1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved antivirus 2011 cleanup

Discussion in 'Malware and Virus Removal Archive' started by kip777, 2011/05/14.

  1. 2011/05/14
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    [Resolved] antivirus 2011 cleanup

    Hey fun seekers,
    A month ago or so I had received an e mail and assumed it was a virus so I tried to scan it and it came up blank and so I did the dumb thing and tried to extract it to scan it…infection…well being I’d only had the computer 2 weeks it wouldn’t be too bad if I had to reformat/reinstall but I got into system recovery on start up and went back a day and it said it failed but on restart it said it was restored to a previous state. Cool! All together it took about 15 min. or so. All I had to reinstall was XP virtual machine. What makes this really funny is I was at work removing a virus from the boss’s computer on a Saturday evening that he re-infected the next day from his emails, his brothers computer kept sending him infected email. I see the kids have installed frostwire and itunes on this machine, is nothing sacred.
    Here are the logs

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6579

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    5/14/2011 4:08:33 PM
    mbam-log-2011-05-14 (16-08-33).txt

    Scan type: Quick scan
    Objects scanned: 165036
    Time elapsed: 2 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-05-14 15:23:08
    Windows 6.1.7601 Service Pack 1
    Running: cv7xz1hd.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dccdaa6
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dccdaa6 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: ASUSTeK Computer Inc.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: G73Sw
    Logical Drives Mask: 0x0000006c

