Solved MalwareBytes scan causes shutdown of computer

Status
Not open for further replies.
S

skybluecodeflyr

Posts: 10   +0
Hey all,

I tried doing a full scan with Malwarebytes yesterday and at some point while it was running, my computer shut down/restarted. There was no warning, no dialog box or anything. It just shut down. I ran a scan with Bitdefender Plus 2012- nothing. So this morning I uninstalled Malwarebytes, reinstalled it fresh, and went through your preliminary process for cleaning a computer (https://www.techspot.com/community/...lware-preliminary-removal-instructions.58138/), and the results of the scans are listed below.

As a side note, I have had a problem recently with my fonts which is detailed here: http://superuser.com/questions/406790/garbled-mismatched-text-in-firefox-and-visual-studio-2010. For some reason that problem is not appearing anymore- I've run all kinds of scans, but nothing has come up, it just seemed to resolve itself ??. But that issue could be totally unrelated and not even malware.

Thank you so much beforehand! And if I'm barking up the wrong tree, let me know. Anyways, here are the results of the initial scans:

Malwarebytes "Quick Scan":

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wiebe :: WIEBE-SIRIUSPC [administrator]

4/17/2012 8:30:42 AM
mbam-log-2012-04-17 (08-30-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215812
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-------------------------------------------------------------------------------
The GMER initial scan picked up nothing.
-------------------------------------------------------------------------------
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by wiebe at 8:49:14 on 2012-04-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.5211 [GMT -6:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\GManager.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\Switch Mouse Driver\KMWDSrv.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\UsbChargerPlus.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Ditto] C:\Program Files\Ditto\Ditto.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [SWitchMouse] "C:\Program Files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVOLUE~1.LNK - C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{515DBB04-B991-460C-A056-251C3682A34C} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E62469E9-0580-4BF9-B748-E94FA08E5142} : DhcpNameServer = 10.0.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun-x64: [SWitchMouse] "C:\Program Files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wiebe\AppData\Roaming\Mozilla\Firefox\Profiles\rp5lin0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?]
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 mctkmdldr;mctkmdldr;C:\Windows\system32\drivers\mctkmdldr64.sys --> C:\Windows\system32\drivers\mctkmdldr64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-1-7 61064]
R2 GManager;GManager;C:\Windows\system32\GManager.exe --> C:\Windows\system32\GManager.exe [?]
R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-1-7 23176]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Switch Mouse Driver\KMWDSrv.exe [2012-1-10 193024]
R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2012-4-13 199296]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-5 2009704]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-23 1153368]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-5 2656280]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\system32\drivers\EvoMouseDriverMini.sys --> C:\Windows\system32\drivers\EvoMouseDriverMini.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mctkmd;mctkmd;C:\Windows\system32\drivers\mctkmd64.sys --> C:\Windows\system32\drivers\mctkmd64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\system32\drivers\t1pusb64.sys --> C:\Windows\system32\drivers\t1pusb64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys --> C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown mbamchameleon;mbamchameleon; [x]
.
=============== Created Last 30 ================
.
2012-04-17 14:25:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-17 14:25:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-12 03:37:09 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:37:09 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 03:37:09 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:37:09 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:37:09 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 03:37:09 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 03:37:09 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 15:26:50 -------- d-----w- C:\Users\wiebe\AppData\Roaming\Ditto
2012-04-10 15:26:46 -------- d-----w- C:\Program Files\Ditto
2012-04-10 15:08:53 -------- d-----w- C:\Program Files (x86)\FileSeek
2012-04-05 15:02:24 -------- d-----w- C:\Program Files (x86)\FontFrenzy
2012-04-03 12:09:28 -------- d-----w- C:\bd_logs
2012-04-02 19:54:15 -------- d-----w- C:\Users\wiebe\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 19:53:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-02 19:53:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-02 19:42:56 967680 ----a-r- C:\Users\wiebe\AppData\Roaming\Microsoft\Installer\{0A8CA3C1-F88C-49D2-97E8-3E72A32151EA}\Snoop.exe
