Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Another IObit scan; any help would be great

jgmcan

By jgmcan
in Spyware-Malware Removal Help!

Recommended Posts

jgmcan Newbie

jgmcan

Posted
Posted

Not sure what to do next. Hoping someone could help an intelligent DeadHead

 

 

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 20:34:14, on 2011-1-1

Running processes:

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\FlvTube Toolbar\FlvTubeSvc.exe

D:\Utilities\IObit Security 360\IS360srv.exe

D:\Utilities\IObit Security 360\IS360srv.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Utilities\Maintainance Utils\Asus\Turbo Key\TurboKey.exe

D:\Utilities\IObit Security 360\is360tray.exe

D:\Utilities\IObit Security 360\is360tray.exe

C:\Program Files (x86)\FlvTube Toolbar\FlvTubeVideoToMp3.exe

C:\Program Files (x86)\FlvTube Toolbar\FlvTubeVideoToMp3.exe

C:\Program Files (x86)\FlvTube Toolbar\FlvTubeVideoToMp3.exe

D:\Utilities\IObit Security 360\is360.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

D:\Utilities\IObit Security 360\a_hijackscan.exe

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: Flash Catcher - {3AF255C7-8742-4B96-8971-1268EEE04974} - C:\Program Files (x86)\Online Games Downloader\SWFCatcher.dll

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: FlvTube Toolbar - {851552F5-B878-4b03-904F-2AD6A4CC8994} - C:\Program Files (x86)\FlvTube Toolbar\flvtubetb.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Turbo Key] "D:\Utilities\Maintainance Utils\Asus\Turbo Key\TurboKey.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "D:\Utilities\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} -

O23 - Service: AMD External Events Utility (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

O23 - Service: AODService (AODService) - Unknown - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

O23 - Service: Application Host Helper Service (AppHostSvc) - Unknown - %windir%\system32\svchost.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: FLEXnet Licensing Service 64 (FLEXnet Licensing Service 64) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: FlvTube Toolbar Helper (FlvTube Toolbar Helper) - Unknown - C:\Program Files (x86)\FlvTube Toolbar\FlvTubeSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service (IS360service) - IObit - D:\Utilities\IObit Security 360\IS360srv.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: Samsung UPD Service (Samsung UPD Service) - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Utilities\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Steam Client Service (Steam Client Service) - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: Windows Process Activation Service (WAS) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

HiJack Report.txt

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

What symptoms are you experiencing on your computer?

Please copy and paste the logs. Don't attach them unless necessary.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*****************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

**********************************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to comment
Share on other sites
jgmcan Newbie

jgmcan

Posted
  • Author
Posted

Getting Happier

 

Hi Dave, I have completed all the steps you outlined in your reply and have pasted the required reports. I'm not sure whats next, but I'm very happy with your response. I was a tech support guy for 15 years but a medical condition has left my memory spotty to say the least. Anyway I do remember that it can be rewarding but also a real pain the butt. anyway i hope to hear fom you soon, Jgmcan

--------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/04/2011 at 05:55 PM

 

Application Version : 4.47.1000

 

Core Rules Database Version : 6130

Trace Rules Database Version: 3942

 

Scan type : Complete Scan

Total Scan Time : 00:23:52

 

Memory items scanned : 581

Memory threats detected : 0

Registry items scanned : 12362

Registry threats detected : 0

File items scanned : 90712

File threats detected : 1

 

Adware.Tracking Cookie

s0.2mdn.net [ C:\Users\John McNaught\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YRNBV7GU ]

-------

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5461

 

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

 

1/4/2011 6:21:34 PM

mbam-log-2011-01-04 (18-21-34).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 239432

Time elapsed: 4 minute(s), 1 second(s)

 

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 10

Files Infected: 22

 

Memory Processes Infected:

c:\program files (x86)\flvtube toolbar\flvtubesvc.exe (PUP.Zwangi) -> 1656 -> Unloaded process successfully.

c:\program files (x86)\flvtube toolbar\flvtubevideotomp3.exe (Adware.FlvTube) -> 4684 -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FlvTube Toolbar Helper (PUP.Zwangi) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{851552F5-B878-4b03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FlvTube (Adware.FlvTube) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QueryBrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlvTube Toolbar (PUP.Zwangi) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryBrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4B03-904F-2AD6A4CC8994} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{851552F5-B878-4b03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Value: {851552F5-B878-4b03-904F-2AD6A4CC8994} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service\UninstallString (PUP.Zwangi) -> Value: UninstallString -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

c:\programdata\querybrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c} (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\chrome (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\defaults (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\defaults\preferences (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\querybrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\flvtube toolbar (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content (PUP.Zwangi) -> Quarantined and deleted successfully.

