ExaltedAlmighty
Posts: 9 +0
I live on a college campus, and I've been getting anywhere from 10kb/s to 300kb/s intenet speeds. It seems to be faster off my dorm floor, but the college tech support insists even at 1mb/s it's unusually slow. I have no other signs of a virus, but they seem to think it's probably an advanced rootkit. Anyway, any help would be appreciated. I hope I post this correctly.
================================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6346
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/12/2011 7:18:27 PM
mbam-log-2011-04-12 (19-18-27).txt
Scan type: Quick scan
Objects scanned: 194966
Time elapsed: 5 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
====================================
MER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-13 11:45:12
Windows 6.1.7600
Running: o7p3y8b7.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???zSm??????????.NT?????????????? ??????? ???????{???????????{??Kernel Mode Driver Frameworks service?????h??????9?g?9???????????d???????????????????????e????L??z?????????e????????????????????????????????????????????????????????????????os???????????????????????????z??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|?????????????????????????????????? ???????E?????F-4??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Des
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????????????????t?t????????????????????Microsoft 6to4 Adapter?r?????????????f??????????????????????????????????????????s???????????? ???????1??????????@nettun.inf,%msft%;Microsoft???????????????????e46????*????????????????n????????4E????~?????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter??6??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????Microsoft 6to4 Adapter #34??????volume.inf?yer??????????????76????.??????????????????k???????e????????????????????????????????????.??????????????????????????????????????n??rf??@nettun.inf,%msft%;Microsoft????6.1.7600.16385?4-4??????????????????????????????????????????????nettun.inf??????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0009??t???????????T??????)????????????????????????????i??r.???k?k???????????????????U????????m????????????????????8??{0??? R??????0??????????7&2ec73fd2&0????@oem9.inf,%msftmfg%;Sensible Vision?????????????????????????????????????? ???k?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????????*ntkern?????.NT?9-???????????????????}??????????????????????????os???????????v?????????d?????????????????|??????c???? ???p???&???????&??*6to4mp??1???????k???-??0D???????????????????1???????????????????i???????????????U??_0??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|????????????D???????????????????????3?????e77????X??????{???t??????????????????????????????vi????X??????????????????s??????????????????????????Microsoft???Microsoft???7-7-2010?l????????`?????????????????????????????????os??t????????{???????????9????????6?????????????????????????<????????????????????&???????????????????????????????&?????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???{????????????????????????????????????????????????????????????????????????????????? ???????n?????z?????{????????$??????????V????P??{?????????e????@%systemroot%\system32\ssdpsrv.dll,-100??????????{????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation???????P??{?????????n????@%systemroot%\system32\ssdpsrv.dll,-101?????? 4??{??????????????NT AUTHORITY\LocalService???????????????????????????????????t????????{?????????????? ????????????????x???????????e????,??{????????????????????????????????????b??{???????????????????{?{?{?{?{?{?{?{?{?{?{???{??????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?????????????????d???d???????? ???????{???????????x????????,?D??? ???????????? D??{??????????????%SystemRoot%\System32\ssdpsrv.dll???????????????????????????? ???????{???????????{?????????????????????????????????????????????????????? ??????????? ???????????????????????????????????????????????? ???????n?????z?? ??{????????$?d?????????????P??{?????????e????@%SystemRoot%\system32\sstpsvc.