    Kernel Drivers (total 225):
    0x03258000 \SystemRoot\system32\ntoskrnl.exe
    0x0320F000 \SystemRoot\system32\hal.dll
    0x00B9E000 \SystemRoot\system32\kdcom.dll
    0x00C7F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CCE000 \SystemRoot\system32\PSHED.dll
    0x00CE2000 \SystemRoot\system32\CLFS.SYS
    0x00D40000 \SystemRoot\system32\CI.dll
    0x00E89000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F2D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F3C000 \SystemRoot\system32\drivers\ACPI.sys
    0x00F93000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00F9C000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00FA6000 \SystemRoot\system32\drivers\pci.sys
    0x00FD9000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00FE6000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E09000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
    0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00C00000 \SystemRoot\system32\drivers\pciide.sys
    0x00C07000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00C17000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01098000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x011EC000 \SystemRoot\system32\drivers\atapi.sys
    0x01000000 \SystemRoot\system32\drivers\ataport.SYS
    0x0102A000 \SystemRoot\system32\drivers\msahci.sys
    0x01035000 \SystemRoot\system32\drivers\amdxata.sys
    0x01040000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00C31000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C45000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x0121B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01425000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01483000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0149E000 \SystemRoot\System32\Drivers\cng.sys
    0x01510000 \SystemRoot\System32\drivers\pcw.sys
    0x01521000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01666000 \SystemRoot\system32\drivers\ndis.sys
    0x01759000 \SystemRoot\system32\drivers\NETIO.SYS
    0x017B9000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x018DA000 \SystemRoot\System32\drivers\tcpip.sys
    0x01ADE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01C57000 \SystemRoot\system32\DRIVERS\timntr.sys
    0x01D40000 \SystemRoot\system32\drivers\volsnap.sys
    0x01EBA000 \SystemRoot\system32\DRIVERS\tdrpm273.sys
    0x01FF1000 \SystemRoot\System32\Drivers\spldr.sys
    0x01E00000 \SystemRoot\system32\DRIVERS\snapman.sys
    0x01E46000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01E80000 \SystemRoot\System32\Drivers\mup.sys
    0x01E92000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01D8C000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01E9B000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01DC6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x043C4000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0422A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x01EB1000 \SystemRoot\System32\Drivers\Null.SYS
    0x01FF9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01C0E000 \SystemRoot\System32\drivers\vga.sys
    0x01C1C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01C41000 \SystemRoot\System32\drivers\watchdog.sys
    0x01DF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01B28000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01B31000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01B3A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01B45000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01B56000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01B78000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01800000 \SystemRoot\system32\drivers\afd.sys
    0x01889000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x018CE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x01B85000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x01BAB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x01BC1000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
    0x01BD5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x01BE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x01600000 \SystemRoot\system32\drivers\vpcvmm.sys
    0x017E4000 \SystemRoot\system32\drivers\termdd.sys
    0x0152B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x01657000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0157C000 \SystemRoot\system32\drivers\mssmbios.sys
    0x01587000 \SystemRoot\System32\drivers\discache.sys
    0x01596000 \SystemRoot\System32\Drivers\dfsc.sys
    0x015B4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x015C5000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    0x015CE000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x05C02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x067F2000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x048DB000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04846000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x0486A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x0487B000 \SystemRoot\system32\drivers\usbehci.sys
    0x050D5000 \SystemRoot\system32\drivers\USBPORT.SYS
    0x05428000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x055B1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x055BE000 \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    0x0512B000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x05400000 \SystemRoot\system32\drivers\i8042prt.sys
    0x0566B000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x057C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x057C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x057D7000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x057DF000 \SystemRoot\system32\drivers\kbdclass.sys
    0x057EE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x05600000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x05616000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x0561F000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x05627000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0517E000 \SystemRoot\system32\drivers\ks.sys
    0x0562D000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x0563D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x051C1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05653000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0502F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0504A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0506B000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05085000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x0565F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x057F3000 \SystemRoot\system32\drivers\swenum.sys
    0x0509A000 \SystemRoot\system32\drivers\umbus.sys
    0x050AC000 \SystemRoot\system32\DRIVERS\vpcusb.sys
    0x051E5000 \SystemRoot\system32\DRIVERS\usbrpm.sys
    0x0488C000 \SystemRoot\system32\DRIVERS\vpchbus.sys
    0x05846000 \SystemRoot\system32\drivers\usbhub.sys
    0x058A0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x058B5000 \SystemRoot\system32\drivers\nvhda64v.sys
    0x058D8000 \SystemRoot\system32\drivers\portcls.sys
    0x05915000 \SystemRoot\system32\drivers\drmk.sys
    0x078F0000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x07B42000 \SystemRoot\system32\drivers\MBfilt64.sys
    0x07B50000 \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    0x07B63000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0425B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x07B71000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x07B84000 \SystemRoot\System32\drivers\Dxapi.sys
    0x00460000 \SystemRoot\System32\TSDDD.dll
    0x00600000 \SystemRoot\System32\cdd.dll
    0x00950000 \SystemRoot\System32\ATMFD.DLL
    0x07B9E000 \SystemRoot\system32\drivers\luafv.sys
    0x07BC1000 \SystemRoot\system32\drivers\WudfPf.sys
    0x07BE2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x07800000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0782E000 \SystemRoot\system32\drivers\btusbflt.sys
    0x0783E000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x07856000 \SystemRoot\System32\Drivers\bthport.sys
    0x05952000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05967000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x059BA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x059CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x078E2000 \SystemRoot\system32\DRIVERS\TurboB.sys
    0x05800000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x0582C000 \SystemRoot\system32\drivers\BthEnum.sys
    0x049CF000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x059E5000 \SystemRoot\system32\DRIVERS\dc3d.sys
    0x059F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04CBC000 \SystemRoot\system32\drivers\btwavdt.sys
    0x04D37000 \SystemRoot\system32\drivers\btwaudio.sys
    0x04DBD000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
    0x04DC9000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x04DCD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04DE6000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04C00000 \SystemRoot\system32\drivers\kbdhid.sys
    0x04C0E000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x04C1B000 \SystemRoot\system32\DRIVERS\point64.sys
    0x04C2B000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    0x0748E000 \SystemRoot\system32\drivers\HTTP.sys
    0x07557000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07575000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0758D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0744D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07471000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x082DC000 \SystemRoot\system32\drivers\peauth.sys
    0x08382000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0838D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x083BE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x08200000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08881000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08919000 \SystemRoot\system32\DRIVERS\afcdp.sys
    0x08961000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    0x08871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0881C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x08846000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x089C6000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x76F60000 \Windows\System32\ntdll.dll
    0x47870000 \Windows\System32\smss.exe
    0xFF280000 \Windows\System32\apisetschema.dll
    0xFF680000 \Windows\System32\autochk.exe
    0xFF060000 \Windows\System32\ole32.dll
    0xFEF30000 \Windows\System32\rpcrt4.dll
    0xFE1A0000 \Windows\System32\shell32.dll
    0x77130000 \Windows\System32\psapi.dll
    0xFE100000 \Windows\System32\msvcrt.dll
    0xFE0E0000 \Windows\System32\sechost.dll
    0xFDFD0000 \Windows\System32\msctf.dll
    0xFDF50000 \Windows\System32\shlwapi.dll
    0x76D50000 \Windows\System32\iertutil.dll
    0xFDEB0000 \Windows\System32\clbcatq.dll
    0xFDDD0000 \Windows\System32\advapi32.dll
    0xFDD30000 \Windows\System32\comdlg32.dll
    0xFDD00000 \Windows\System32\imm32.dll
    0xFDCB0000 \Windows\System32\ws2_32.dll
    0xFDCA0000 \Windows\System32\nsi.dll
    0xFDBC0000 \Windows\System32\oleaut32.dll
    0xFDB60000 \Windows\System32\Wldap32.dll
    0xFDAE0000 \Windows\System32\difxapi.dll
    0x77120000 \Windows\System32\normaliz.dll
    0x76C00000 \Windows\System32\urlmon.dll
    0xFD900000 \Windows\System32\setupapi.dll
    0x76B00000 \Windows\System32\user32.dll
    0xFD890000 \Windows\System32\gdi32.dll
    0x769A0000 \Windows\System32\wininet.dll
    0xFD880000 \Windows\System32\lpk.dll
    0xFD7B0000 \Windows\System32\usp10.dll
    0xFD790000 \Windows\System32\imagehlp.dll
    0x76880000 \Windows\System32\kernel32.dll
    0xFD620000 \Windows\System32\crypt32.dll
    0xFD5E0000 \Windows\System32\cfgmgr32.dll
    0xFD5A0000 \Windows\System32\wintrust.dll
    0xFD530000 \Windows\System32\KernelBase.dll
    0xFD510000 \Windows\System32\devobj.dll
    0xFD470000 \Windows\System32\comctl32.dll
    0xFD460000 \Windows\System32\msasn1.dll
    0x77110000 \Windows\SysWOW64\normaliz.dll