 

Files Infected:

c:\program files (x86)\flvtube toolbar\flvtubesvc.exe (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\flvtube toolbar\flvtubevideotomp3.exe (Adware.FlvTube) -> Quarantined and deleted successfully.

c:\program files (x86)\flvtube toolbar\flvtubetb.dll (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files\Java\jre6\bin\keytool.exe (VirTool.Agent.Gen) -> Quarantined and deleted successfully.

c:\program files (x86)\flvtube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\program files (x86)\flvtube toolbar\ShowMsg.exe (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\searchplugins\flvtube.xml (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\chrome.manifest (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\install.rdf (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\chrome\querybrowser.jar (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{2b52746b-cdbb-49a6-a80d-912bc6636a6c}\defaults\preferences\prefs.js (Adware.QueryBrowser) -> Quarantined and deleted successfully.

c:\program files (x86)\flvtube toolbar\uninstall.exe (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome.manifest (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\constants.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\convertvideo.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\convertvideodlg.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\events.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\events_org.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\savetomp3popup.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\tbcore.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\weather.js (PUP.Zwangi) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\flvtube@flvtube.com\chrome\content\weatherloc.js (PUP.Zwangi) -> Quarantined and deleted successfully.

---------------

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.1.85.3

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.8)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs.

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

Link to comment
Share on other sites
wozofoz Newbie

wozofoz

Posted
Posted

Too much text

 

Hi jgmcan :smile:

 

There is a limit on the amount of text that your Reply can contain, your reply has gone over the limit so nothing is shown.

Please split the logs and post them in 2 replies (or more if necessary)

 

When you paste the log in the Reply box click Preview Post (see image) if you do not see your reply but instead see a blank space in the Reply box you will need to make the reply smaller.

 

http://forums.iobit.com/attachment.php?attachmentid=6609&stc=1&d=1294283151

 

All the best, woz of oz

Link to comment
Share on other sites
jgmcan Newbie

jgmcan

Posted
  • Author
Posted

Chopping post to fit

 

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs.

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

-----------------------------------------

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by John McNaught at 19:02:27.18 on Wed 01/05/2011

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6911.5157 [GMT -8:00]

 

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

D:\Utilities\SASCORE64.EXE

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Windows\system32\CISVC.EXE

D:\Utilities\IObit Security 360\IS360srv.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\fxssvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

D:\Utilities\Maintainance Utils\Asus\Turbo Key\TurboKey.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\John McNaught\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.ca

uStart Page = hxxp://www.theweathernetwork.com/weather/cabc0076?ref=topnav_fourteenday_weather

uWindow Title = DATCS

mDefault_Search_URL = hxxp://www.google.ca

mDefault_Page_URL = hxxp://www.google.ca

mSearch Page = hxxp://www.google.ca

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper

BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - C:\Program Files (x86)\PicLensIE\cooliris.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "D:\Games\Game Booster\Steam\Steam.exe" -silent

uRun: [smartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Turbo Key] "D:\Utilities\Maintainance Utils\Asus\Turbo Key\TurboKey.exe"

mRun: [iObit Security 360] "D:\Utilities\IObit Security 360\IS360tray.exe" /autostart

mRun: [Adobe Reader Speed Launcher] "D:\Word Processing\Adobe\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

uPolicies-explorer: HideSCABattery = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

mRun-x64: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe

IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\JOHNMC~1\AppData\Roaming\Mozilla\Firefox\Profiles\0prh170p.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=e7c1b842de3b4600a2a6353ef5dd273e&subid=11796

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

FF - component: C:\Users\John McNaught\AppData\Roaming\Mozilla\Firefox\Profiles\0prh170p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

 

============= SERVICES / DRIVERS ===============

 

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]

R1 SASDIFSV;SASDIFSV;D:\Utilities\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;D:\Utilities\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;D:\Utilities\SASCore64.exe [2010-6-29 128752]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-9-12 90112]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 IS360service;IS360service;D:\Utilities\IObit Security 360\is360srv.exe [2010-12-2 312152]

R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2010-7-29 301024]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]

R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\System32\drivers\EuDisk.sys [2010-8-23 137608]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]

R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-26 406632]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

