|
Answer» ComboFix 11-03-13.02 - Connor 03/14/2011 17:28:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2447 [GMT -4:00]
Running from: c:\users\Connor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other DELETIONS )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Connor\AppData\Local\Temp\VPN_77D6\9218E5A4.dll
c:\windows\TEMP\VPN_57C7\9218E5A4.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 21:44 . 2011-03-14 21:44--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-14 21:44 . 2011-03-14 21:44--------d-----w-c:\users\Default\AppData\Local\temp
2011-03-14 21:24 . 2011-03-14 21:25--------d-----w-C:\32788R22FWJFW
2011-03-14 03:03 . 2011-02-11 04:317947600----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4300CDD2-4DB3-47E4-88F4-D19C9343D8E6}\mpengine.dll
2011-03-10 21:20 . 2011-03-10 21:20--------d-----w-C:\_OTL
2011-03-08 20:20 . 2011-03-08 20:20--------d-----w-c:\program files (x86)\Common Files\Skype
2011-03-06 03:29 . 2011-03-06 03:29--------d-----w-C:\LazyNewbPack[0.31.19][V8.0]
2011-03-05 12:31 . 2008-10-15 11:22519000----a-w-c:\windows\system32\d3dx10_40.dll
2011-03-05 12:31 . 2008-10-15 11:22452440----a-w-c:\windows\SysWow64\d3dx10_40.dll
2011-03-05 12:31 . 2008-10-15 11:222605920----a-w-c:\windows\system32\D3DCompiler_40.dll
2011-03-05 12:31 . 2008-10-15 11:222036576----a-w-c:\windows\SysWow64\D3DCompiler_40.dll
2011-03-05 12:31 . 2008-10-15 11:225631312----a-w-c:\windows\system32\D3DX9_40.dll
2011-03-05 12:31 . 2008-10-15 11:224379984----a-w-c:\windows\SysWow64\D3DX9_40.dll
2011-03-05 12:30 . 2011-03-05 12:30--------d-----w-c:\users\Public\Games
2011-03-05 01:26 . 2011-03-05 01:37364201984----a-w-C:\WindSlayer-01_09_0000.exe
2011-03-05 00:23 . 2011-03-05 00:23--------d-----w-C:\gPotato
2011-03-05 00:11 . 2011-03-05 00:23472781133----a-w-C:\AIKAOnline_US_Setup_20101103.exe
2011-03-04 03:33 . 2011-03-04 03:35--------d-----w-c:\users\Connor\AppData\Roaming\BugTrap Console Test108
2011-02-28 23:57 . 2011-02-11 04:317947600----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-28 23:57 . 2011-02-28 23:56601424------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92021A4C-7412-4852-B81E-546412346036}\gapaengine.dll
2011-02-28 23:46 . 2011-02-28 23:46--------d-----w-c:\program files (x86)\Microsoft Security CLIENT
2011-02-28 23:46 . 2011-02-28 23:47--------d-----w-c:\program files\Microsoft Security Client
2011-02-28 23:46 . 2010-04-09 11:06374664----a-w-c:\windows\system32\drivers\netio.sys
2011-02-27 23:37 . 2011-02-27 23:37388096----a-r-c:\users\Connor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-27 23:37 . 2011-02-27 23:37--------d-----w-c:\program files (x86)\Trend Micro
2011-02-27 23:17 . 2011-02-27 23:17--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2011-02-27 21:04 . 2011-02-27 21:04--------d-----w-c:\users\Connor\AppData\Roaming\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04--------d-----w-c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04--------d-----w-c:\programdata\!SASCORE
2011-02-27 21:04 . 2011-02-27 21:04--------d-----w-c:\program files\SUPERAntiSpyware
2011-02-27 20:46 . 2011-02-27 20:46--------d-----w-c:\program files\CCleaner
2011-02-27 20:38 . 2010-03-29 16:06233488----a-w-c:\windows\system32\drivers\PCTCore64.sys
2011-02-27 20:38 . 2010-11-17 15:20331368----a-w-c:\windows\system32\drivers\pctgntdi64.sys
2011-02-27 20:38 . 2010-11-17 15:20136168----a-w-c:\windows\system32\drivers\pctwfpfilter64.sys
2011-02-27 20:38 . 2011-02-27 23:17--------d-----w-c:\users\Connor\AppData\Roaming\PCToolsFirewallPlus
2011-02-27 20:37 . 2011-02-27 20:38--------d-----w-c:\program files (x86)\Common Files\PC Tools
2011-02-27 20:37 . 2010-11-24 14:18119688----a-w-c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2011-02-27 20:37 . 2010-07-08 14:4979000----a-w-c:\windows\system32\drivers\pctNdis64.sys
2011-02-27 20:37 . 2010-02-05 14:2642968----a-w-c:\windows\system32\drivers\pctNdis-DNS64.sys
2011-02-27 20:37 . 2010-11-25 15:42179464----a-w-c:\windows\system32\drivers\pctplfw64.sys
2011-02-27 20:37 . 2011-02-27 23:17--------d-----w-c:\program files (x86)\PC Tools Firewall Plus
2011-02-27 16:31 . 2011-02-27 21:01--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
2011-02-27 16:31 . 2011-02-27 21:01--------d-----w-c:\programdata\Spybot - Search & Destroy
2011-02-27 15:52 . 2010-12-20 23:0938224----a-w-c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 07:49 . 2011-02-27 15:52--------d-----w-c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-02-24 13:49 . 2010-09-14 06:45367104----a-w-c:\windows\system32\wcncsvc.dll
2011-02-24 13:49 . 2010-09-14 06:07276992----a-w-c:\windows\SysWow64\wcncsvc.dll
2011-02-23 21:20 . 2011-02-23 21:20--------d-----w-c:\program files (x86)\Common Files\Java