    Processes (total 101):
    0 System Idle Process
    4 System
    516 C:\Windows\System32\smss.exe
    716 csrss.exe
    792 C:\Windows\System32\wininit.exe
    816 csrss.exe
    856 C:\Windows\System32\services.exe
    880 C:\Windows\System32\lsass.exe
    888 C:\Windows\System32\lsm.exe
    988 C:\Windows\System32\svchost.exe
    148 C:\Windows\System32\nvvsvc.exe
    608 C:\Windows\System32\svchost.exe
    652 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    940 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\svchost.exe
    1328 C:\Windows\System32\winlogon.exe
    1436 C:\Windows\System32\nvvsvc.exe
    1468 C:\Windows\System32\svchost.exe
    1564 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    1580 C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    1676 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    1752 C:\Windows\System32\spoolsv.exe
    1780 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\taskhost.exe
    712 C:\Windows\System32\dwm.exe
    1840 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    1976 C:\Windows\System32\taskeng.exe
    2056 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    2072 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    2100 C:\Windows\explorer.exe
    2272 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    2316 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2328 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    2496 C:\Program Files\P4G\BatteryLife.exe
    2504 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    2528 C:\Windows\SysWOW64\ACEngSvr.exe
    2600 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2668 C:\Windows\System32\svchost.exe
    2712 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    2808 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2856 C:\Windows\System32\svchost.exe
    2924 C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    2968 C:\ExpressGateUtil\VAWinService.exe
    3004 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2444 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    3272 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3552 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    3560 WmiPrvSE.exe
    3608 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3672 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3716 C:\Windows\System32\rundll32.exe
    3732 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3780 C:\Program Files\Microsoft Security Client\msseces.exe
    3808 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3836 C:\Program Files\Windows Sidebar\sidebar.exe
    4088 C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    3444 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3484 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    4372 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    4524 C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    4584 C:\Windows\System32\svchost.exe
    4620 C:\Windows\System32\svchost.exe
    4724 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    4732 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    4804 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    4856 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    4896 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    4904 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    4912 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    4920 C:\Windows\AsScrPro.exe
    4952 C:\ExpressGateUtil\VAWinAgent.exe
    4960 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    5092 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    4240 C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
    4284 C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
    4296 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    5076 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    5280 C:\Windows\System32\SearchIndexer.exe
    5568 C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
    5664 C:\Windows\System32\taskmgr.exe
    5980 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5988 C:\Windows\System32\svchost.exe
    6544 dllhost.exe
    2616 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    3548 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    5780 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    6312 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    4300 C:\Program Files\iPod\bin\iPodService.exe
    2300 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    6320 C:\Windows\System32\notepad.exe
    3972 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4052 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3392 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    6880 C:\Windows\System32\audiodg.exe
    6996 C:\Windows\System32\SearchProtocolHost.exe
    4488 C:\Windows\System32\SearchFilterHost.exe
    1664 C:\Windows\System32\dllhost.exe
    6368 C:\Users\Kkip\Downloads\MBRCheck.exe
    1104 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`5faeec00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`7bb62a00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000013`186ee400 (NTFS)