R3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;C:\Windows\System32\drivers\SRS_DivX_amd64.sys [2009-11-10 377584]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-1-11 1290752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23 135664]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]

S3 EUDSKACS;EUDSKACS;C:\Windows\SysWOW64\drivers\eudskacs.sys [2010-8-23 17800]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-11 1436424]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-2 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PSMounter;Macrium Reflect Image Explorer Service;C:\Windows\System32\drivers\psmounter.sys [2010-7-29 39904]

S3 PSVolAcc;PSVolAcc;C:\Windows\System32\drivers\PSVolAcc.sys [2010-7-29 12768]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-8-27 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-8-27 13280]

S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2010-12-18 167280]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;D:\Utilities\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [2010-9-7 93336]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-24 1255736]

S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

 

=============== Created Last 30 ================

 

2011-01-05 23:44:41 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{D55B74B7-734A-465C-80B6-D2E912A6ED5E}\mpengine.dll

2011-01-05 02:06:07 -------- d-----w- C:\Users\JOHNMC~1\AppData\Roaming\Malwarebytes

2011-01-05 02:05:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-05 02:05:48 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-05 02:05:45 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-01-05 01:20:10 -------- d-----w- C:\Users\JOHNMC~1\AppData\Roaming\SUPERAntiSpyware.com

2011-01-05 01:20:10 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-01-05 01:20:07 -------- d-----w- C:\PROGRA~3\!SASCORE

2011-01-03 03:54:39 -------- d-----w- C:\Windows\en

2011-01-03 03:50:13 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2011-01-03 03:49:25 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-01-03 03:49:25 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-01-03 03:49:25 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-01-03 03:49:25 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-01-03 03:49:10 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dbed9f31cbaaf906\MeshBetaRemover.exe

2011-01-03 03:49:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-01-03 03:49:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-01-03 03:49:05 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2ac0f80c1cbaaf904\DSETUP.dll

2011-01-03 03:49:05 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2ac0f80c1cbaaf904\DXSETUP.exe

2011-01-03 03:49:05 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2ac0f80c1cbaaf904\dsetup32.dll

2011-01-01 02:19:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2010-12-31 12:58:27 -------- d-----w- C:\Program Files (x86)\ATI

2010-12-31 12:58:07 -------- d-----w- C:\Program Files\ATI Technologies

2010-12-31 12:53:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2010-12-31 12:53:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2010-12-31 11:43:25 -------- d-----w- C:\Windows\Downloaded Installations

2010-12-31 11:42:38 -------- d-----w- C:\Program Files (x86)\AMD

2010-12-31 11:41:34 -------- d-----w- C:\Users\JOHNMC~1\AppData\Local\Downloaded Installations

2010-12-31 11:32:48 -------- d-----w- C:\Windows\AsDmiHtm

2010-12-19 05:27:14 701440 ----a-w- C:\Windows\SysWow64\msxml2.dll

2010-12-19 05:27:14 482408 ----a-w- C:\Windows\ssndii.exe

2010-12-19 05:27:14 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll

2010-12-19 05:27:14 38160 ----a-w- C:\Windows\SysWow64\msxml2r.dll

2010-12-19 05:27:14 21776 ----a-w- C:\Windows\SysWow64\msxml2a.dll

2010-12-19 05:27:14 -------- d-----w- C:\Windows\Samsung

2010-12-19 05:27:06 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll

2010-12-19 05:26:57 89600 ----a-w- C:\Windows\System32\spd__ci.dll

2010-12-19 05:26:57 358912 ----a-w- C:\Windows\System32\DscPnt.dll

2010-12-19 05:26:57 27648 ----a-w- C:\Windows\System32\spd__l.dll

2010-12-19 05:26:57 259440 ----a-w- C:\Windows\SUPDRun.exe

2010-12-19 05:26:57 256000 ----a-w- C:\Windows\System32\SIPDUtil.dll

2010-12-19 05:26:57 167280 ----a-w- C:\Windows\System32\SUPDSvc.exe

2010-12-19 05:26:57 162672 ----a-w- C:\Windows\System32\SUPDSvcA.dll

2010-12-19 05:26:57 157552 ----a-w- C:\Windows\System32\spd__ci.exe

2010-12-19 05:26:45 -------- d-----w- C:\Program Files (x86)\Samsung

2010-12-19 04:36:53 -------- d-----w- C:\PROGRA~3\UAB

2010-12-19 04:36:45 -------- d-----w- C:\Users\JOHNMC~1\AppData\Local\PC_Drivers_Headquarters

