cybersspot.com
Baseband Member
- Messages
- 58
- Location
- Greenville, MI
my hp tx1000 keeps over heating. I keep getting malwarebytes notices that it has successfully blocked access to a potentially malicious website: 89:28:44:84 <-- that number changes most every time.
Now I have my combofix log and my hijack this log, but I can't get completely through a mbam scan without overheating.
What can you tell me from what I have? Svchost taking half my resources.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:48 PM, on 2/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\David\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CrypKey License - Unknown owner - C:\Windows\system32\crypserv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5230 bytes
ComboFix 11-02-15.04 - David 02/20/2011 15:22:30.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4031.3213 [GMT -5:00]
Running from: c:\users\David\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
c:\users\David\AppData\Roaming\Local
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\[From www.metacafe.com] 4756611.14494631.4.mp4.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\146083395402617_38097.mp4.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4)
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\[From www.metacafe.com] 4756611.14494631.4.mp4
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\146083395402617_38097.mp4
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\x6gjfy.mp4
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\x6gjfy.mp4.ddr
c:\windows\XSxS
.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.
2011-02-20 20:38 . 2011-02-20 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 17:57 . 2011-02-19 17:57 -------- d-----w- c:\programdata\UAB
2011-02-19 16:13 . 2011-02-19 16:13 -------- d-----w- c:\programdata\Driver Whiz
2011-02-19 16:11 . 2011-02-19 16:11 -------- d-----w- c:\program files (x86)\Driver Whiz
2011-02-19 15:57 . 2004-01-14 16:25 81920 ----a-w- c:\windows\SysWow64\ZDPN50.DLL
2011-02-19 15:57 . 2003-03-14 17:24 24576 ----a-w- c:\windows\SysWow64\ZyDelReg.exe
2011-02-19 15:57 . 2005-07-12 19:44 15872 ----a-w- c:\windows\SysWow64\InsDrvZD64.DLL
2011-02-19 15:57 . 2004-03-23 21:38 28672 ----a-w- c:\windows\SysWow64\InsDrvZD.dll
2011-02-18 14:52 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-18 14:51 . 2010-11-16 22:45 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-02-18 14:51 . 2010-11-16 22:45 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-02-18 14:50 . 2010-11-16 22:45 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-02-18 14:50 . 2011-02-18 14:52 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-02-18 14:50 . 2010-05-15 21:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-02-18 14:50 . 2010-05-15 21:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-02-18 14:50 . 2011-02-18 14:50 -------- d-----w- c:\program files (x86)\Zone Labs
2011-02-18 14:49 . 2011-02-18 14:49 -------- d-----w- c:\programdata\CheckPoint
2011-02-18 14:49 . 2011-02-20 20:41 -------- d-----w- c:\windows\Internet Logs
2011-02-17 23:10 . 2011-02-17 23:10 -------- d-----w- c:\program files (x86)\LSoft Technologies
2011-02-17 23:10 . 2011-02-19 19:34 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-02-15 14:36 . 2011-02-15 14:36 -------- d-----w- c:\windows\system32\appmgmt
2011-02-14 21:25 . 2009-11-12 09:44 1534976 ----a-w- c:\windows\windows 7 ultimate black.msstyles
2011-02-14 21:25 . 2009-07-13 22:03 350720 ----a-w- c:\windows\shellstyle.dll
2011-02-14 21:25 . 2009-07-13 20:39 1187984 ----a-w- c:\windows\backup.msstyles
2011-02-14 15:49 . 2011-02-14 15:49 -------- d-----w- c:\program files (x86)\CCleaner
2011-02-13 00:53 . 2011-02-13 00:53 -------- d-----w- C:\_JCVideo Library
2011-02-13 00:53 . 2005-10-20 01:29 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
2011-02-13 00:53 . 2011-02-13 00:53 -------- d-----w- c:\programdata\JC Video
2011-02-13 00:52 . 2011-02-13 00:52 -------- d-----w- C:\JC Video
2011-02-12 23:24 . 2010-03-18 23:11 30272 ----a-w- c:\windows\system32\Ckldrv.sys
2011-02-12 23:24 . 2010-03-18 20:25 126976 ----a-w- c:\windows\system32\Crypserv.exe
2011-02-12 23:24 . 2010-01-20 16:28 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-02-12 23:24 . 2010-01-20 16:28 165888 ----a-r- c:\windows\Ckconfig.exe
2011-02-11 23:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 23:36 . 2011-02-11 23:36 -------- d-----w- c:\programdata\Malwarebytes
2011-02-11 23:36 . 2010-04-29 20:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 23:36 . 2011-02-11 23:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-10 13:53 . 2009-07-01 05:00 176128 ----a-w- c:\windows\system32\dlxzizil.dll
2011-02-10 13:53 . 2006-09-05 18:12 77312 ----a-w- c:\windows\system32\dlzcinst.dll
2011-02-10 13:50 . 2011-02-10 13:50 -------- d-----w- C:\dell
2011-02-09 06:33 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 06:33 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-09 06:33 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 06:33 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 06:33 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-09 06:33 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-02-09 06:33 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-02-09 06:33 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 06:33 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-09 06:33 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 06:33 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-08 16:18 . 2011-02-08 16:18 -------- d-----w- c:\program files (x86)\Xenocode