2011-02-23 21:19 . 2011-02-03 02:40472808----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 21:18 . 2011-02-23 21:18--------d-----w-c:\programdata\McAfee
2011-02-23 20:23 . 2011-02-23 20:23--------d-----w-c:\program files (x86)\LOLReplay
2011-02-23 16:55 . 2011-01-07 08:07662528----a-w-c:\windows\system32\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 08:07475648----a-w-c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:55 . 2011-01-07 07:31442880----a-w-c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 07:31288256----a-w-c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-21 20:44 . 2008-10-15 14:25461680----a-w-C:\Dbgview.exe
2011-02-20 21:17 . 2011-02-20 21:17--------d--h--w-c:\windows\system32\CanonMF Uninstaller Information
2011-02-20 21:17 . 2011-02-20 21:17--------d-----w-c:\program files\Canon
2011-02-20 21:16 . 2007-04-18 22:1366048----a-w-c:\windows\system32\CNAS0MMK.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2011-01-13 14:44472808----a-w-c:\windows\SysWow64\deployJava1.dll
2011-01-30 03:17 . 2011-01-30 03:1729808----a-w-c:\windows\system32\drivers\Neo_0014.sys
2011-01-30 03:16 . 2011-01-30 03:1681920----a-w-c:\windows\SysWow64\vpncmd.exe
2011-01-26 06:53 . 2011-02-09 20:22982912----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 20:22265088----a-w-c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 20:22144384----a-w-c:\windows\system32\cdd.dll
2011-01-19 08:26 . 2011-01-19 08:2686016----a-w-c:\windows\SysWow64\frapsvid.dll
2011-01-19 08:26 . 2011-01-19 08:2684992----a-w-c:\windows\system32\frapsv64.dll
2011-01-07 08:06 . 2011-02-09 20:2246080----a-w-c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 20:2234304----a-w-c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 20:22366080----a-w-c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 20:22294400----a-w-c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 20:22612352----a-w-c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 20:22428032----a-w-c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 20:223127808----a-w-c:\windows\system32\win32k.sys
2011-01-03 06:32 . 2010-01-08 14:1445056----a-w-c:\windows\system32\acovcnt.exe
2010-12-27 18:55 . 2008-11-25 16:12348160----a-w-c:\windows\SysWow64\msvcr71.dll
2010-12-27 18:55 . 2008-11-25 16:12499712----a-w-c:\windows\SysWow64\msvcp71.dll
2010-12-21 06:16 . 2011-02-09 20:2262976----a-w-c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 20:2297280----a-w-c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 20:22214016----a-w-c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 20:221197056----a-w-c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 20:22442880----a-w-c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 20:22258048----a-w-c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 20:22264192----a-w-c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 20:2215360----a-w-c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 20:222003968----a-w-c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 20:221880576----a-w-c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 20:22100864----a-w-c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 20:2251200----a-w-c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 20:22981504----a-w-c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 20:22350720----a-w-c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 20:22204800----a-w-c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 20:22204288----a-w-c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 20:2214336----a-w-c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 20:221389568----a-w-c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 20:221236992----a-w-c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 20:2280384----a-w-c:\windows\SysWow64\davclnt.dll
2010-12-20 23:08 . 2010-12-04 20:3124152----a-w-c:\windows\system32\drivers\mbam.sys
2010-12-18 06:11 . 2011-02-09 20:2257856----a-w-c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 20:22714752----a-w-c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 20:2244544----a-w-c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 20:22541184----a-w-c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 20:22482816----a-w-c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 20:22386048----a-w-c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 20:221638912----a-w-c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 20:221638912----a-w-c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( [emailprotected]_00.19.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-27 23:17 . 2011-02-27 23:1616384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-27 23:17 . 2011-03-14 17:5616384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-16 01:36 . 2011-03-14 21:1857818 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-14 21:4848854 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-15 10:07 . 2011-03-14 21:4826572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712587676-1097138996-4050794247-1000_UserData.bin