2010-12-19 04:36:38 -------- d-----w- C:\PROGRA~3\Driver Boost

2010-12-19 03:39:00 -------- d-----w- C:\Torries

2010-12-19 02:43:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2010-12-19 02:41:44 -------- d-----w- C:\Program Files (x86)\Conduit

2010-12-19 02:41:42 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2010-12-19 02:41:40 -------- d-----w- C:\Program Files (x86)\XfireXO

2010-12-19 02:41:30 -------- d-----w- C:\Users\JOHNMC~1\AppData\Roaming\Xfire

2010-12-19 02:41:29 -------- d-----w- C:\PROGRA~3\Xfire

2010-12-19 02:24:38 -------- d-----w- C:\Program Files (x86)\FreeApps

2010-12-19 02:24:30 -------- d-----w- C:\PROGRA~3\FreeApp

2010-12-19 02:24:21 -------- d-----w- C:\Users\JOHNMC~1\AppData\Roaming\Online Games Downloader

2010-12-19 02:24:18 -------- d-----w- C:\Program Files (x86)\Online Games Downloader

2010-12-09 03:43:50 -------- d-----w- C:\Users\JOHNMC~1\AppData\Roaming\Red Kawa

2010-12-08 20:58:20 -------- d-----w- C:\The Doors Live In Europe 1968

 

==================== Find3M ====================

 

2010-12-04 02:18:19 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2010-12-04 02:18:19 406632 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2010-12-04 02:18:19 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2010-11-09 23:22:31 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2010-11-09 03:55:57 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl

2010-11-09 03:52:06 2381824 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-11-01 23:03:02 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2010-11-01 22:59:07 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-10-27 12:00:16 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2010-10-27 11:25:38 21422592 ----a-w- C:\Windows\System32\atio6axx.dll

2010-10-27 11:08:18 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2010-10-27 10:55:32 143360 ----a-w- C:\Windows\System32\atiapfxx.exe

2010-10-27 10:55:24 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2010-10-27 10:54:24 645120 ----a-w- C:\Windows\System32\aticfx64.dll

2010-10-27 10:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2010-10-27 10:52:14 478208 ----a-w- C:\Windows\System32\atieclxx.exe

2010-10-27 10:51:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe

2010-10-27 10:50:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2010-10-27 10:50:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2010-10-27 10:50:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2010-10-27 10:49:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2010-10-27 10:49:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll

2010-10-27 10:49:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2010-10-27 10:49:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2010-10-27 10:46:58 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2010-10-27 10:38:04 4744704 ----a-w- C:\Windows\System32\atidxx64.dll

2010-10-27 10:35:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2010-10-27 10:35:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2010-10-27 10:35:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2010-10-27 10:35:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2010-10-27 10:35:08 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll

2010-10-27 10:33:52 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2010-10-27 10:28:22 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2010-10-27 10:22:04 5218304 ----a-w- C:\Windows\System32\atiumd64.dll

2010-10-27 10:15:00 58880 ----a-w- C:\Windows\System32\coinst.dll

2010-10-27 10:14:58 349184 ----a-w- C:\Windows\System32\atiadlxx.dll

2010-10-27 10:14:52 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2010-10-27 10:14:44 14848 ----a-w- C:\Windows\System32\atig6pxx.dll

2010-10-27 10:14:42 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2010-10-27 10:14:42 12800 ----a-w- C:\Windows\System32\atiglpxx.dll

2010-10-27 10:14:38 31744 ----a-w- C:\Windows\System32\atig6txx.dll

2010-10-27 10:14:32 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2010-10-27 10:14:24 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2010-10-27 10:13:44 39936 ----a-w- C:\Windows\System32\atiuxp64.dll

2010-10-27 10:13:36 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2010-10-27 10:13:30 37888 ----a-w- C:\Windows\System32\atiu9p64.dll

2010-10-27 10:13:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2010-10-27 10:12:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2010-10-27 09:57:04 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll

2010-10-27 09:50:10 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2010-10-27 09:37:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll

2010-10-27 09:37:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll

2010-10-27 09:37:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2010-10-27 09:37:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll

2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys

2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll

2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe

2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll

2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

 

============= FINISH: 19:02:41.25 ===============

Link to comment
Share on other sites
jgmcan Newbie

jgmcan

Posted
  • Author
Posted

Part 2 of dds; Attach

 

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs.