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????????????????????????????C:??????C:????????????????~??????????p??????????????????????????????????????oem37.inf???6to4mp.ndi???e??????_0???????????5??84??????????????????????????????????.NT?????????? ??????????????x????????????????????????????????????????????????????????????????1?????????????????s????????????????????????????????????Microsoft 6to4 Adapter????????????????????????b????????????n?????? ??????"???????????????????????c??????????????????????? p??????n?????D????.NT??????????????b??36????.?????????????????????????????????????Gadget Serial???????????hidserv.inf:Microsoft.NTamd64:HIDSystemConsumerDevice:6.1.7600.16385:hid_device_up:000c_u:0001??@u??6.1.7600.16385????????N????????????De\??????????nettun.inf???t???????????-??????89??????????input.inf:Standard.NTamd64:HID_Raw_Inst:6.1.7600.16385::hid_device?e?e??Microsoft 6to4 Adapter #37?25???????????? ??????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?002??Microsoft 6to4 Adapter????????N???????????D??????????????~???h????:
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????????U????:??????????????????????????????????????6.1.7600.16385?422???{???????????????????????????&??????????????????????? ??????????????????????????????`????????e??? P??????3?????83-??{41D268B8-FE96-47BA-9744-A7463B78BD68}??F8????*??????F????d"{F??TCPIP6TUNNEL?Tcpip6??E????`??????}???{??\Device\{41D268B8-FE96-47BA-9744-A7463B78BD68}??93???????????E??????64?????????|????????????????? ?????????????????????.?????????????????f????????????????19A}????N??????C?????D4C??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?66-??? ???????0?????????????,????????$?"?<???????????????????????????????9-??? ?????????????????????,????????z?????#F7E????$??????-???????E??Root\*6TO4MP\0032?????z??????9??????6B??\\?\Root#*6TO4MP#0032#{cac88484-7515-4c03-82e6-71a87abac361}?3??? ???????1?????????????,??N?????$?"?<???????????????????????????????11??? ?????????????????????,????????????'????????????????????}????????????$??????9???????-??Root\*6TO4MP\0032????????????{??????B0??\\?\Root#*6TO4MP#0032#{ad498944-762f-11d0-8dcb-00c04fc3358c
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???p????????eF??????????????t?????P??????????????d????????4?????? ??o4??Network Address?????????????????????????? B??p??????????????Boot File System????*6to4mp??}???????????k?k?k?k?????k??????BC???v?v?v??? ???????n?????p?????p?2??????$?h?g???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??p????????n?????%SystemRoot%\System32\dnsext.dll????? ???????p???????????p?2???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???p?k???????:??system32\DRIVERS\tdx.sys?vers\tdx.sys????????????????????????s??????????????????????????f????????????????t?t????Tdx?nsi??????????p???:??????????????????t???11???s???????s??? ???????n???????????o????????(?4?f???????????0??p?????????e???????p????????eF??????????????t?????P??????????????d????????4?????? ??o4??Network Address?????????????????????????? B??p??????????????Boot File System????*6to4mp??}???????????k?k?k?k?????k??????BC???v?v?v??? ???????n?????p?????p?2??????$?h?g???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?????????????c?????s????NDProxy??0??CDROM????k???k??????????????????????????????????? V??m??????????????HIDClass?6???k???k?k?k????X??k???????????????k???????e??WPD?????IDE Channel??????k???l?l????HidUsb?73A??????????????s????k??ROOT\RDP_KBD?????????????????????????????????I?????s08???????????e???o???????????D?????s\n????N??m?????????D?????????????e?????sro???????k???n??ss???k???k?l?k??usbccgp??4??BCM42RLY??????X?????????????LegacyDriver?n??????? ??HidUsb?4?4?????k?&??? ???????j?????k?????k?.???????????? ???????????????????????????????? ???????k???????????j?.????????Z????????????? ??`???????e???????k??? ?????????k?&???????~???????????????????????????k???0??s????? ??`???????e??cdrom????????????????`??? ?????????? ??????????s?????????f??????s????k?k? ??????? ??6&119c959f&0?4???? ??`???????e??????????????????????????????????Network?????{00000000-0000-0000-0000-000000000000}??????? ??k????????????????N????????????????n?????????|???D??sE???????????-???e??KSecPkg?si??????82???????????k l?k?????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???k?p??? ???????f???????????f?.??????$???????????????s00F???????f???????????f?g?5??? ???????f???????????d?.??????"??????????f?????????????????????????? ??????????????????????????????? ??????????????? ????????????????????????????.?????????????????? ??????????????????? ????????? ??????????????????????f????????????@??f???????????f?gS???t???? ???????f?????f???????0??L????????? ??????.NT?????f???f???f????????? ???????f?????f???????0????????????&????????????????????????????f?????????????f????? ???????f?????f???????.?????????????????0??? ???????f?????f???????.????????????????????? ???????f?????f?? ????.??"?????v??????????0?????????????5?????s?/???????f???/???????????????0??D-???????????c???????????????????/???????f???????????fxg?f???????????????????????f???????5??MBRES???? ???????f?????f???????0??L????????? ??????????????f???f???f??d36e??? ???????f?????f???????0????????????&????????????????????-??? ???????f?????f???????0????????????????????? ???????f???????????f?0?????????????????????f?f?5???????????s??in???????f?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???p?p??????ep??localSystem?????????????????????????????tunnel???????????????v?v?v??? ???????n?????????????4??????$?p?q??????t????J??p?????????e????