19 . 2011-05-03 12:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-05-03 12:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-03 07:02 194416 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-03 07:05 194416 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-05-03 2918576]
"Clip2Net"="c:\program files (x86)\Clip2Net\clip2net.exe" [2009-10-08 1635328]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-04-28 9229736]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-04-28 9229736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2988928]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"WinMHR"="c:\program files (x86)\WinMHR\WinMHR.exe" [2010-11-23 779528]
"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2010-12-23 831488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"shield"="c:\program files (x86)\Shield\shieldtray.exe" [2011-03-11 3588552]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
.
c:\users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CX.lnk - c:\program files (x86)\CX\Launcher.exe [2011-5-10 480768]
NetworkIndicator.exe [2011-5-2 78336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gladinet Cloud Desktop.lnk - c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe [2011-5-3 87920]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
R2 ShieldClientService;Shield Client Service;c:\program files (x86)\Shield\shieldclnt.exe [2011-03-11 45056]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys
R3 PSVolAcc;PSVolAcc;
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys
S0 Shdbus;Shdbus;c:\windows\SysWOW64\DRIVERS\Shdbus.sys [2011-03-11 9160]
S0 Shield;Shield;c:\windows\System32\DRIVERS\Shield.sys
S0 Shieldf;Shieldf;c:\windows\SysWOW64\DRIVERS\Shieldf.sys [2011-03-11 31688]
S0 Shieldm;Shieldm;c:\windows\SysWOW64\DRIVERS\Shieldm.sys [2011-03-11 17864]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2011-05-03 29552]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-01-18 301720]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon_64.sys
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys
S3 Xbox360WirelessController;Xbox 360 Wireless Controller;c:\windows\system32\DRIVERS\x360wchm.sys
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2011-03-24 16:16 398000 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-03 07:02 192368 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-03 07:05 195440 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-11 9057608]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\6sai5ehf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shdbus]
"ImagePath"=multi:"SysWOW64\DRIVERS\Shdbus.sys\00"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shield]
"ImagePath"=multi:"System32\DRIVERS\Shield.sys\00"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shieldf]
"ImagePath"=multi:"SysWOW64\DRIVERS\Shieldf.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shieldm]
"ImagePath"=multi:"SysWOW64\DRIVERS\Shieldm.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shdbus]
"ImagePath"=multi:"SysWOW64\DRIVERS\Shdbus.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shield]
"ImagePath"=multi:"System32\DRIVERS\Shield.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shieldf]
"ImagePath"=multi:"SysWOW64\DRIVERS\Shieldf.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Shieldm]
"ImagePath"=multi:"SysWOW64\DRIVERS\Shieldm.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-20 20:46:32
ComboFix-quarantined-files.txt 2011-05-21 00:46
.
Pre-Run: 214,181,363,712 bytes free
Post-Run: 213,852,422,144 bytes free
.
- - End Of File - - C5ED01FC4015AF919B4C004C2EB33C43
-
Hey Dave, I hope I'm not repeating what I said earlier, but in a different way. I've had a belly ache since noon yesterday(think it may be another attach of pancreatitis) and am having difficulty concentrating. But I don't think I am.
Looking farther at C:\Windows\SysWow64\EasyHook32.dll and C:\Windows\System32\easyUpdatusAPIU64.dll, I'm finding that EasyHook..is found in both locations if I browse from jotti and easyUpdatus... is found in neither.
But in Windows Explorer they're in the locations that you provided above.
skilz853
-
I've run into something really strange. When I try to enter C:\Windows\System32\easyUpdatusAPIU64.dll at jotti, I get a message that it cannot be found. If I go there in Windows Explorer it is there.
Is there another to get this file scanned?
Don't bother. I'm quite sure now that is is clean.
Please download the Sophos Anti-Rootkit Scanner (http://www.sophos.com/products/free-tools/sophos-anti-rootkit/download/) and save it to your desktop.
You will need to enter your name, e-mail address and location in order to access the download page.
- Once you have downloaded the file, double click the sarsfx icon
- Review the licence agreement and click on the Accept button
- The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
- Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
- Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
- Allow the program to scan your computer - please be patient as it may take some time
- Once the scan has completed a window will pop-up with the results of the scan - click OK to this
- In the main window, you will see each of the entries found by the scan (if any)
- If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
- Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
- If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
- To clean up these entries click on the Clean up checked items button
- If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
- Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
- When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
-
Hey Dave
The default install is C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit
Do you want me to change it to C:\SOPHTEMP?
skilz853
-
Ok. Give it a shot.
-
Dave, I did not get any warnings and it said 99 hidden files were found. They are from Thunderbird and Mail Store that I use to backup email. None of them have any green check marks. Here's a sample of what they look like.
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Harry\AppData\Roaming\Thunderbird\Profiles\iw9n0nih.default\Mail\Local Folders\MailStore Export.sbd\Thunderbird Eagleseye's Mail.sbd\Inbox.mozmsgs\1281984509_SectionID-561226_HitID-3_SiteID-37131_EmailID-111967999_DB-1_SID-0%40ss36.on9mail.com.wdseml
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
I have not removed any of them.
skilz853
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Dave here's the EsetScan text:
C:\Users\Harry\Documents\Downloads\HSS-1.54-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
C:\Users\Harry\Documents\Downloads\livechristmas.zip a variant of Win32/XmasAds.A application
D:\Documents\Downloads\HSS-1.54-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
D:\Documents\Downloads\livechristmas.zip a variant of Win32/XmasAds.A application
D:\Downloads\HSS-1.54-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application
D:\Downloads\livechristmas.zip a variant of Win32/XmasAds.A application
D:\Downloads\speedupmypc_2.exe Win32/SpeedUpMyPC application
These are files in different download folders, that I intend to cleanup after this is over.
skilz853
-
Please clean them out now and run another ESET scan.
-
Dave, I got a clean scan for Eset this time.
skillz853
-
That's good. If there are no other issues, let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
********************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**********************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Dave, I ran combofix /uninstall, but it did not remove the folders etc that I think it created. It actually added one c:\combofix. Here's a screenshot of the root of c:\: http://clip2net.com/clip/m80407/1306275960-clip-70kb.jpg. I don't think c:\boot(which has language folders and memtest.exe), c:\combofix,
c:\perflogs(empty except for admin sub folder), c:\programdata, c:\recovery(empty), and c:\virtualroot(empty) were there prior to this malware removal process. What should I do about these? I think I could delete the empty ones, but will wait until I hear from you. I noticed a new exe called nircmd.exe that's appeared that comodo firewall sandboxed. There is one folder missing that was on c:\ called c:\ooobox or something like that, that had combofix files in it.
skilz853
-
I ran combofix /uninstall, but it did not remove the folders etc that I think it created. It actually added one c:\combofix.
I cleaned a computer this weekend in my home and the same thing happened when I tried to uninstall ComboFix. I ended up deleting it. I'm going to investigate the validity of that method of uninstalling ComboFix. This should remove it.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
-
Thanks Dave, I think that took care of it. I did have manually delete some folders. I found out that c:\boot is a windows folder for the inbuilt memtest. I went in properties and hid it.
I think all is well now. ;D
Thanks again,
skilz853
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm or start a new thread.