2011-02-08 16:14 . 2011-02-08 16:14 -------- d-----w- c:\programdata\Deskshare
2011-02-06 15:24 . 2011-02-06 15:24 -------- d-----w- c:\program files (x86)\PlayItAll
2011-02-06 08:00 . 2011-02-06 08:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-02-06 00:57 . 2011-02-06 00:57 -------- d-----w- c:\program files (x86)\VideoLAN
2011-02-04 22:55 . 2009-07-17 04:12 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2011-02-04 22:55 . 2009-07-17 04:12 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-02-04 22:55 . 2011-02-04 23:07 -------- d-----w- c:\program files (x86)\File Recover
2011-02-04 22:53 . 2011-02-04 22:53 -------- d-----w- c:\program files (x86)\Filerecoveryangel
2011-02-04 22:46 . 2011-02-04 22:46 -------- d-----w- c:\program files (x86)\Runtime Software
2011-02-04 17:03 . 2011-02-04 17:03 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-02-04 17:03 . 2011-02-04 17:03 -------- d-----w- c:\program files\DivX
2011-02-04 17:03 . 2011-02-04 17:03 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-02-04 17:02 . 2011-02-04 17:04 -------- d-----w- c:\program files (x86)\DivX
2011-02-04 17:02 . 2011-02-04 17:41 -------- d-----w- c:\programdata\DivX
2011-02-03 22:38 . 2011-02-03 22:38 -------- d-----w- c:\program files (x86)\Common Files\L&H
2011-02-03 22:38 . 2011-02-03 22:38 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2011-02-03 22:37 . 2011-02-03 22:37 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-02-03 22:37 . 2011-02-03 22:37 -------- d-----w- c:\windows\PCHEALTH
2011-02-02 00:55 . 2011-01-20 15:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC95055E-BB6E-441B-AB0E-114585E756A7}\mpengine.dll
2011-02-01 17:00 . 2011-02-01 17:01 -------- d-----w- c:\programdata\NVIDIA
2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\windows\SysWow64\Wat
2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\windows\system32\Wat
2011-02-01 16:53 . 2011-02-01 16:53 -------- d-----w- c:\program files (x86)\Google
2011-02-01 15:23 . 2011-02-01 15:24 -------- d-----w- c:\programdata\WinZip
2011-02-01 15:22 . 2011-02-20 20:07 -------- d-sh--w- c:\windows\Installer
2011-02-01 15:18 . 2009-03-06 16:52 410656 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-01 15:18 . 2009-03-06 16:52 2113568 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-01 15:18 . 2009-03-06 16:52 1097248 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-01 15:18 . 2009-03-06 16:52 502304 ----a-w- c:\windows\system32\nvuninst.exe
2011-02-01 15:14 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-01 15:14 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-02-01 15:05 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-02-01 15:05 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-02-01 15:05 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-01 15:05 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-02-01 15:05 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-02-01 15:05 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-02-01 15:05 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-01 15:05 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-02-01 15:05 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-01 15:05 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-02-01 15:00 . 2011-02-01 15:00 -------- d-----w- C:\extensions
2011-02-01 15:00 . 2011-02-01 15:00 -------- d-----w- c:\program files (x86)\BitTorrent
2011-02-01 14:56 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-01 14:56 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-02-01 13:26 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-02-01 13:26 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-02-01 13:26 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-01 13:26 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-01 13:26 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-01 13:26 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-01 13:26 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-02-01 13:26 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-02-01 13:26 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-02-01 13:24 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2011-02-01 03:50 . 2011-02-01 00:59 -------- d-----w- c:\windows\Panther
2011-02-01 02:27 . 2010-10-19 15:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 02:05 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-02-01 02:05 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-02-01 02:05 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-02-01 02:05 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-02-01 00:59 . 2011-02-19 19:20 -------- d-----w- c:\users\David
2011-02-01 00:59 . 2011-02-01 00:59 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\basesrv.dll is missing
c:\windows\winsxs\amd64_microsoft-windows-basesrv_31bf3856ad364e35_6.1.7600.16385_none_68bfdc7cfd6bd477\basesrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-02 396152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
.