    PhysicalDrive0 Model Number: ST95005620AS, Rev: SD24
    PhysicalDrive1 Model Number: ST9500420AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Legit MBR code detected
    SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47
    465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Kkip at 16:00:15.31 on Sat 05/14/2011
    Internet Explorer: 9.0.8112.16421
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.5720 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\ExpressGateUtil\VAWinService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Windows\AsScrPro.exe
    C:\ExpressGateUtil\VAWinAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
    C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
    C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Kkip\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
    uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5 "
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe "
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini "
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
    mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe "
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe "
    mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs "
    mRun-x64: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
    mRun-x64: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe "
    mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-3 55856]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-4-2 1263200]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-4-2 3246040]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-29 236136]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-23 2655768]
    R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-4-2 285280]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-14 53800]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-23 35104]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-11-19 210944]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-11-19 49664]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-2-23 32344]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-23 56344]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-1 131688]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-23 333928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-23 135664]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-2-23 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-23 79360]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-23 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-23 135664]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-2-23 290920]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-30 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-30 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-05-14 14:37:44 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C61C52C3-5619-4657-902F-481B0E809E87}\mpengine.dll
    2011-05-13 14:43:02 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-13 14:16:02 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-13 14:16:02 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-13 14:16:00 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-13 14:16:00 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-13 14:16:00 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-13 02:55:19 -------- d-----w- C:\PROGRA~3\vsosdk
    2011-05-13 02:29:14 -------- d-----w- C:\Users\Kkip\AppData\Local\MagicSoftware
    2011-05-13 02:29:02 99384 ----a-w- C:\Users\Kkip\AppData\Roaming\inst.exe
    2011-05-13 02:29:02 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
    2011-05-13 02:29:02 82816 ----a-w- C:\Users\Kkip\AppData\Roaming\pcouffin.sys
    2011-05-13 02:28:55 -------- d-----w- C:\Program Files (x86)\MagicDVDCopier
    2011-04-27 22:20:50 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
    2011-04-26 12:08:40 -------- d--h--w- C:\PROGRA~3\CanonIJFax
    2011-04-24 19:41:52 -------- d-----w- C:\Windows\System32\appmgmt
    2011-04-24 19:34:33 -------- d-----w- C:\Program Files (x86)\IVCsoft
    2011-04-24 19:09:18 -------- d-----w- C:\Users\Kkip\AppData\Local\V CAST Media Manager
    2011-04-24 19:09:18 -------- d-----w- C:\PROGRA~3\Verizon
    2011-04-24 19:09:03 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
    2011-04-24 18:58:43 -------- d-----w- C:\Program Files (x86)\HTC
    2011-04-24 18:58:03 -------- d-----w- C:\Temp
    2011-04-16 23:52:40 -------- d-----w- C:\Users\Kkip\AppData\Local\Windows Live
    2011-04-16 15:13:16 -------- d-sh--r- C:\bootwiz
    2011-04-15 13:56:03 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-04-15 13:52:01 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-04-15 13:52:01 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-15 13:52:01 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-15 13:52:01 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    .
    ==================== Find3M ====================
    .
    2011-05-14 15:44:10 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
    2011-04-27 18:19:14 3696480 ----a-w- C:\Windows\System32\AutoPartNt.exe
    2011-04-13 20:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys
    2011-04-12 18:01:38 52632 ----a-w- C:\Windows\System32\drivers\dc3d.sys
    2011-04-09 04:00:34 465920 ----a-w- C:\Windows\System32\itpcoin815.dll
    2011-04-09 04:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll
    2011-04-06 21:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 21:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-04-06 21:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-04-06 21:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 21:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 21:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-04-06 21:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-04-06 21:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-04-02 21:36:38 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
    2011-04-02 21:36:37 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
    2011-04-02 21:36:35 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2011-04-02 21:36:31 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2011-03-31 13:11:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-03-30 20:12:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-03-30 20:12:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
    2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 12:50:55 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-02-23 12:50:55 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-02-23 12:50:55 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-02-23 12:50:55 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-02-23 12:50:42 80512 ----a-w- C:\Windows\Asus_G73_Screensaver Uninstaller.exe
    2011-02-23 12:50:41 3058304 ----a-w- C:\Windows\AsScrPro.exe
    2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-22 16:43:04 95200 ----a-w- C:\Windows\SysWow64\VBDB300.DLL
    2011-02-22 16:43:04 710752 ----a-w- C:\Windows\SysWow64\MSAJT110.DLL
    2011-02-22 16:43:02 570128 ----a-w- C:\Windows\SysWow64\dao350.dll
    2011-02-22 16:43:02 398416 ----a-w- C:\Windows\SysWow64\VBRUN300.DLL
    2011-02-22 16:43:02 33280 ----a-w- C:\Windows\SysWow64\MSAES110.DLL
    2011-02-22 15:57:08 517632 ----a-w- C:\Windows\SysWow64\7za.exe
    2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    .
    ============= FINISH: 16:00:38.12 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/31/2011 12:17:44 AM
    System Uptime: 5/14/2011 10:43:48 AM (6 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G73Sw
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 1080/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 43.504 GiB free.
    D: is FIXED (NTFS) - 328 GiB total, 155.389 GiB free.
    F: is FIXED (NTFS) - 466 GiB total, 280.191 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    Acronis*True*Image*Home
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    Asus_G73_Screensaver
    AsusVibe2.0
    ATK Package
    Bookworm Deluxe
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Complemento Messenger
    Complément Messenger
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    Cooking Dash
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    DirectX 9 Runtime
    ExpressGate Cloud
    FrostWire 4.21.5
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Game Park Console
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker
    Hoster
    Hotel Dash Suite Success
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 24
    Jewel Quest 3
    Junk Mail filter update
    Luxor 3
    Magic DVD Copier Version 5.0.1
    Mahjongg dimensions
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger ????
    Messenger ?????
    Messenger Companion
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser (KB973685)
    Nuance PDF Reader
    NVIDIA Stereoscopic 3D Driver
    Plants vs Zombies
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    Roxio AACS Certificate
    Roxio Activation Module
    Roxio CinePlayer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    syncables desktop SE
    THX TruStudio
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    Wireless Console 3
    World of Goo
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/14/2011 10:38:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
    5/13/2011 9:30:13 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
    5/13/2011 9:29:54 AM, Error: Service Control Manager [7023] -
    5/13/2011 9:29:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    5/12/2011 10:54:59 AM, Error: NetBT [4321] - The name "MATRIX :1d" could not be registered on the interface with IP address 192.168.254.6. The computer with the IP address 192.168.254.3 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
    kip777,
    #1
  2. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    I'm not sure, if I understand.

    Is this your computer, which you just reformatted (did you?), or your boss computer, which may be infected?
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/05/14
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    i'm sorry it is my computer, it is running fine but the GMER comes up with 2 issues in the reg. and they won't delete
    no i didn't reformat. sys restore worked even though it said it didn't.

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dccdaa6
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dccdaa6 (not active ControlSet)

    I just thought there might be a problem, but maybe there isn't one
     
    Last edited: 2011/05/14
    kip777,
    #3
  5. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    GMER is just a scanner.
    It doesn't fix anything and if GMER's entries are bad, or good it's up to me to determine.
    Your GMER log looks fine.

    So far, I don't see much.
    What are the current computer issues?
     
    broni,
    #4
  6. 2011/05/14
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    Maybe I’m just paranoid. there really are no issues other than i see background tasks consuming more resources than i think they should, but then i am new to windows 7.
     