2012-04-02 18:46:03 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-02 18:46:03 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-02 18:46:02 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-02 18:44:16 -------- d-----w- C:\Users\wiebe\AppData\Roaming\TestApp
2012-04-02 18:44:16 -------- d-----w- C:\ProgramData\PC Tools
2012-04-02 18:40:19 -------- d-----w- C:\Users\wiebe\AppData\Roaming\Malwarebytes
2012-04-02 18:40:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-02 01:56:07 -------- d-----w- C:\Program Files\iPod
2012-04-02 01:56:06 -------- d-----w- C:\Program Files\iTunes
2012-04-02 01:56:06 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-30 23:24:12 489156 ----a-w- C:\ProgramData\1333148289.bdinstall.bin
2012-03-30 23:23:40 -------- d-----w- C:\ProgramData\BDLogging
2012-03-30 23:23:16 -------- d-----w- C:\Users\wiebe\AppData\Roaming\Bitdefender
2012-03-30 23:23:12 -------- d-----w- C:\ProgramData\Bitdefender
2012-03-30 23:01:39 -------- d-----w- C:\Users\wiebe\AppData\Roaming\QuickScan
2012-03-30 23:00:26 -------- d-----w- C:\Program Files\Bitdefender
2012-03-30 23:00:15 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-03-30 23:00:15 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-03-30 22:56:07 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-03-30 22:53:52 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-03-30 14:48:59 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 14:21:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6183C802-684E-42A0-9392-F61C9FF397E7}\mpengine.dll
2012-03-30 14:20:20 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-29 19:20:50 -------- d-----w- C:\Users\wiebe\AppData\Local\Microsoft_Corporation
2012-03-23 15:23:21 -------- d-----w- C:\Program Files (x86)\Klok2
2012-03-22 19:45:45 -------- d-----w- C:\Users\wiebe\AppData\Local\CrashRpt
2012-03-22 19:45:32 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2012-03-22 19:45:31 -------- d-----w- C:\Program Files\TortoiseSVN
2012-03-22 19:45:31 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2012-03-21 02:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-03-19 19:03:03 -------- d-----w- C:\Users\wiebe\AppData\Local\ReworkSorting
.
==================== Find3M ====================
.
2012-04-17 03:58:17 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-14 18:49:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-18 20:57:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-14 01:31:52 311160 ----a-w- C:\Windows\System32\GManager.exe
2012-03-08 19:38:04 135296 ----a-w- C:\Windows\System32\drivers\mctkmd64.sys
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-02 21:49:46 13440 ----a-w- C:\Windows\System32\drivers\u3hpatch64.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-02-17 22:45:56 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 00:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-15 00:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-15 00:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-15 00:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-15 00:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-15 00:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-15 00:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-15 00:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-15 00:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-15 00:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-15 00:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-15 00:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-15 00:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-15 00:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-15 00:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-15 00:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-15 00:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-15 00:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-15 00:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-15 00:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-15 00:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 23:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 23:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 23:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 23:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 23:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 23:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 23:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 23:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 23:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 23:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 23:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 23:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 23:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 23:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 23:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 23:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 23:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 23:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 17:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-04 00:15:02 272512 ----a-w- C:\Windows\System32\U2VSvr.exe
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 8:49:35.34 ===============