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

------------------------------------

 

 

Hi Dave, Here is the Attach Log:

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/8/2010 12:59:31 PM

System Uptime: 1/5/2011 3:33:52 PM (4 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | M4A785-M

Processor: AMD Phenom II X4 955 Processor | AM2 | 3200/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 37 GiB total, 14.76 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 888.68 GiB free.

F: is Removable

G: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP239: 12/31/2010 2:09:07 AM - Windows Update

RP240: 12/31/2010 3:42:33 AM - Installed AMD OverDrive.

RP241: 12/31/2010 3:44:02 AM - Installed RAIDXpert

RP242: 12/31/2010 3:45:17 AM - Configured GPU NOS

RP243: 12/31/2010 3:46:25 AM - Installed PC Probe II

RP244: 12/31/2010 6:10:19 PM - Advanced SystemCare RestorePoint

RP245: 12/31/2010 6:19:07 PM - Removed Ventrilo Client

RP246: 12/31/2010 6:20:49 PM - Installed Ventrilo Client

RP247: 12/31/2010 9:24:48 PM - Windows Update

RP248: 1/1/2011 9:19:45 PM - Windows Update

RP249: 1/2/2011 6:39:18 PM - Advanced SystemCare RestorePoint

RP250: 1/2/2011 7:11:52 PM - Windows Update

RP251: 1/2/2011 7:48:03 PM - Windows Live Essentials

RP252: 1/2/2011 7:48:21 PM - Windows Update

RP253: 1/2/2011 7:48:38 PM - Windows Update

RP254: 1/2/2011 7:48:54 PM - Installed DirectX

RP255: 1/2/2011 7:49:10 PM - Installed DirectX

RP256: 1/2/2011 7:49:35 PM - WLSetup

RP257: 1/3/2011 1:22:29 AM - Advanced SystemCare RestorePoint

RP258: 1/3/2011 8:05:01 PM - Windows Update

RP259: 1/5/2011 3:26:38 PM - Removed Adobe Reader 9.4.1.

RP260: 1/5/2011 3:44:32 PM - Windows Update

RP261: 1/5/2011 6:43:59 PM - Installed Adobe Reader X.

 

==== Installed Programs ======================

 

µTorrent

3DMark06

3DVIA Shape for Maps

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X

Advanced SystemCare 3

AMD OverDrive

Application Profiles

ASUSUpdate

Audioro Xbox 360 Converter 3

AviSynth 2.5

Conduit Engine

Cooliris for Internet Explorer

D3DX10

DivX Setup

DriverBoost

EASEUS Todo Backup 1.1

Feedback Tool

FLVTube Player

Folder Size 1.4.0.0

FreeApps

Freemake Video Converter version 1.1.11

Futuremark SystemInfo

Game Booster

Google Toolbar for Internet Explorer

Google Update Helper

GPU NOS

Homepage Protection Service

Internet TV for Windows Media Center

IObit Security 360

Junk Mail filter update

Malwarebytes' Anti-Malware

Mesh Runtime

Microsoft Default Manager

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MiniTool Partition Wizard Home Edition 5.2

Mozilla Firefox (3.6.8)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OneTouch Software

Online Games Downloader v2.0

PC Probe II

Platform

RAIDXpert

Samsung Universal Print Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Shockwave

Smart Defrag

Steam

The Lord of the Rings FREE Trial

Turbo Key

Usenet.nl

VC80CRTRedist - 8.0.50727.4053

Ventrilo Client

VIA Platform Device Manager

Videora Xbox 360 Converter 6

VLC media player 1.1.4

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Flash

Windows Media Center Add-in for Silverlight

Xfire (remove only)

XfireXO Toolbar

Xmarks for IE

YouTube Downloader App 3.00

 

==== Event Viewer Messages From Past Week ========

 

12/31/2010 6:08:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/31/2010 3:42:42 AM, Error: Service Control Manager [7030] - The AODService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/5/2011 5:52:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/5/2011 3:34:03 PM, Error: volmgr [46] - Crash dump initialization failed!

1/4/2011 7:36:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user CHESTER\John McNaught SID (S-1-5-21-1434954581-2163470030-3274520032-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/4/2011 7:36:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user CHESTER\John McNaught SID (S-1-5-21-1434954581-2163470030-3274520032-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/4/2011 6:21:33 PM, Error: Service Control Manager [7034] - The FlvTube Toolbar Helper service terminated unexpectedly. It has done this 1 time(s).