+ 2010-11-21 04:55 . 2011-03-09 08:5316384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-11-21 04:55 . 2011-02-28 05:4916384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:0516384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:12 . 2011-03-14 21:4716384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-12 15:2780352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-15 10:12 . 2011-03-14 21:4732768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:0532768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-15 10:12 . 2011-03-14 21:4716384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:0516384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:09 . 2011-03-01 00:0516384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:09 . 2011-03-14 21:4816384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:09 . 2011-03-14 21:4816384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:09 . 2011-03-01 00:0516384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-16 03:17 . 2011-03-09 08:0135088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-16 03:17 . 2011-02-10 12:4635088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-16 03:17 . 2011-03-09 08:0118704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-16 03:17 . 2011-02-10 12:4618704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-16 05:33 . 2011-02-10 12:4620240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:0120240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-02-13 04:50 . 2010-02-13 04:5012800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-03-05 12:31 . 2011-03-05 12:3112800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-03-05 12:31 . 2011-03-05 12:3153248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-02-13 04:50 . 2010-02-13 04:5053248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-03-08 02:05 . 2011-03-08 02:059560 c:\windows\system32\NetworkList\Icons\{D891C3B3-3BF7-4431-9FC1-850715DE7EC8}_48.bin
+ 2011-03-08 02:05 . 2011-03-08 02:054280 c:\windows\system32\NetworkList\Icons\{D891C3B3-3BF7-4431-9FC1-850715DE7EC8}_32.bin
+ 2011-03-08 02:05 . 2011-03-08 02:052456 c:\windows\system32\NetworkList\Icons\{D891C3B3-3BF7-4431-9FC1-850715DE7EC8}_24.bin
- 2011-03-01 00:19 . 2011-03-01 00:192048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 21:45 . 2011-03-14 21:452048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 21:45 . 2011-03-14 21:452048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-01 00:19 . 2011-03-01 00:192048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-14 21:46 . 2011-03-14 21:46119808 c:\windows\temp\VPN_25DD\0FC343C0.dll
- 2009-07-14 00:06 . 2009-07-14 01:16850432 c:\windows\SysWOW64\sbe.dll
+ 2011-03-08 23:40 . 2010-12-23 05:28850432 c:\windows\SysWOW64\sbe.dll
+ 2011-03-05 00:06 . 2011-03-05 00:06235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe
- 2009-07-14 00:41 . 2009-07-14 01:16534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-03-08 23:40 . 2010-12-23 05:28534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-03-08 23:40 . 2011-02-19 05:32739840 c:\windows\SysWOW64\d2d1.dll
- 2011-01-12 13:35 . 2010-11-02 04:35739840 c:\windows\SysWOW64\d2d1.dll
+ 2011-03-08 23:40 . 2010-12-23 05:28642048 c:\windows\SysWOW64\CPFilters.dll
- 2009-07-14 02:36 . 2011-02-28 23:46703262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-14 21:20703262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-14 21:20136794 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-28 23:46136794 c:\windows\system32\perfc009.dat
+ 2011-03-08 23:40 . 2010-12-23 06:07723968 c:\windows\system32\EncDec.dll
+ 2011-03-08 23:40 . 2011-02-19 06:36902656 c:\windows\system32\d2d1.dll
- 2011-01-12 13:35 . 2010-11-02 05:12902656 c:\windows\system32\d2d1.dll
- 2010-10-26 20:40 . 2010-08-04 07:07961024 c:\windows\system32\CPFilters.dll
+ 2011-03-08 23:40 . 2010-12-23 06:07961024 c:\windows\system32\CPFilters.dll
+ 2009-07-14 05:01 . 2011-03-14 21:45421204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-01 00:18421204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-08 23:58 . 2010-12-08 23:58752640 c:\windows\Installer\5af3d60.msi
+ 2011-03-08 20:20 . 2011-03-08 20:20371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
- 2010-12-29 18:52 . 2010-12-29 18:52371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