-----------------------------------------------------------------------------------------------------------
Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/22/2011 6:34:27 PM
System Uptime: 4/17/2012 8:12:39 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | U36SD
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz | CPU 1 | 2701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 124 GiB total, 50.114 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 321.488 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 4/8/2012 5:22:37 PM - Programs running fast
RP82: 4/11/2012 9:37:01 PM - Windows Update
RP83: 4/13/2012 11:17:40 AM - Removed Magic Control Technology - MWS
RP84: 4/13/2012 11:28:45 AM - Installed Magic Control Technology - MWS
RP85: 4/13/2012 11:28:57 AM - Device Driver Package Install: Magic Control Technology Corp. Universal Serial Bus controllers
RP86: 4/13/2012 11:29:05 AM - Device Driver Package Install: Magic Control Technology Corp. Universal Serial Bus controllers
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
AceBackup 3
Adobe AIR
Advertising Center
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_U Series_ENG
AsusVibe2.0
Atheros Client Installation Program
ATK Package
Audacity 1.3.14 (Unicode)
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dia (remove only)
doxygen 1.7.6.1
EaseUS Todo Backup Free 4.0
EQATEC Profiler
FileSeek 2.1.3
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Horizontal XSection
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HTML Help Workshop
ImagXpress
Inkscape 0.48.2
Instant Eyedropper 1.501
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kaxaml
Klok 2
Malwarebytes Anti-Malware version 1.61.0.1400
Menu Templates - Starter Kit
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Movie Templates - Starter Kit
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Notepad++
Nuance PDF Reader
QuickTime
Realtek High Definition Audio Driver
Sandcastle
Sandcastle Help File Builder
SceneSwitch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype™ 5.8
Snoop
Sonic Focus
Spybot - Search & Destroy
StyleCop 4.6.3.0
SugarSync Manager
Switch Mouse Driver
syncables desktop SE
TreeSize Free V2.5
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Display Device (Trigger Family) 12.01.0315.3679
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows SDK IntellisenseNFX
WinFlash
Wireless Console 3
WPF Inspector 0.9.7
.
==== Event Viewer Messages From Past Week ========
.
4/17/2012 8:42:12 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/17/2012 8:13:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
4/15/2012 10:47:12 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
4/14/2012 8:03:24 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
4/13/2012 10:06:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================
 
I'll be glad to help you resolve this issue. Give me a few minutes to check these logs to see what our next step should be. Okay?
-----------------------------------
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
I tried doing a full scan with Malwarebytes yesterday and at some point while it was running, my computer shut down/restarted. There was no warning, no dialog box or anything. It just shut down.
Click to expand...

This could have been caused by a momentary power outage.

Questions:
1. Why were you doing the Malwarebytes scan? Did you suspect malware? Why? Or was the scan just routine.
2. Several entries indicate this is work computer:

1. 2012-04-02 19:42:56 967680 ----a-r- C:\Users\wiebe\AppData\Roaming\Microsoft\Installer\{0A8CA3C1-F88C-49D2-97E8-3E72A32151EA}\Snoop.exe
Added by the Spyware.Snoop surveillance program. You should uninstall this program immediately if you did not install it yourself:
Spyware.Snoop must be manually installed. It is a spyware program that monitors user activity, such as URLs visited and emails sent. It also logs keystrokes and sends the logs to a predefined email address.

2. 2012-04-05 15:02:24 -------- d-----w- C:\Program Files (x86)\FontFrenzy
This program removes and stores all fonts except those that were present when Windows was first installed.

3. 2012-03-23 15:23:21 -------- d-----w- C:\Program Files (x86)\Klok2>> Klok Desktop Application>> Keep track of your time.

4. 2012-03-19 19:03:03 -------- d-----w- C:\Users\wiebe\AppData\Local\ReworkSorting?

5. Instanteyedropper.exe with description> InstantEyedropper.exe is a process file from an unknown company belonging to an unknown product.
The file is not digitally signed. This file is not signed by it's author. It is a small utility called Instant Eyedropper that runs in your system tray and will let you easily select a color from anywhere on the screen.

6. 2012-04-10 15:26:46 -------- d-----w- C:\Program Files\Ditto>> Ditto is an extension to the standard windows clipboard.

7. 2012-04-10 15:08:53 -------- d-----w- C:\Program Files (x86)\FileSeek
FileSeek was designed to be a lightning fast, small and super easy to use tool. It can even be integrated right into the Windows Explorer right-click menu to provide quick and easy access. Search for text string matches inside any kind of file. Match Regular Expressions inside any kind of file.
========================================================
I would appreciate it if you would give me some information about the use of this system, if you are working in an office environment, if you are connecting to an office network..
 