    Last edited: 2011/05/14
    kip777,
    #5
  7. 2011/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Paste the content into your next reply.
     
    broni,
    #6
  8. 2011/05/14
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    here is the log file

    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 97.94 0 K 24 K
    System 4 0.20 128 K 672 K
    Interrupts n/a 0.32 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 516 764 K 1,416 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 716 < 0.01 2,672 K 4,876 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe 792 2,092 K 4,924 K Windows Start-Up Application Microsoft Corporation wininit.exe
    services.exe 856 7,244 K 11,028 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
    svchost.exe 988 < 0.01 6,464 K 11,960 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
    ACEngSvr.exe 3288 2,380 K 5,992 K ACEngSvr Module ASUSTeK C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
    WmiPrvSE.exe 3768 4,492 K 8,400 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
    BTStackServer.exe 4536 < 0.01 31,348 K 17,912 K Bluetooth Stack COM Server Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
    BluetoothHeadsetProxy.exe 2196 1,248 K 3,744 K Bluetooth Headset Skype Proxy Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe "
    dllhost.exe 6232 3,564 K 7,828 K COM Surrogate Microsoft Corporation C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
    nvvsvc.exe 472 2,476 K 5,416 K NVIDIA Driver Helper Service, Version 261.14 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe
    nvvsvc.exe 2052 < 0.01 5,548 K 10,728 K NVIDIA Driver Helper Service, Version 261.14 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe -session -first
    svchost.exe 604 6,528 K 10,632 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
    MsMpEng.exe 720 0.01 181,408 K 97,112 K Antimalware Service Executable Microsoft Corporation "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "
    svchost.exe 1028 < 0.01 24,924 K 26,920 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    svchost.exe 1076 < 0.01 231,476 K 242,108 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    dwm.exe 3000 0.10 38,016 K 47,148 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe "
    svchost.exe 1120 < 0.01 30,500 K 48,888 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
    taskeng.exe 3020 3,500 K 7,224 K Task Scheduler Engine Microsoft Corporation taskeng.exe {FB29FC85-D3CB-4494-BCB0-E95D2DA8BF4E}
    ACMON.exe 3132 < 0.01 4,400 K 528 K ACMON ASUS "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
    ALU.exe 3148 3,368 K 812 K ALU "C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
    sensorsrv.exe 3160 1,896 K 676 K SmartLogon Application ASUS "C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
    ATKOSD2.exe 3172 1,660 K 764 K ATKOSD2 ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
    BatteryLife.exe 3188 < 0.01 7,396 K 576 K Power4Gear Hybrid ASUS "C:\Program Files\P4G\BatteryLife.exe"
    svchost.exe 1232 < 0.01 11,408 K 18,584 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
    svchost.exe 1340 < 0.01 23,196 K 27,580 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
    AsLdrSrv.exe 1504 1,228 K 3,928 K ASLDR Service ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe "
    HControl.exe 3600 < 0.01 7,068 K 8,268 K HControl ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe "
    ATKOSD.exe 4104 1,184 K 6,032 K ATKOSD ASUS ATKOSD.exe
    KBFiltr.exe 4132 1,368 K 4,304 K KBFiltr ASUS KBFiltr.exe
    WDC.exe 4140 1,648 K 5,444 K WDC ASUS WDC.exe
    GFNEXSrv.exe 1540 972 K 2,644 K GFNEXSrv ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe "
    spoolsv.exe 1636 12,460 K 20,244 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
    svchost.exe 1672 15,924 K 17,256 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    schedul2.exe 1760 3,072 K 6,460 K Acronis Scheduler 2 Acronis "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe "
    afcdpsrv.exe 1780 < 0.01 5,808 K 9,900 K File Level CDP Manager Service Acronis "C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe "
    AppleMobileDeviceService.exe 1848 < 0.01 2,656 K 7,832 K MobileDeviceService Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "
    mDNSResponder.exe 2020 2,120 K 5,808 K Bonjour Service Apple Inc. "C:\Program Files (x86)\Bonjour\mDNSResponder.exe "
    btwdins.exe 1180 2,944 K 6,456 K Bluetooth Support Server Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "
    svchost.exe 1440 0.01 8,940 K 37,756 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    nvSCPAPISvr.exe 2132 2,500 K 5,640 K Stereo Vision Control Panel API Server NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "
    svchost.exe 2216 12,972 K 12,644 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
    TurboBoost.exe 2252 0.01 3,128 K 6,876 K Turbo Boost Monitor Service Intel(R) Corporation "C:\Program Files\Intel\TurboBoost\TurboBoost.exe "
    VAWinService.exe 2304 < 0.01 8,984 K 10,172 K C:\ExpressGateUtil\VAWinService.exe
    WLIDSVC.EXE 2356 < 0.01 8,588 K 17,116 K Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "
    WLIDSVCM.EXE 2488 2,112 K 3,996 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2356
    taskhost.exe 2824 8,772 K 10,412 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe "
    NisSrv.exe 4528 10,012 K 3,448 K Microsoft Network Inspection System Microsoft Corporation "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "
    SearchIndexer.exe 4716 < 0.01 53,628 K 38,852 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
    svchost.exe 4928 2,948 K 6,260 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    svchost.exe 4960 < 0.01 2,436 K 5,396 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
    wmpnetwk.exe 1116 < 0.01 16,344 K 11,060 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe "
    svchost.exe 5832 < 0.01 13,640 K 16,672 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    iPodService.exe 6048 < 0.01 4,228 K 8,424 K iPodService Module (64-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe "
    LMS.exe 6788 0.01 3,104 K 5,352 K Local Manageability Service Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "
    UNS.exe 3336 3,568 K 7,652 K User Notification Service Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "
    mdm.exe 3700 < 0.01 2,400 K 5,204 K Machine Debug Manager Microsoft Corporation "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe "
    lsass.exe 884 < 0.01 7,472 K 14,968 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
    lsm.exe 892 3,292 K 5,032 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
    csrss.exe 816 0.05 3,668 K 8,564 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe 1468 3,904 K 7,784 K Windows Logon Application Microsoft Corporation winlogon.exe
    explorer.exe 3028 0.35 121,220 K 138,792 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
    AsusWSService.exe 3656 0.09 47,636 K 42,152 K "C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
    RAVCpl64.exe 3664 10,052 K 11,628 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    SynTPEnh.exe 3676 < 0.01 10,136 K 14,216 K Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    SynTPHelper.exe 3776 2,356 K 4,360 K Synaptics Pointing Device Helper Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
    rundll32.exe 3756 6,908 K 6,360 K Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
    schedhlp.exe 3836 < 0.01 1,544 K 4,708 K Acronis Scheduler Helper Acronis "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    msseces.exe 3924 7,420 K 15,180 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    ipoint.exe 3956 < 0.01 8,788 K 17,736 K IPoint.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    sidebar.exe 4008 0.06 16,736 K 36,552 K Windows Desktop Gadgets Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    syncables.exe 3440 40,732 K 39,176 K Syncables syncables, LLC "C:\Program Files (x86)\syncables\syncables desktop\syncables.exe"
    javaw.exe 4576 < 0.01 88,244 K 60,924 K Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" -Xms56m -Xmx112m -classpath .;syncables.jar migoDesktop.migoDesktopMain sid=S-1-5-21-1618757760-2216781050-2592985322-1001
    syncablesMAPI.exe 5608 0.04 6,468 K 11,320 K syncablesMapi syncables, LLC "C:\Program Files (x86)\syncables\syncables desktop\\syncablesMAPI.exe "
    BTTray.exe 2644 0.01 8,612 K 14,044 K Bluetooth Tray Application Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
    taskmgr.exe 6304 0.07 5,140 K 14,036 K Windows Task Manager Microsoft Corporation "C:\Windows\system32\taskmgr.exe" /4
    OUTLOOK.EXE 2812 0.01 49,716 K 83,700 K Microsoft Office Outlook Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"
    iexplore.exe 4872 0.01 16,224 K 30,872 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.windowsbbs.com/malware-virus-removal/98999-active-antivirus-2011-cleanup-new-post.html
    iexplore.exe 2228 0.02 106,140 K 123,528 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4872 CREDAT:145409
    procexp.exe 3256 1,992 K 6,348 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Kkip\Downloads\ProcessExplorer\procexp.exe"
    procexp64.exe 5764 0.61 30,052 K 49,068 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Kkip\Downloads\ProcessExplorer\procexp.exe"
    CLMLSvc.exe 4212 < 0.01 4,540 K 9,484 K CyberLink MediaLibray Service CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    DMedia.exe 4264 1,500 K 5,156 K ATK Media ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
    HControlUser.exe 4276 1,192 K 3,660 K HControlUser ASUS "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
    wcourier.exe 4284 3,904 K 8,776 K Wireless Console 3 "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
    AsScrPro.exe 4292 < 0.01 1,736 K 5,508 K AsScrPro ASUS "C:\Windows\AsScrPro.exe"
    VAWinAgent.exe 4372 1,600 K 4,556 K "C:\ExpressGateUtil\VAWinAgent.exe"
    jusched.exe 4380 1,428 K 4,544 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    TrueImageMonitor.exe 4388 < 0.01 10,144 K 10,116 K Acronis True Image Monitor Acronis "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    FLxHCIm.exe 4396 2,860 K 6,300 K Fresco Logic Windows (R) Win 7 DDK provider "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
    CPMonitor.exe 4404 2,672 K 7,720 K CPMonitor Application "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
    CNMNSUT.EXE 4412 0.02 2,184 K 6,400 K Canon IJ Network Scan Utility CANON INC. "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
    iTunesHelper.exe 4436 < 0.01 6,228 K 13,496 K iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
     