@%systemroot%\system32\eapsvc.dll,-1??????Z??p????????h?????%SystemRoot%\System32\svchost.exe -k netsvcs??????J??p?????????n????@%systemroot%\system32\eapsvc.dll,-2????? ???p??????????????*6to4mp?????????????????????????t????????p??????????????????????t????????h?????????????? ????????????????p???????????e??RPCSS?KeyIso??????,???????????????????????????????????????p??p??????????????????SeTcbPrivilege?SeDebugPrivilege?SeImpersonatePrivilege???????????n???0??????? ???????p?????????????4?????????????????s??? ???????p?????p?????p?4???????????????1????_tcp????? ???????p?????p???????*?? ????????????4???????p????? ???????p?????p???????*????????????????2??????p????? ???????p???????????p?*??????0?T?????1??????p????????????????:??p??????????????Windows Connect Now EAP Peer????? ?????????????????????p1????????????????????????????????????????????????????p?p?p???p?????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???t?p???o???????o??????????272696320?272696320?272696320?272696320?65536?65536?65536?65536?65536?65536?65536?65536?65536?65536??????????????????????s?????????????????e????? ???????????????????o??? ??????????????r???????????????????????netfxperf.dll????o????.??n???????t???z???p???r???o??????????????? ???n??????????s???OpenPerformanceData?ms??????????ClosePerformanceData????4998?????????????????????e????(??o????????????*??o??????e?????(??o??????????OpenPerformanceData??????????n???????y??? ???????n?????n???????????????????? ???????????????????? ???????o???????????n?,?????????????????e??2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00?????? ???????o???????????o?????????????????????e????OpenPerformanceData??????????????????????s??? ???o??????????s???HardConnectsPerSecond?HardDisconnectsPerSecond?SoftConnectsPerSecond?SoftDisconnectsPerSecond?NumberOfNonPooled
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\LogFiles\Scm\2264f833-79cc-498a-80ad-d9a1582370b1 20 bytes
File C:\Windows\Temp\_asw_aisI.tm~a02088 0 bytes
File C:\Windows\Temp\_asw_aisI.tm~a02088\setup.lok 0 bytes
---- EOF - GMER 1.0.15 ----
=====================================
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Battery Meter\BTMeter.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Robyn\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [Google Update] "C:\Users\Robyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ZumoDrive] C:\Program Files (x86)\Zecter\ZumoDrive\ZumoLauncher.lnk
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [FAStartup]
StartupFolder: C:\Users\Robyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Robyn\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Robyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
mRun-x64: [(Default)]
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\tullkgvm.default\
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\tullkgvm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Robyn\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Robyn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Robyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\tullkgvm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Robyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Robyn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ChaCha Expeditor Helper: chachaexpeditorhelper@matt.barbieri - %profile%\extensions\chachaexpeditorhelper@matt.barbieri
FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Ext: Case Changer: casechanger@plugin - %profile%\extensions\casechanger@plugin
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc,
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-9-19 19504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-7 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-19 280408]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs64.sys [2010-9-24 191960]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-19 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-19 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-19 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-7 42184]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2010-8-30 18432]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-19 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-9-19 60928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-3-22 101048]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 QDLService2kAlienware;Qualcomm Gobi 2000 Download Service (Alienware);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe [2010-3-15 330488]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-9-19 25648]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2010-12-18 130696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-21 86120]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-9-19 20392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-20 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-19 1153368]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2010-12-24 36328]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-19 67072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\64EB.tmp [2011-4-12 6144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2010-12-24 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2010-12-24 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2010-12-24 159208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-22 1255736]
.
=============== Created Last 30 ================
.