- 2009-11-16 03:17 . 2011-02-10 12:46888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-16 03:17 . 2011-03-09 08:01888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2009-11-16 05:33 . 2011-02-10 12:46272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-16 05:33 . 2011-02-10 12:46922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-16 05:33 . 2011-02-10 12:46845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-16 05:33 . 2011-02-10 12:46217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-16 05:33 . 2011-02-10 12:46184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-16 05:33 . 2011-02-10 12:46159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-14 11:04 . 2009-02-14 11:04625520 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL
+ 2009-02-12 20:19 . 2009-02-12 20:19688512 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL
+ 2009-03-06 09:33 . 2009-03-06 09:33961888 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL
+ 2009-02-14 11:03 . 2009-02-14 11:03337264 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVE.EXE
- 2010-02-13 04:50 . 2010-02-13 04:50223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-02-13 04:50 . 2010-02-13 04:50178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-02-13 04:50 . 2010-02-13 04:50364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-02-13 04:50 . 2010-02-13 04:50159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-02-13 04:50 . 2010-02-13 04:50145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-16 03:08 . 2009-11-16 03:08578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-02-13 04:50 . 2010-02-13 04:50577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-02-13 04:50 . 2010-02-13 04:50473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-03-14 21:46 . 2011-03-14 21:462240512 c:\windows\temp\VPN_25DD\9218E5A4.dll
+ 2011-03-14 21:46 . 2011-03-14 21:461185288 c:\windows\temp\.unicode_cache_78ae99a9.dat
+ 2011-03-08 23:40 . 2010-12-18 05:302690560 c:\windows\SysWOW64\mstscax.dll
+ 2011-03-08 23:40 . 2010-12-18 05:261034240 c:\windows\SysWOW64\mstsc.exe
- 2010-01-27 01:07 . 2011-02-11 21:416053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2010-01-27 01:07 . 2011-03-05 00:066053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-03-08 23:40 . 2011-02-19 05:321074176 c:\windows\SysWOW64\DWrite.dll
- 2011-01-12 13:35 . 2010-11-02 04:351074176 c:\windows\SysWOW64\DWrite.dll
+ 2011-03-08 23:40 . 2010-12-23 06:071118720 c:\windows\system32\sbe.dll
- 2009-07-14 00:21 . 2009-07-14 01:411118720 c:\windows\system32\sbe.dll
+ 2011-03-08 23:40 . 2010-12-18 06:123138048 c:\windows\system32\mstscax.dll
+ 2011-03-08 23:40 . 2010-12-18 06:081097216 c:\windows\system32\mstsc.exe
+ 2011-03-08 23:40 . 2011-02-19 06:371135104 c:\windows\system32\FntCache.dll
- 2011-01-12 13:35 . 2010-11-02 05:121540608 c:\windows\system32\DWrite.dll
+ 2011-03-08 23:40 . 2011-02-19 06:371540608 c:\windows\system32\DWrite.dll
- 2009-07-14 04:45 . 2011-02-28 23:513798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-03-09 08:223798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-16 18:54 . 2011-02-16 18:544992000 c:\windows\Installer\1d0321f.msp
+ 2011-01-11 22:53 . 2011-01-11 22:531763328 c:\windows\Installer\1d03209.msp
+ 2009-11-16 05:33 . 2011-03-09 08:011172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-16 05:33 . 2011-02-10 12:461172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-16 05:33 . 2011-02-10 12:461165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-16 05:33 . 2011-03-09 08:011165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-14 11:03 . 2009-02-14 11:033070832 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL
- 2009-11-16 03:08 . 2009-11-16 03:082846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:312846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:312676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:082676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-14 02:34 . 2011-03-01 00:1710223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-03-14 21:3010223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-11-15 13:25 . 2011-03-09 08:0139946696 c:\windows\system32\MRT.exe
+ 2011-03-08 20:19 . 2011-03-08 20:1918307072 c:\windows\Installer\2f64c.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
2010-11-06 03:142735200----a-w-c:\program files (x86)\OnRPG\tbOnR0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"= "c:\program files (x86)\OnRPG\tbOnR0.dll" [2010-11-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08143360----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files (x86)\DNA\btdna.exe" [2010-11-19 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CinemaNowMediaManagerApp"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" [2009-06-11 2088296]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"cwcptray"="c:\program files (x86)\ContentWatch\Internet Protection\cwtray.exe" [2010-11-16 353088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-9-15 12862]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-3-3 201728]