    kip777,
    #7
  9. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    System Idle Process (CPU NOT used) is listed at 97.94%.
    Just perfect, so I'm not sure, where you see high resources use....
     
    broni,
    #8
  10. 2011/05/15
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    Broni,
    Like I said I could just be paranoid, my biggest concern was the GMER log with the red entries in the Bluetooth keys, if they are nothing to worry about that’s great. As far as background tasks are concerned it isn’t an all the time thing, the computer had been idle for a few minutes and I noticed disk activity and a rise in speed step, opened resource monitor and there were a couple of 400k and a 200k write at the top and the disk scale was 10MB/sec and basically topped out on the scale. They seemed to be legitimate windows tasks like indexing service and I can’t remember the others but I just thought it odd that background tasks would consume that amount of resources and went on for about ten minutes.
    But if things look clean and you see no issues let’s just close the thread and stop wasting your resources
    Thanks and appreciation,
    Kip
     
    kip777,
    #9
  11. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Indexing service is known for taxing systems.
    I have it always turned off.

    Let's see one more log....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2011/05/15
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    Combofix log

    ComboFix 11-05-15.03 - Kkip 05/15/2011 16:10:04.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.6114 [GMT -5:00]
    Running from: c:\users\Kkip\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\users\Kkip\AppData\Roaming\inst.exe
    c:\users\Kkip\AppData\Roaming\pcouffin.sys
    c:\users\Kkip\Desktop\Internet Explorer.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-15 21:13 . 2011-05-15 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-14 21:42 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{535A6C89-B81B-4B04-A2E0-C402597C4EDD}\mpengine.dll
    2011-05-14 18:02 . 2011-05-14 18:16 -------- d-----w- c:\programdata\Apple
    2011-05-14 18:02 . 2011-05-14 18:03 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-05-14 14:37 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C61C52C3-5619-4657-902F-481B0E809E87}\mpengine.dll
    2011-05-13 14:43 . 2011-05-13 14:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-13 14:16 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-13 14:16 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-13 14:16 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-13 14:16 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-13 14:16 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-13 02:55 . 2011-05-13 02:55 -------- d-----w- c:\programdata\vsosdk
    2011-05-13 02:29 . 2011-05-13 02:29 -------- d-----w- c:\users\Kkip\AppData\Local\MagicSoftware
    2011-05-13 02:29 . 2011-05-13 02:29 -------- d-----w- c:\users\Kkip\AppData\Roaming\Vso
    2011-05-13 02:29 . 2011-05-13 02:29 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2011-05-13 02:28 . 2011-05-13 03:06 -------- d-----w- c:\program files (x86)\MagicDVDCopier
    2011-04-27 22:20 . 2011-04-27 22:20 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2011-04-26 12:08 . 2011-04-26 12:08 -------- d--h--w- c:\programdata\CanonIJFax
    2011-04-24 19:41 . 2011-04-24 19:41 -------- d-----w- c:\windows\system32\appmgmt
    2011-04-24 19:34 . 2011-04-24 19:34 -------- d-----w- c:\program files (x86)\IVCsoft
    2011-04-24 19:09 . 2011-04-24 19:09 -------- d-----w- c:\users\Kkip\AppData\Roaming\vlc
    2011-04-24 19:09 . 2011-04-24 19:15 -------- d-----w- c:\users\Kkip\AppData\Local\V CAST Media Manager
    2011-04-24 19:09 . 2011-04-24 19:09 -------- d-----w- c:\programdata\Verizon
    2011-04-24 19:09 . 2011-04-24 19:09 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2011-04-24 18:58 . 2011-04-24 18:58 -------- d-----w- c:\program files (x86)\HTC
    2011-04-24 18:58 . 2011-04-24 18:58 -------- d-----w- C:\Temp
    2011-04-16 23:52 . 2011-05-07 02:19 -------- d-----w- c:\users\Kkip\AppData\Local\Windows Live
    2011-04-16 15:13 . 2011-04-16 15:13 -------- d-----r- C:\bootwiz
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-14 21:40 . 2011-02-23 12:50 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
    2011-04-27 18:19 . 2011-04-03 02:37 3696480 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-04-13 20:04 . 2011-04-13 20:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
    2011-04-12 18:01 . 2011-04-12 18:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2011-04-11 08:21 . 2011-04-10 15:14 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-10 15:14 . 2011-04-10 15:14 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-04-10 15:14 . 2011-04-10 15:14 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65ED07FE-CE5B-4B88-804B-305B05F07BD4}\gapaengine.dll
    2011-04-09 04:00 . 2011-04-09 04:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
    2011-04-09 04:00 . 2011-04-09 04:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
    2011-04-06 21:26 . 2011-04-06 21:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:26 . 2011-04-06 21:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 21:26 . 2011-04-06 21:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 21:26 . 2011-04-06 21:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-04-06 14:53 . 2011-04-06 14:53 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-04-06 14:53 . 2011-04-06 14:53 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-04-06 14:53 . 2011-04-06 14:53 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-04-06 14:53 . 2011-04-06 14:53 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-04-06 14:53 . 2011-04-06 14:53 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-04-06 14:53 . 2011-04-06 14:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-04-06 14:53 . 2011-04-06 14:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-04-06 14:53 . 2011-04-06 14:53 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-04-06 14:53 . 2011-04-06 14:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-04-06 14:53 . 2011-04-06 14:53 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-04-06 14:53 . 2011-04-06 14:53 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-04-06 14:53 . 2011-04-06 14:53 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-04-06 14:53 . 2011-04-06 14:53 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-04-06 14:53 . 2011-04-06 14:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-04-06 14:53 . 2011-04-06 14:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-04-06 14:53 . 2011-04-06 14:53 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-04-06 14:53 . 2011-04-06 14:53 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-04-06 14:53 . 2011-04-06 14:53 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-04-06 14:53 . 2011-04-06 14:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-04-06 14:53 . 2011-04-06 14:53 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-04-06 14:53 . 2011-04-06 14:53 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-06 14:53 . 2011-04-06 14:53 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-06 14:53 . 2011-04-06 14:53 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-04-06 14:53 . 2011-04-06 14:53 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-06 14:53 . 2011-04-06 14:53 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-06 14:53 . 2011-04-06 14:53 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-04-06 14:53 . 2011-04-06 14:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-04-06 14:53 . 2011-04-06 14:53 448512 ----a-w- c:\windows\system32\html.iec