 

==== End Of File ===========================

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

********************************************

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
     
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Link to comment
Share on other sites
jgmcan Newbie

jgmcan

Posted
  • Author
Posted

I'm begining to see y they call you Super!

 

Here is part 2 of the OTL scans.

---------========== Files - Modified Within 30 Days ==========

 

[2011/01/07 21:53:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/07 19:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/07 15:26:19 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\AWC Update.job

[2011/01/06 20:31:12 | 000,000,217 | ---- | M] () -- C:\Users\John McNaught\Desktop\FreeApps Download, All Must-have Free Apps in One Click FreeNew.url

[2011/01/06 20:26:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John McNaught\Desktop\OTL.exe

[2011/01/06 19:34:15 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

[2011/01/06 19:33:51 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job

[2011/01/06 16:27:58 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/06 16:27:58 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/06 16:26:45 | 000,817,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/01/06 16:26:45 | 000,686,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/01/06 16:26:45 | 000,131,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/01/06 16:20:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/04 17:45:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Regwork.job

[2011/01/04 17:15:55 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\John McNaught\Desktop\SUPERAntiSpyware.exe

[2011/01/04 13:00:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\AWC AutoCare.job

[2011/01/02 22:00:00 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job

[2011/01/02 18:09:29 | 000,000,259 | ---- | M] () -- C:\Users\John McNaught\Desktop\Help! - IObit.Com Forums.url

[2011/01/01 19:52:17 | 000,000,253 | ---- | M] () -- C:\Users\John McNaught\Desktop\IObit.Com Forums.url

[2011/01/01 19:09:12 | 000,001,433 | ---- | M] () -- C:\Users\John McNaught\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/12/31 21:09:48 | 000,007,644 | ---- | M] () -- C:\Users\John McNaught\AppData\Local\resmon.resmoncfg

[2010/12/31 19:57:44 | 000,000,274 | ---- | M] () -- C:\Users\John McNaught\Desktop\Introducing Windows Home Server.url

[2010/12/31 18:20:56 | 000,000,258 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/12/31 04:09:01 | 000,272,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/12/31 03:53:18 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010/12/31 03:42:39 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk

[2010/12/31 03:32:30 | 000,031,453 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2010/12/31 03:14:41 | 012,656,640 | ---- | M] () -- C:\ProgramData\sandra.mda

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/12/19 03:02:46 | 000,000,228 | ---- | M] () -- C:\Users\John McNaught\Desktop\List of freeware releases from The Windows Club The Windows Club.url

[2010/12/18 18:24:23 | 000,001,149 | ---- | M] () -- C:\Users\John McNaught\Application Data\Microsoft\Internet Explorer\Quick Launch\Online Games Downloader.lnk

[2010/12/18 18:23:20 | 000,000,706 | ---- | M] () -- C:\Users\John McNaught\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk

 

========== Files Created - No Company Name ==========

 

[2011/01/06 20:31:12 | 000,000,217 | ---- | C] () -- C:\Users\John McNaught\Desktop\FreeApps Download, All Must-have Free Apps in One Click FreeNew.url

[2011/01/02 18:50:55 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job

[2011/01/02 18:40:47 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\AWC AutoCare.job

[2011/01/02 18:09:29 | 000,000,259 | ---- | C] () -- C:\Users\John McNaught\Desktop\Help! - IObit.Com Forums.url

[2011/01/01 19:52:17 | 000,000,253 | ---- | C] () -- C:\Users\John McNaught\Desktop\IObit.Com Forums.url

[2010/12/31 19:57:44 | 000,000,274 | ---- | C] () -- C:\Users\John McNaught\Desktop\Introducing Windows Home Server.url

[2010/12/31 18:20:55 | 000,000,258 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/12/31 03:42:39 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\AMD OverDrive.lnk

[2010/12/30 21:16:39 | 000,031,453 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/12/19 03:02:46 | 000,000,228 | ---- | C] () -- C:\Users\John McNaught\Desktop\List of freeware releases from The Windows Club The Windows Club.url

[2010/12/18 21:27:14 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

[2010/12/18 21:26:57 | 000,358,912 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll

[2010/12/18 21:26:57 | 000,259,440 | ---- | C] () -- C:\Windows\SUPDRun.exe

[2010/12/18 21:26:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll

[2010/12/18 21:26:57 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico

[2010/12/18 21:26:57 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt

[2010/12/18 18:24:23 | 000,001,149 | ---- | C] () -- C:\Users\John McNaught\Application Data\Microsoft\Internet Explorer\Quick Launch\Online Games Downloader.lnk