This is a laptop (so a momentary power failure couldn't be the cause) for my use at work. We don't have IT here, as we are a small company (to be honest, I AM the IT here, informally). We have no office network at all.

The reason I was trying to run Malwarebytes was because I didn't have time to run it at my usual time this last Friday. It was just a routine scan. I actually tried to run it several times and the computer shut down each time (though I didn't always witness the shut-down directly- sometimes I was away from my computer doing other things). I haven't tried a full scan since I re-installed it. I can try that if you would like.

By the way, Snoop.exe was installed intentionally by me - it is a utility that I use in my development work http://snoopwpf.codeplex.com/. FontFrenzy was an attempt to deal with the problems indicated in the link I sent you to superuser.com. That attempt failed- in fact I had to do a system restore to get my fonts back in line, and it didn't solve any of the strange screen problems. The strange screen problems have since inexplicably disappeared. Klok2 is legit. ReworkSorting- I don't know why it is storing data there- it is a small example program in C# I downloaded for help with my work. The other three were all for help at work.

Do you have a policy against helping people with their work computers? If so, I apologize, I'm just trying to find some help.
 
I have been extra-touchy about potential malware since the issue described on superuser.com, so that's partly my reason for posting here. Thanks for your help!
 
No, TechSpot doesn't have a written policy about not working on Work computer. However, I do have some of my own. There have been times when a computer tech is working on a 'client's computer' and can't resolve the problem so posts a thread for us to handle it. Then when fixed, the tech gives the now clean and well-running system back to the client and gets paid for fixing it.

There are also time when a user want to bypass the IT in the office> this happens for various reason. Depending on the reason, I will either continue or refer them back to the IT. Since I volunteer my help here, I don't see any problems with this.

The programs I asked about are legitimate, but a couple fit descriptions of software that could also have been installed by others. Because of this, it is my practice to question the user.There can also be a possible conflict with some work software and Windows files.

These logs are all clean. However, you can run the following if you'd like:
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemoverand save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.
Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=============================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===============================================
This is a laptop (so a momentary power failure couldn't be the cause)
Click to expand...

When I suggested a momentary power failure, I was referring to the electric company, not the laptop. However, it the laptop was running on battery and not connected electrically the entire time you were running Malwarebytes, then an electrical interruption could not have been an issue.
================================================
Please leave the Combofix and Eset scan logs in your next reply.
 
Ok, thanks for the clarification. I can understand your reasons for asking.

I don't have the program AVG running on my computer- I have Bitdefender running. Do I need to uninstall that and install Avast! or some other antivirus?
 
No sorry- you don't have to uninstall BitDefender. Just about everyone I've helped today had AVG- that was my mistake.

You do need to disable the security though, per the directions before you run the scans.
 
By the way, I have had my external drive (drive E) connected during this for the last couple days. ComboFix quarantined some files from it- will the harddrive still work if those files are removed? How do you re-install the autorun?

ESET:
C:\Users\wiebe\Downloads\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon application

ComboFix:

ComboFix 12-04-17.01 - wiebe 04/17/2012 15:41:46.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.5009 [GMT -6:00]
Running from: c:\users\wiebe\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\wiebe\AppData\Local\assembly\tmp
c:\windows\AsPatch10430001.exe
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 14:25 . 2012-04-17 14:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-17 14:25 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 03:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:37 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dllhttp://www.emptyloop.com/unlocker/
2012-04-12 03:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 15:26 . 2012-04-17 21:39 -------- d-----w- c:\users\wiebe\AppData\Roaming\Ditto
2012-04-10 15:26 . 2012-04-10 15:26 -------- d-----w- c:\program files\Ditto
2012-04-10 15:08 . 2012-04-10 15:08 -------- d-----w- c:\program files (x86)\FileSeek
2012-04-05 15:02 . 2012-04-05 19:17 -------- d-----w- c:\program files (x86)\FontFrenzy
2012-04-03 12:09 . 2012-04-03 18:37 -------- d-----w- C:\bd_logs
2012-04-02 19:54 . 2012-04-02 19:54 -------- d-----w- c:\users\wiebe\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 19:53 . 2012-04-05 19:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 19:53 . 2012-04-02 19:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-02 19:42 . 2012-04-02 19:42 967680 ----a-r- c:\users\wiebe\AppData\Roaming\Microsoft\Installer\{0A8CA3C1-F88C-49D2-97E8-3E72A32151EA}\Snoop.exe
2012-04-02 18:46 . 2012-04-02 23:55 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-02 18:46 . 2012-02-24 16:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-02 18:46 . 2012-04-02 23:55 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-02 18:44 . 2012-04-02 20:14 -------- d-----w- c:\programdata\PC Tools
2012-04-02 18:44 . 2012-04-02 18:44 -------- d-----w- c:\users\wiebe\AppData\Roaming\TestApp
2012-04-02 18:40 . 2012-04-02 18:40 -------- d-----w- c:\users\wiebe\AppData\Roaming\Malwarebytes
2012-04-02 18:40 . 2012-04-02 18:40 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 01:56 . 2012-04-02 01:56 -------- d-----w- c:\program files\iPod
2012-04-02 01:56 . 2012-04-02 01:56 -------- d-----w- c:\program files\iTunes
2012-04-02 01:56 . 2012-04-02 01:56 -------- d-----w- c:\program files (x86)\iTunes
2012-03-30 23:24 . 2012-03-30 23:24 489156 ----a-w- c:\programdata\1333148289.bdinstall.bin
2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\programdata\BDLogging
2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\users\wiebe\AppData\Roaming\Bitdefender
2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\programdata\Bitdefender
2012-03-30 23:01 . 2012-03-30 23:01 -------- d-----w- c:\users\wiebe\AppData\Roaming\QuickScan
2012-03-30 23:00 . 2012-03-30 23:00 -------- d-----w- c:\program files\Bitdefender
2012-03-30 23:00 . 2011-10-27 21:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-03-30 23:00 . 2011-08-16 20:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-03-30 22:56 . 2012-03-30 23:00 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-03-30 22:53 . 2012-03-30 22:53 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-03-30 17:52 . 2012-03-30 17:52 -------- d-----w- c:\program files\Microsoft Silverlight
2012-03-30 17:52 . 2012-03-30 17:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-30 14:48 . 2012-04-14 18:49 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 14:21 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6183C802-684E-42A0-9392-F61C9FF397E7}\mpengine.dll
2012-03-30 14:20 . 2012-04-14 18:49 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 19:20 . 2012-04-05 19:17 -------- d-----w- c:\users\wiebe\AppData\Local\Microsoft_Corporation
2012-03-28 01:25 . 2012-03-28 01:25 -------- d-----w- c:\windows\Sun
2012-03-26 02:32 . 2012-03-28 01:41 -------- d-----w- c:\programdata\DVD Shrink
2012-03-26 02:25 . 2012-03-26 02:25 -------- d-----w- c:\users\wiebe\AppData\Roaming\Nero
2012-03-23 15:23 . 2012-03-23 15:23 -------- d-----w- c:\program files (x86)\Klok2
2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\users\wiebe\AppData\Local\CrashRpt
2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\program files\TortoiseSVN
2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2012-03-21 02:22 . 2012-03-21 02:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:03 . 2012-03-19 19:03 -------- d-----w- c:\users\wiebe\AppData\Local\ReworkSorting
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 03:58 . 2011-10-05 09:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-14 18:49 . 2011-12-23 19:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-18 20:57 . 2012-03-17 15:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2011-12-23 22:59 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 15:18 . 2011-12-28 19:16 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-17 22:45 . 2012-02-17 22:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-02-17 06:38 . 2012-03-14 14:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:14 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 00:55 . 2012-02-15 00:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-15 00:55 . 2012-02-15 00:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-15 00:55 . 2012-02-15 00:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-15 00:55 . 2012-02-15 00:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-15 00:55 . 2012-02-15 00:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-15 00:55 . 2012-02-15 00:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-15 00:55 . 2012-02-15 00:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-15 00:55 . 2012-02-15 00:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-15 00:53 . 2012-02-15 00:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-15 00:47 . 2011-07-27 04:59 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-15 00:47 . 