PacketiX VPN Client Task Tray.lnk - c:\program files (x86)\PacketiX VPN Client English\vpncmgr.exe [2008-5-15 2682880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:4435760----a-w-c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30272952----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-16 01:3372248----a-w-c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-09-16 01:333054136----a-w-c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 00:52104936------w-c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 23:11210216------w-c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\hanpurple\elsword\data\GameGuard\dump_wmimmc.sys
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 X6va003;X6va003;c:\users\Connor\AppData\Local\Temp\003CFBB.tmp
R3 X6va005;X6va005;c:\users\Connor\AppData\Local\Temp\005845B.tmp
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
S2 CwAltaService20;ContentWatch;c:\program files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2010-11-16 2109440]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-02-25 23680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe
S2 vpnclient;PacketiX VPN Client;c:\program files (x86)\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0014.sys
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys
S3 PCTFW-PacketFilter;PCTools Firewall - PACKET filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52159744----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z023&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: cinemanow.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\ecx7ksuv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z023&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z023&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Move Media Player: [emailprotected] - c:\users\Connor\AppData\Roaming\Move Networks
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: SyncPlaces: [emailprotected] - %profile%\extensions\[emailprotected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\003CFBB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\005845B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
.
**************************************************************************
.
Completion time: 2011-03-14 17:58:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-14 21:58
ComboFix2.txt 2011-03-02 19:28
ComboFix3.txt 2011-03-01 00:27
.
Pre-Run: 137,372,893,184 bytes free
POST-Run: 137,028,952,064 bytes free
.
- - End Of File - - F509B404EEE2E4C542C804E8620E1182
Please download Rooter and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
First time to post:
Have tried all the above actions to remove Whitesmoke
At first it looked like Malwarebytes took care of it but Whitesmoke never actually is removed.
Have tried ComboFix (placed on desktop) and now OldTimer with your suggested fix code.
Here is the results from OldTimer. Not sure yet if it worked, just trying to capture the text into the string. I will re-post the result if Whitesmoke is finally off my computer.
Thanks for your time is helping folks on this, it is great that you do that.
....................................... ...
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\found.000 not found.
File\Folder c:\users\Connor\AppData\Local\Temp\00199D8.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001\ not found.
HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001\\"ImagePath"|"\??\c:\users\Connor\AppData\Local\Temp\00199D8.tmp" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Error: No service named X6va001 was found to stop!
Service\Driver key X6va001 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Anne
->Temp folder emptied: 61088 bytes
->Temporary Internet Files folder emptied: 119918476 bytes
->Java cache emptied: 144187 bytes
->Google Chrome cache emptied: 7385685 bytes
->Flash cache emptied: 83496 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1610 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 122.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12302011_101001
Files\Folders moved on Reboot...
C:\Users\Anne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS4ZGF6\1053965053[1].htm moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS4ZGF6\activityi;src=2542116;type=clien612;cat=chromx;u2=;u1=;ord=1;num=5615028436588[1].htm moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CANMWGVQ\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
Registry entries deleted on Reboot...
|