[2010/11/21 17:47:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/09/12 18:00:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2010/09/12 18:00:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2010/09/11 20:37:43 | 000,024,832 | ---- | C] () -- C:\Users\John McNaught\AppData\Roaming\UserTile.png

[2010/09/07 22:55:19 | 012,656,640 | ---- | C] () -- C:\ProgramData\sandra.mda

[2010/09/05 13:37:18 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010/09/05 13:37:18 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010/08/26 15:00:16 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini

[2010/08/26 15:00:16 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini

[2010/08/26 15:00:08 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll

[2010/08/26 15:00:08 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll

[2010/08/26 15:00:08 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll

[2010/08/26 15:00:08 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll

[2010/08/26 15:00:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll

[2010/08/26 15:00:08 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll

[2010/07/04 13:06:30 | 000,000,462 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/07/04 13:06:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010/06/26 16:53:24 | 000,832,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/06/12 20:04:03 | 000,007,644 | ---- | C] () -- C:\Users\John McNaught\AppData\Local\resmon.resmoncfg

[2010/06/08 12:52:14 | 000,003,584 | ---- | C] () -- C:\Users\John McNaught\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/08 12:22:34 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2010/06/08 12:10:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/07/05 18:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

 

========== LOP Check ==========

 

[2010/08/31 18:57:40 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\DassaultSystemes

[2010/12/11 15:34:31 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\IObit

[2010/12/18 18:24:23 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\Online Games Downloader

[2010/12/08 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\Red Kawa

[2010/12/08 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\SoftGrid Client

[2010/08/25 13:24:30 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\TP

[2010/12/18 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\Usenet.nl

[2010/09/02 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\John McNaught\AppData\Roaming\Windows Live Writer

[2011/01/04 13:00:00 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\AWC AutoCare.job

[2011/01/06 19:33:51 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job

[2011/01/06 19:34:15 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job

[2011/01/07 15:26:19 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job

[2011/01/04 17:45:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Regwork.job

[2009/07/13 21:08:49 | 000,030,150 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/01/02 22:00:00 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %systemroot%\*. /mp /s >

 

< c:\$recycle.bin\*.* /s >

[2010/08/08 17:46:07 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini

[2011/01/07 22:01:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\$IDI0EQA.Txt

[2010/10/23 20:34:35 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\$IFRG9C2.pdf

[2010/10/24 17:41:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\$IN2HGJ5.FLV

[2011/01/07 22:01:13 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\$IV7DLRV.Txt

[2011/01/07 20:43:19 | 000,034,502 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\$RDI0EQA.Txt

[2011/01/07 02:45:59 | 000,031,320 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\$RV7DLRV.Txt

[2010/06/08 11:59:47 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\desktop.ini

[1 c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\*.tmp files -> c:\$recycle.bin\S-1-5-21-1434954581-2163470030-3274520032-1000\*.tmp -> ]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 

 

< MD5 for: AGP440.SYS >

[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 

< MD5 for: AUTOCHK.EXE >

[2009/07/13 17:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe

[2009/07/13 17:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe

[2009/07/13 17:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

[2009/07/13 17:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

 

< MD5 for: BEEP.SYS >

[2009/07/13 16:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 

< MD5 for: EXPLORER.EXE >

[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe

[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 

< MD5 for: IASTORV.SYS >

[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 

< MD5 for: IMM32.DLL >

[2009/07/13 17:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=0DE3069D6E09BA262856EF31C941BEFE -- C:\Windows\SysWOW64\imm32.dll

[2009/07/13 17:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=0DE3069D6E09BA262856EF31C941BEFE -- C:\Windows\SysWOW64\imm32.dll

[2009/07/13 17:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=0DE3069D6E09BA262856EF31C941BEFE -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll

[2009/07/13 17:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll

 

< MD5 for: KERNEL32.DLL >

[2009/07/13 17:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\SysWOW64\kernel32.dll

[2009/07/13 17:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\SysWOW64\kernel32.dll

[2009/07/13 17:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll

[2009/07/13 17:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll

 

< MD5 for: MSWSOCK.DLL >

[2009/07/13 17:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\SysWOW64\mswsock.dll