    2011-04-06 14:53 . 2011-04-06 14:53 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-04-06 14:53 . 2011-04-06 14:53 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-06 14:53 . 2011-04-06 14:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-06 14:53 . 2011-04-06 14:53 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-04-06 14:53 . 2011-04-06 14:53 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-04-06 14:53 . 2011-04-06 14:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-04-06 14:53 . 2011-04-06 14:53 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-04-06 14:53 . 2011-04-06 14:53 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-04-06 14:53 . 2011-04-06 14:53 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-06 14:53 . 2011-04-06 14:53 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-04-06 14:53 . 2011-04-06 14:53 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-06 14:53 . 2011-04-06 14:53 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-04-06 14:53 . 2011-04-06 14:53 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-04-06 14:53 . 2011-04-06 14:53 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-04-02 21:36 . 2011-04-02 21:36 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-04-02 21:36 . 2011-04-02 21:36 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
    2011-04-02 21:36 . 2011-04-02 21:36 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-04-02 21:36 . 2011-04-02 21:36 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-03-31 13:11 . 2011-03-31 13:12 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-30 20:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-30 20:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-03-30 18:49 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-11 06:34 . 2011-04-15 13:51 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:34 . 2011-04-15 13:51 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 13:51 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:33 . 2011-04-15 13:51 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-08 06:29 . 2011-04-15 13:51 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:28 . 2011-04-15 13:51 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-04 06:19 . 2011-04-27 22:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:19 . 2011-04-27 22:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:24 . 2011-04-15 13:51 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 06:21 . 2011-04-15 13:51 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 05:36 . 2011-04-15 13:51 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:52 . 2011-04-15 13:56 3135488 ----a-w- c:\windows\system32\win32k.sys
    2011-02-24 06:15 . 2011-04-15 13:51 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-24 05:38 . 2011-04-15 13:51 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 12:50 . 2011-02-23 12:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-02-23 12:50 . 2011-02-23 12:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2011-02-23 12:50 . 2011-02-23 12:50 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-02-23 12:50 . 2011-02-23 12:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2011-02-23 12:50 . 2011-02-23 12:50 80512 ----a-w- c:\windows\Asus_G73_Screensaver Uninstaller.exe
    2011-02-23 12:50 . 2011-02-23 12:50 3058304 ----a-w- c:\windows\AsScrPro.exe
    2011-02-23 04:56 . 2011-04-15 13:52 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-23 04:56 . 2011-04-15 13:51 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-23 04:56 . 2011-04-15 13:51 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-02-23 04:55 . 2011-04-15 13:51 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-02-23 04:55 . 2011-04-15 13:52 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-23 04:55 . 2011-04-15 13:52 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-23 04:55 . 2011-04-15 13:52 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-02-22 16:43 . 2011-04-01 22:32 95200 ----a-w- c:\windows\SysWow64\VBDB300.DLL
    2011-02-22 16:43 . 2011-04-01 22:32 710752 ----a-w- c:\windows\SysWow64\MSAJT110.DLL
    2011-02-22 16:43 . 2011-04-01 22:32 570128 ----a-w- c:\windows\SysWow64\dao350.dll
    2011-02-22 16:43 . 2011-04-01 22:32 398416 ----a-w- c:\windows\SysWow64\VBRUN300.DLL
    2011-02-22 16:43 . 2011-04-01 22:32 33280 ----a-w- c:\windows\SysWow64\MSAES110.DLL
    2011-02-22 15:57 . 2011-04-01 22:32 517632 ----a-w- c:\windows\SysWow64\7za.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Syncables "= "c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut "= "c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "CLMLServer "= "c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    "UpdateP2GoShortCut "= "c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Nuance PDF Reader-reminder "= "c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "ATKMEDIA "= "c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser "= "c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3 "= "c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
    "ASUS Screen Saver Protector "= "c:\windows\AsScrPro.exe" [2011-02-23 3058304]
    "THX TruStudio NB Settings "= "c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]
    "UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "VAWinAgent "= "c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "TrueImageMonitor.exe "= "c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
    "FLxHCIm "= "c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
    "CPMonitor "= "c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]
    "IJNetworkScanUtility "= "c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-23 548528]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 135664]
    R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-23 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-23 79360]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 135664]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-02 3246040]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-29 236136]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PROCEXP141
    *Deregistered* - PROCEXP141
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 12:14]
    .
    2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 12:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @= "{6D4133E5-0742-4ADC-8A8C-9303440F7190} "
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @= "{64174815-8D98-4CE6-8646-4C039977D808} "
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage "= "c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]
    "IntelTBRunOnce "= "wscript.exe" [2009-07-14 168960]
    "THXCfg64 "= "c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "Acronis Scheduler2 Service "= "c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-15 16:15:33
    ComboFix-quarantined-files.txt 2011-05-15 21:15
    .
    Pre-Run: 45,147,336,704 bytes free
    Post-Run: 46,066,024,448 bytes free
    .
    - - End Of File - - 9A91908B7BAC08F21318E47BC5D7801B
     
    kip777,
    #11
  13. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not much there.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #12
  14. 2011/05/15
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    here is the security log will run ESET and post, by the way I'm using IE9


    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
    kip777,
    #13
  15. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.
    Go on...
     
    broni,
    #14
  16. 2011/05/15
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    ESET came back clean
     
    kip777,
    #15
  17. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're good to go.

    Good luck and stay safe :)
     
    broni,
    #16
  18. 2011/05/15
    kip777

    kip777 Well-Known Member Thread Starter

    Joined:
    2008/02/25
    Messages:
    35
    Likes Received:
    0
    Thanks Broni,
    Did you see any residue of infection on this machine or was it clean?
    Nothing like that sinking feeling in your stomach when you know it has been infected and you hit fn/f2 to turn off the wireless after about 10 seconds, (a lot of clock cycles) and look for ways to eliminate the mistake. I got lucky.
    Always trying to stay safe.
    Kip
     
    kip777,
    #17
  19. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, not really. Your computer was rather clean.
     
    broni,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...