2012-02-15 00:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-15 00:47 . 2012-02-15 00:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-15 00:47 . 2012-02-15 00:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-15 00:47 . 2012-02-15 00:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-15 00:44 . 2011-07-27 04:59 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-15 00:44 . 2012-02-15 00:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-15 00:42 . 2011-07-27 04:59 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-15 00:35 . 2011-10-22 00:13 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-15 00:07 . 2012-02-15 00:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 23:59 . 2012-02-14 23:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 23:57 . 2012-02-14 23:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 23:57 . 2012-02-14 23:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 23:57 . 2012-02-14 23:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 23:57 . 2012-02-14 23:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 23:57 . 2012-02-14 23:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 23:57 . 2012-02-14 23:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 23:57 . 2012-02-14 23:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 23:57 . 2012-02-14 23:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 23:57 . 2012-02-14 23:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 23:57 . 2012-02-14 23:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 23:57 . 2012-02-14 23:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 23:57 . 2012-02-14 23:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 23:57 . 2012-02-14 23:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 23:57 . 2012-02-14 23:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 23:57 . 2012-02-14 23:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 23:57 . 2012-02-14 23:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 23:57 . 2011-07-27 04:59 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 23:56 . 2011-07-27 04:59 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 23:56 . 2012-02-14 23:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 23:56 . 2012-02-14 23:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 23:56 . 2012-02-14 23:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 23:56 . 2012-02-14 23:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 23:56 . 2012-02-14 23:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 23:56 . 2011-07-27 04:59 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 23:55 . 2012-02-14 23:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 23:54 . 2012-02-14 23:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 23:53 . 2012-02-14 23:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 23:53 . 2012-02-14 23:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 23:53 . 2012-02-14 23:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 23:53 . 2012-02-14 23:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 23:53 . 2012-02-14 23:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 23:53 . 2012-02-14 23:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 23:53 . 2012-02-14 23:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 23:53 . 2012-02-14 23:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 06:36 . 2012-03-14 14:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 14:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 17:02 . 2012-02-07 17:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 14:15 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 04:16 . 2011-12-23 18:47 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-01-26 04:16 . 2012-01-06 16:39 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-01-25 06:38 . 2012-03-14 14:14 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:14 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:14 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"instanteyedropper"="c:\program files (x86)\InstantEyedropper\InstantEyedropper.exe" [2006-12-05 315392]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-01-04 1620480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-03-28 495536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
"SWitchMouse"="c:\program files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe" [2011-08-02 3176448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]
Evoluent Mouse Manager.lnk - c:\windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe [2012-3-10 4286]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-23 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-15 276248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]
S0 assd;assd; [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 GManager;GManager;c:\windows\system32\GManager.exe [x]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Switch Mouse Driver\KMWDSrv.exe [2009-04-07 193024]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [x]
S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:49]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 07:34]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 07:34]
.
2012-04-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2011-12-23 22:31]
.
2012-04-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2011-12-23 22:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-15 440600]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
"MCTDUtil"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
"FDispPos"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\wiebe\AppData\Roaming\Mozilla\Firefox\Profiles\rp5lin0z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-17 15:46:37
ComboFix-quarantined-files.txt 2012-04-17 21:46
.
Pre-Run: 54,548,754,432 bytes free
Post-Run: 55,928,889,344 bytes free
.
- - End Of File - - ED6AACB5E5743530E33443930AF1803F
 