2011-04-13 00:09:22 -------- d-----w- C:\Users\Robyn\AppData\Roaming\Malwarebytes
2011-04-13 00:09:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-13 00:09:07 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-13 00:09:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-13 00:09:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-12 22:40:57 6144 ------w- C:\Windows\System32\64EB.tmp
2011-04-12 22:37:39 6144 ------w- C:\Windows\System32\5F3F.tmp
2011-04-12 22:37:29 -------- d-----w- C:\Program Files (x86)\Sophos
2011-04-12 22:24:23 -------- d-----w- C:\Windows\pss
2011-04-12 15:27:15 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{27808C3B-9464-4AF9-92CD-DC7F37F0FDC5}\mpengine.dll
2011-04-11 05:21:01 -------- d-----w- C:\Users\Robyn\AppData\Roaming\QuickScan
2011-04-11 03:45:55 -------- d-----w- C:\Program Files (x86)\Ashampoo
2011-04-10 19:16:31 -------- d-----w- C:\Users\Robyn\.clipbak
2011-04-10 02:51:52 -------- d-----w- C:\Program Files (x86)\CCTracker
2011-04-04 17:20:47 -------- d-----w- C:\Users\Robyn\AppData\Local\Xenocode
2011-04-04 17:20:47 -------- d-----w- C:\Program Files (x86)\Xenocode
2011-04-04 17:20:37 -------- d-----w- C:\Program Files (x86)\PDFArea
2011-03-20 20:32:36 -------- d-----w- C:\Windows\.jagex_cache_32
2011-03-19 05:12:12 -------- d-----w- C:\Users\Robyn\AppData\Roaming\Need for Speed World
2011-03-19 04:46:16 -------- d-----w- C:\Users\Robyn\AppData\Local\Electronic_Arts_Inc
2011-03-19 04:45:39 -------- d-----w- C:\PROGRA~3\Electronic Arts
2011-03-16 00:04:37 -------- d-----w- C:\Program Files\Wizards of the Coast
2011-03-15 17:12:42 -------- d-----w- C:\Users\Robyn\.maptool
2011-03-15 04:54:14 -------- d-----w- C:\Users\Robyn\AppData\Local\Wizards_of_the_Coast
2011-03-15 03:17:48 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast
2011-03-15 02:49:43 -------- d-----w- C:\Users\Robyn\.tokentool
2011-03-15 02:42:20 -------- d-----w- C:\Users\Robyn\.chartool
.
==================== Find3M ====================
.
2011-04-13 17:03:35 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-02-23 15:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 14:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 12:07:19.73 ===============
================================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6346
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/12/2011 7:18:27 PM
mbam-log-2011-04-12 (19-18-27).txt
Scan type: Quick scan
Objects scanned: 194966
Time elapsed: 5 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
====================================
MER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-13 11:45:12
Windows 6.1.7600
Running: o7p3y8b7.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???zSm??????????.NT?????????????? ??????? ???????{???????????{??Kernel Mode Driver Frameworks service?????h??????9?g?9???????????d???????????????????????e????L??z?????????e????????????????????????????????????????????????????????????????os???????????????????????????z??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|?????????????????????????????????? ???????E?????F-4??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Des
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????????????????t?t????????????????????Microsoft 6to4 Adapter?r?????????????f??????????????????????????????????????????s???????????? ???????1??????????@nettun.inf,%msft%;Microsoft???????????????????e46????*????????????????n????????4E????~?????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter??6??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????Microsoft 6to4 Adapter #34??????volume.inf?yer??????????????76????.??????????????????k???????e????????????????????????????????????.??????????????????????????????????????n??rf??@nettun.inf,%msft%;Microsoft????6.1.7600.16385?4-4??????????????????????????????????????????????nettun.inf??????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0009??t???????????T??????)????????????????????????????i??r.???k?k???????????????????U????????m????????????????????8??{0??? R??????0??????????7&2ec73fd2&0????@oem9.inf,%msftmfg%;Sensible Vision?????????????????????????????????????? ???k?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????????*ntkern?????.NT?9-???????????????????}??????????????????????????os???????????v?????????d?????????????????|??????c???? ???p???&???????&??*6to4mp??1???????k???-??0D???????????????????1???????????????????i???????????????U??_0??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|????????????D???????????????????????3?????e77????X??????{???t??????????????????????????????vi????X??????????????????s??????????????????????????Microsoft???Microsoft???7-7-2010?l????????`?????????????????????????????????os??t????????{???????????9????????6?????????????????????????<????????????????????&???????????????????????????????&?????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???{????????????????????????????????????????????????????????????????????????????????? ???????n?????z?????{????????$??????????V????P??{?????????e????@%systemroot%\system32\ssdpsrv.dll,-100??????????{????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation???????P??{?????????n????@%systemroot%\system32\ssdpsrv.dll,-101?????? 4??{??????????????NT AUTHORITY\LocalService???????????????????????????????????t????????{?????????????? ????????????????x???????????e????,??{????????????????????????????????????b??{???????????????????{?{?{?{?{?{?{?{?{?{?{???{??????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?????????????????d???d???????? ???????{???????????x????????,?D??? ???????????? D??{??????????????%SystemRoot%\System32\ssdpsrv.dll???????????????????????????? ???????{???????????{?????????????????????????????????????????????????????? ??????????? ???????????????????????????????????????????????? ???????n?????z?? ??{????????$?d?????????????P??{?????????e????@%SystemRoot%\system32\sstpsvc.