[2009/07/13 17:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\SysWOW64\mswsock.dll

[2009/07/13 17:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll

[2009/07/13 17:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

 

< MD5 for: NDIS.SYS >

[2009/07/13 17:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2009/07/13 17:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 

< MD5 for: NTFS.SYS >

[2009/07/13 17:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys

 

< MD5 for: NVSTOR.SYS >

[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

 

< MD5 for: PROQUOTA.EXE >

[2009/07/13 17:39:28 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=19117589BA265AAF89BEBE1E9040000C -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_83bbe97eac162e90\proquota.exe

[2009/07/13 17:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\SysWOW64\proquota.exe

[2009/07/13 17:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\SysWOW64\proquota.exe

[2009/07/13 17:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe

 

< MD5 for: QMGR.DLL >

[2009/07/13 17:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

 

< MD5 for: SCECLI.DLL >

[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 

< MD5 for: SPOOLSV.EXE >

[2010/08/19 21:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe

[2009/07/13 17:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe

[2010/08/20 22:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

 

< MD5 for: TERMSRV.DLL >

[2009/07/13 17:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=0F05EC2887BFE197AD82A13287D2F404 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll

 

< MD5 for: USERINIT.EXE >

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

 

< MD5 for: WS2_32.DLL >

[2009/07/13 17:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll

[2009/07/13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

[2009/07/13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

[2009/07/13 17:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

Link to comment
Share on other sites
jgmcan Newbie

jgmcan

Posted
  • Author
Posted

Sometimes thease old synapses don't quite fire right

 

here is part 1b

-----------

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: !SASCORE - D:\Utilities\SASCORE64.EXE (SUPERAntiSpyware.com)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - D:\Utilities\SASCORE64.EXE (SUPERAntiSpyware.com)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5DC6E958-5AC5-96ED-F545-25DB3A17AB2C} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6726A596-DCA0-B9AA-031D-D827779FE483} - Themes Setup

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {972D241D-9B45-3515-215E-F7BDCD4D65D6} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E48D67B0-A619-E215-8629-87DE39229361} - Microsoft Windows Media Player

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/06 20:26:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John McNaught\Desktop\OTL.exe

[2011/01/05 18:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011/01/05 15:26:49 | 000,000,000 | R--D | C] -- C:\Users\John McNaught\Documents

[2011/01/04 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\Desktop\HiJack with IObit 360

[2011/01/04 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Roaming\Malwarebytes

[2011/01/04 18:05:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/01/04 18:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/04 18:05:45 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/01/04 17:20:10 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Roaming\SUPERAntiSpyware.com

[2011/01/04 17:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/01/04 17:20:07 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/01/04 17:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2011/01/04 17:16:51 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\John McNaught\Desktop\SUPERAntiSpyware.exe

[2011/01/02 19:54:39 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/01/02 18:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag

[2010/12/31 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo

[2010/12/31 18:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2010/12/31 04:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2010/12/31 04:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2010/12/31 03:43:25 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/12/31 03:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD

[2010/12/31 03:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD

[2010/12/31 03:41:34 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Local\Downloaded Installations

[2010/12/31 03:32:48 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm

[2010/12/19 00:43:41 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\Desktop\usa

[2010/12/18 21:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers

[2010/12/18 21:27:14 | 000,000,000 | ---D | C] -- C:\Windows\Samsung

[2010/12/18 21:26:57 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll

[2010/12/18 21:26:57 | 000,167,280 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe

[2010/12/18 21:26:57 | 000,162,672 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll

[2010/12/18 21:26:57 | 000,157,552 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.exe

[2010/12/18 21:26:57 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll

[2010/12/18 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

[2010/12/18 20:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB

[2010/12/18 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Local\PC_Drivers_Headquarters

[2010/12/18 20:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Boost

[2010/12/18 20:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverBoost

[2010/12/18 19:39:00 | 000,000,000 | ---D | C] -- C:\Torries

[2010/12/18 18:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2010/12/18 18:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2010/12/18 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2010/12/18 18:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine

[2010/12/18 18:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO

[2010/12/18 18:24:39 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeApps

[2010/12/18 18:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeApps

[2010/12/18 18:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeApp

[2010/12/18 18:24:21 | 000,000,000 | ---D | C] -- C:\Users\John McNaught\AppData\Roaming\Online Games Downloader

[2010/12/18 18:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Games Downloader

[2010/12/18 18:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Games Downloader

------end part 1------

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...