Answering your questions:
1. If Combofix quarantined the files, they had malware. It should not affect the working of the drive- unless there is a file to replace.
2. What do you mean "how do you re-install the autorun"?
3. You should disinfect all of the removable driver: make sure the external drive is connected:
  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
=============================================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
C:\Users\wiebe\Downloads\Unlocker1.9.1-x64.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================
It looks like when you downloaded the Unlocker, that there was either a prechecked option form the Babylon Toolbar:
c:\windows\SysWow64\wintrust.dllhttp://www.emptyloop.com/unlocker/

The infected file is being removed in OTM. But if you need the Unlocker, I advise you to uninstall what you now have, then download again taking care to note any pre-checked options and uncheck them.
==========================================

I am still hard pressed to find any other malware. Is the only problem what you had after running Mbam? If you want to try Mbam, update and go ahead with the scan. FYI: here is the link and directions that we use:

malwarebytesgc8.png

Malwarebytes' Anti-Malware
  • Please download Malwarebytes' Anti-Malware from from HERE
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    [o] Update Malwarebytes' Anti-Malware
    [o] and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach this log with your reply
    Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
    [o] If you accidentally close it, the log file is saved here and will be named like this:
    [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
========================
 
1. Very well... What do I do with the quarantined files? Just delete them?
2. This question came more from a lack of understanding of external drives. When you plug in an external drive, the computer is able to access it- so something must get installed in order for the computer to access the files. ComboFix quarantined "Autorun.inf" and "Setup.exe" and I just got a little concerned that that would make the external harddrive unaccessible. If there is nothing to worry, though, then I won't worry about it.
3. My usb harddrive is NTFS. When I tried to run Panda USB vaccine, it says that the NTFS vaccination feature is experimental. Should I still do it? What is the risk?
4. Out of curiousity, why do you use "OTMovit by Old Timer" to remove the file found by ESET? Why not just use ESET?
5. Do I need to remove the "c:\windows\SysWow64\wintrust.dll" file? How does it connect to the bad toolbar?
6. Yes, the only issue I had that caused me to want to destroy malware was that Malwarebytes was shutting down mid-scan. I will try and scan with it. Why do your instructions ask people to just scan with the "Quick Scan" and not the "Full Scan"? It was the "Full scan" that caused shut-down last time.
 
Ok. So interesting news. I'm sending this from another device since my computer won't connect to the Internet anymore. So after I did all the stuff you mentioned in the previous message, I ran a quick scan with male warebytes and it came out clean. Then I ran a full scan with malewarebytes and watched it closely as it scanned. It was part way through scanning c/windows/winsxs when the computer shut down, much like before. When it came back up again, I got that dos-like screen that said that windows had not been shut down properly. I told it to start normally. It proceeded to freeze during restart - as in, when the colored lights were coming together to
Make the windows symbol. This is windows 7, that is. The processor was really working hard too, as indicated by the fan on my laptop going. I then held down the power button until it shut down and I restarted again. The computer started normally, but could not connect to the Internet when I had booted up. Sugar sync was really working hard, so I quit that. I also got a message saying that acmon had stopped working. Even though windows said that it couldn't connect to the Internet (diagnostics said the dns server was not responding), something was going on because my iPod wouldn't connect to the Wireless. I physically disconnected my computer, and now my iPod can connect to the Internet. Any ideas here? Unfortunately I didn't think to disconnect my external hard drive from my computer before any of this. I don't want to move until I figure out what's happening here.
 
You're welcome. In answer to your questions:

1.Quarantine files will be removed at the end of cleaning as well as the tools we used.
2. No worry here.
3. It is safe. Run it.
4. Because OTM removed other temporary internet files.
5. You used the wintrust in downloading the Unlocker. The Unlocker has adware you missed. But me instruction was to remove the unlocker, not the wintrust file.
6. The Quick Scan is all we need in the preliminary scans. Occasionally we have need for a Full Scan at a later date.

We structure our scans as we think best. Since you are the IT for your office, if you help anyone there, you can choose what you want them to run.

The system is clean.

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
=====================================================
Edit: You were posting at the same time I was. Your problems are system/driver/settings related, not malware. You my start a new thread in the Windows BSOD forum if it continues.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back