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????????????????????????????C:??????C:????????????????~??????????p??????????????????????????????????????oem37.inf???6to4mp.ndi???e??????_0???????????5??84??????????????????????????????????.NT?????????? ??????????????x????????????????????????????????????????????????????????????????1?????????????????s????????????????????????????????????Microsoft 6to4 Adapter????????????????????????b????????????n?????? ??????"???????????????????????c??????????????????????? p??????n?????D????.NT??????????????b??36????.?????????????????????????????????????Gadget Serial???????????hidserv.inf:Microsoft.NTamd64:HIDSystemConsumerDevice:6.1.7600.16385:hid_device_up:000c_u:0001??@u??6.1.7600.16385????????N????????????De\??????????nettun.inf???t???????????-??????89??????????input.inf:Standard.NTamd64:HID_Raw_Inst:6.1.7600.16385::hid_device?e?e??Microsoft 6to4 Adapter #37?25???????????? ??????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?002??Microsoft 6to4 Adapter????????N???????????D??????????????~???h????:
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????????U????:??????????????????????????????????????6.1.7600.16385?422???{???????????????????????????&??????????????????????? ??????????????????????????????`????????e??? P??????3?????83-??{41D268B8-FE96-47BA-9744-A7463B78BD68}??F8????*??????F????d"{F??TCPIP6TUNNEL?Tcpip6??E????`??????}???{??\Device\{41D268B8-FE96-47BA-9744-A7463B78BD68}??93???????????E??????64?????????|????????????????? ?????????????????????.?????????????????f????????????????19A}????N??????C?????D4C??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?66-??? ???????0?????????????,????????$?"?<???????????????????????????????9-??? ?????????????????????,????????z?????#F7E????$??????-???????E??Root\*6TO4MP\0032?????z??????9??????6B??\\?\Root#*6TO4MP#0032#{cac88484-7515-4c03-82e6-71a87abac361}?3??? ???????1?????????????,??N?????$?"?<???????????????????????????????11??? ?????????????????????,????????????'????????????????????}????????????$??????9???????-??Root\*6TO4MP\0032????????????{??????B0??\\?\Root#*6TO4MP#0032#{ad498944-762f-11d0-8dcb-00c04fc3358c
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???p????????eF??????????????t?????P??????????????d????????4?????? ??o4??Network Address?????????????????????????? B??p??????????????Boot File System????*6to4mp??}???????????k?k?k?k?????k??????BC???v?v?v??? ???????n?????p?????p?2??????$?h?g???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??p????????n?????%SystemRoot%\System32\dnsext.dll????? ???????p???????????p?2???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???p?k???????:??system32\DRIVERS\tdx.sys?vers\tdx.sys????????????????????????s??????????????????????????f????????????????t?t????Tdx?nsi??????????p???:??????????????????t???11???s???????s??? ???????n???????????o????????(?4?f???????????0??p?????????e???????p????????eF??????????????t?????P??????????????d????????4?????? ??o4??Network Address?????????????????????????? B??p??????????????Boot File System????*6to4mp??}???????????k?k?k?k?????k??????BC???v?v?v??? ???????n?????p?????p?2??????$?h?g???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?????????????c?????s????NDProxy??0??CDROM????k???k??????????????????????????????????? V??m??????????????HIDClass?6???k???k?k?k????X??k???????????????k???????e??WPD?????IDE Channel??????k???l?l????HidUsb?73A??????????????s????k??ROOT\RDP_KBD?????????????????????????????????I?????s08???????????e???o???????????D?????s\n????N??m?????????D?????????????e?????sro???????k???n??ss???k???k?l?k??usbccgp??4??BCM42RLY??????X?????????????LegacyDriver?n??????? ??HidUsb?4?4?????k?&??? ???????j?????k?????k?.???????????? ???????????????????????????????? ???????k???????????j?.????????Z????????????? ??`???????e???????k??? ?????????k?&???????~???????????????????????????k???0??s????? ??`???????e??cdrom????????????????`??? ?????????? ??????????s?????????f??????s????k?k? ??????? ??6&119c959f&0?4???? ??`???????e??????????????????????????????????Network?????{00000000-0000-0000-0000-000000000000}??????? ??k????????????????N????????????????n?????????|???D??sE???????????-???e??KSecPkg?si??????82???????????k l?k?????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???k?p??? ???????f???????????f?.??????$???????????????s00F???????f???????????f?g?5??? ???????f???????????d?.??????"??????????f?????????????????????????? ??????????????????????????????? ??????????????? ????????????????????????????.?????????????????? ??????????????????? ????????? ??????????????????????f????????????@??f???????????f?gS???t???? ???????f?????f???????0??L????????? ??????.NT?????f???f???f????????? ???????f?????f???????0????????????&????????????????????????????f?????????????f????? ???????f?????f???????.?????????????????0??? ???????f?????f???????.????????????????????? ???????f?????f?? ????.??"?????v??????????0?????????????5?????s?/???????f???/???????????????0??D-???????????c???????????????????/???????f???????????fxg?f???????????????????????f???????5??MBRES???? ???????f?????f???????0??L????????? ??????????????f???f???f??d36e??? ???????f?????f???????0????????????&????????????????????-??? ???????f?????f???????0????????????????????? ???????f???????????f?0?????????????????????f?f?5???????????s??in???????f?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???p?p??????ep??localSystem?????????????????????????????tunnel???????????????v?v?v??? ???????n?????????????4??????$?p?q??????t????J??p?????????e????@%systemroot%\system32\eapsvc.dll,-1??????Z??p????????h?????%SystemRoot%\System32\svchost.exe -k netsvcs??????J??p?????????n????@%systemroot%\system32\eapsvc.dll,-2????? ???p??????????????*6to4mp?????????????????????????t????????p??????????????????????t????????h?????????????? ????????????????p???????????e??RPCSS?KeyIso??????,???????????????????????????????????????p??p??????????????????SeTcbPrivilege?SeDebugPrivilege?SeImpersonatePrivilege???????????n???0??????? ???????p?????????????4?????????????????s??? ???????p?????p?????p?4???????????????1????_tcp????? ???????p?????p???????*?? ????????????4???????p????? ???????p?????p???????*????????????????2??????p????? ???????p???????????p?*??????0?T?????1??????p????????????????:??p??????????????Windows Connect Now EAP Peer????? ?????????????????????p1????????????????????????????????????????????????????p?p?p???p?????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???t?p???o???????o??????????272696320?272696320?272696320?272696320?65536?65536?65536?65536?65536?65536?65536?65536?65536?65536??????????????????????s?????????????????e????? ???????????????????o??? ??????????????r???????????????????????netfxperf.dll????o????.??n???????t???z???p???r???o??????????????? ???n??????????s???OpenPerformanceData?ms??????????ClosePerformanceData????4998?????????????????????e????(??o????????????*??o??????e?????(??o??????????OpenPerformanceData??????????n???????y??? ???????n?????n???????????????????? ???????????????????? ???????o???????????n?,?????????????????e??2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00?????? ???????o???????????o?????????????????????e????OpenPerformanceData??????????????????????s??? ???o??????????s???HardConnectsPerSecond?HardDisconnectsPerSecond?SoftConnectsPerSecond?SoftDisconnectsPerSecond?NumberOfNonPooled
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\LogFiles\Scm\2264f833-79cc-498a-80ad-d9a1582370b1 20 bytes
File C:\Windows\Temp\_asw_aisI.tm~a02088 0 bytes
File C:\Windows\Temp\_asw_aisI.tm~a02088\setup.lok 0 bytes
---- EOF - GMER 1.0.15 ----
=====================================
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Battery Meter\BTMeter.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Robyn\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [Google Update] "C:\Users\Robyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ZumoDrive] C:\Program Files (x86)\Zecter\ZumoDrive\ZumoLauncher.lnk
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [BTMeter] C:\Program Files (x86)\Battery Meter\BTMeter.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [FAStartup]
StartupFolder: C:\Users\Robyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Robyn\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Robyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
mRun-x64: [(Default)]
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\tullkgvm.default\
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\tullkgvm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Robyn\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Robyn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Robyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\tullkgvm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Robyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Robyn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ChaCha Expeditor Helper: chachaexpeditorhelper@matt.barbieri - %profile%\extensions\chachaexpeditorhelper@matt.barbieri
FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Ext: Case Changer: casechanger@plugin - %profile%\extensions\casechanger@plugin
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc,
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-9-19 19504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-7 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-9-19 280408]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs64.sys [2010-9-24 191960]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-19 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-9-19 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-9-19 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-7 42184]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2010-8-30 18432]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-19 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-9-19 60928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-3-22 101048]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 QDLService2kAlienware;Qualcomm Gobi 2000 Download Service (Alienware);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kAlienware.exe [2010-3-15 330488]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-9-19 25648]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2010-12-18 130696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-9-21 86120]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-9-19 20392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-20 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-19 1153368]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2010-12-24 36328]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-19 67072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\64EB.tmp [2011-4-12 6144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2010-12-24 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2010-12-24 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2010-12-24 159208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-22 1255736]
.
=============== Created Last 30 ================
.
2011-04-13 00:09:22 -------- d-----w- C:\Users\Robyn\AppData\Roaming\Malwarebytes
2011-04-13 00:09:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-13 00:09:07 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-13 00:09:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-13 00:09:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-12 22:40:57 6144 ------w- C:\Windows\System32\64EB.tmp
2011-04-12 22:37:39 6144 ------w- C:\Windows\System32\5F3F.tmp
2011-04-12 22:37:29 -------- d-----w- C:\Program Files (x86)\Sophos
2011-04-12 22:24:23 -------- d-----w- C:\Windows\pss
2011-04-12 15:27:15 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{27808C3B-9464-4AF9-92CD-DC7F37F0FDC5}\mpengine.dll
2011-04-11 05:21:01 -------- d-----w- C:\Users\Robyn\AppData\Roaming\QuickScan
2011-04-11 03:45:55 -------- d-----w- C:\Program Files (x86)\Ashampoo
2011-04-10 19:16:31 -------- d-----w- C:\Users\Robyn\.clipbak
2011-04-10 02:51:52 -------- d-----w- C:\Program Files (x86)\CCTracker
2011-04-04 17:20:47 -------- d-----w- C:\Users\Robyn\AppData\Local\Xenocode
2011-04-04 17:20:47 -------- d-----w- C:\Program Files (x86)\Xenocode
2011-04-04 17:20:37 -------- d-----w- C:\Program Files (x86)\PDFArea
2011-03-20 20:32:36 -------- d-----w- C:\Windows\.jagex_cache_32
2011-03-19 05:12:12 -------- d-----w- C:\Users\Robyn\AppData\Roaming\Need for Speed World
2011-03-19 04:46:16 -------- d-----w- C:\Users\Robyn\AppData\Local\Electronic_Arts_Inc
2011-03-19 04:45:39 -------- d-----w- C:\PROGRA~3\Electronic Arts
2011-03-16 00:04:37 -------- d-----w- C:\Program Files\Wizards of the Coast
2011-03-15 17:12:42 -------- d-----w- C:\Users\Robyn\.maptool
2011-03-15 04:54:14 -------- d-----w- C:\Users\Robyn\AppData\Local\Wizards_of_the_Coast
2011-03-15 03:17:48 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast
2011-03-15 02:49:43 -------- d-----w- C:\Users\Robyn\.tokentool
2011-03-15 02:42:20 -------- d-----w- C:\Users\Robyn\.chartool
.
==================== Find3M ====================
.
2011-04-13 17:03:35 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-02-23 15:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 14:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 12:07:19.73 ===============