Contents of the 'Scheduled Tasks' folder
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162282268-3122236727-120223778-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 02:22]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162282268-3122236727-120223778-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 02:22]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\system32\crypserv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2011-02-20 15:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-20 20:45
Pre-Run: 211,584,831,488 bytes free
Post-Run: 211,117,629,440 bytes free
- - End Of File - - 0DF51295F0E6AB4A8A736188E0CFCDF3
Thanks in advance
Dave
Now I have my combofix log and my hijack this log, but I can't get completely through a mbam scan without overheating.
What can you tell me from what I have? Svchost taking half my resources.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:48 PM, on 2/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\David\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CrypKey License - Unknown owner - C:\Windows\system32\crypserv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5230 bytes
ComboFix 11-02-15.04 - David 02/20/2011 15:22:30.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4031.3213 [GMT -5:00]
Running from: c:\users\David\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
c:\users\David\AppData\Roaming\Local
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\[From www.metacafe.com] 4756611.14494631.4.mp4.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\146083395402617_38097.mp4.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4)
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\[From www.metacafe.com] 4756611.14494631.4.mp4
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\146083395402617_38097.mp4
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\x6gjfy.mp4
c:\users\David\AppData\Roaming\Local\Temp\DDM\Settings\x6gjfy.mp4.ddr
c:\windows\XSxS
.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.
2011-02-20 20:38 . 2011-02-20 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 17:57 . 2011-02-19 17:57 -------- d-----w- c:\programdata\UAB
2011-02-19 16:13 . 2011-02-19 16:13 -------- d-----w- c:\programdata\Driver Whiz
2011-02-19 16:11 . 2011-02-19 16:11 -------- d-----w- c:\program files (x86)\Driver Whiz
2011-02-19 15:57 . 2004-01-14 16:25 81920 ----a-w- c:\windows\SysWow64\ZDPN50.DLL
2011-02-19 15:57 . 2003-03-14 17:24 24576 ----a-w- c:\windows\SysWow64\ZyDelReg.exe
2011-02-19 15:57 . 2005-07-12 19:44 15872 ----a-w- c:\windows\SysWow64\InsDrvZD64.DLL
2011-02-19 15:57 . 2004-03-23 21:38 28672 ----a-w- c:\windows\SysWow64\InsDrvZD.dll
2011-02-18 14:52 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-18 14:51 . 2010-11-16 22:45 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-02-18 14:51 . 2010-11-16 22:45 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-02-18 14:50 . 2010-11-16 22:45 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-02-18 14:50 . 2011-02-18 14:52 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-02-18 14:50 . 2010-05-15 21:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-02-18 14:50 . 2010-05-15 21:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-02-18 14:50 . 2011-02-18 14:50 -------- d-----w- c:\program files (x86)\Zone Labs
2011-02-18 14:49 . 2011-02-18 14:49 -------- d-----w- c:\programdata\CheckPoint
2011-02-18 14:49 . 2011-02-20 20:41 -------- d-----w- c:\windows\Internet Logs
2011-02-17 23:10 . 2011-02-17 23:10 -------- d-----w- c:\program files (x86)\LSoft Technologies
2011-02-17 23:10 . 2011-02-19 19:34 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-02-15 14:36 . 2011-02-15 14:36 -------- d-----w- c:\windows\system32\appmgmt
2011-02-14 21:25 . 2009-11-12 09:44 1534976 ----a-w- c:\windows\windows 7 ultimate black.msstyles
2011-02-14 21:25 . 2009-07-13 22:03 350720 ----a-w- c:\windows\shellstyle.dll
2011-02-14 21:25 . 2009-07-13 20:39 1187984 ----a-w- c:\windows\backup.msstyles
2011-02-14 15:49 . 2011-02-14 15:49 -------- d-----w- c:\program files (x86)\CCleaner
2011-02-13 00:53 . 2011-02-13 00:53 -------- d-----w- C:\_JCVideo Library
2011-02-13 00:53 . 2005-10-20 01:29 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
2011-02-13 00:53 . 2011-02-13 00:53 -------- d-----w- c:\programdata\JC Video
2011-02-13 00:52 . 2011-02-13 00:52 -------- d-----w- C:\JC Video
2011-02-12 23:24 . 2010-03-18 23:11 30272 ----a-w- c:\windows\system32\Ckldrv.sys
2011-02-12 23:24 . 2010-03-18 20:25 126976 ----a-w- c:\windows\system32\Crypserv.exe
2011-02-12 23:24 . 2010-01-20 16:28 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-02-12 23:24 . 2010-01-20 16:28 165888 ----a-r- c:\windows\Ckconfig.exe
2011-02-11 23:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 23:36 . 2011-02-11 23:36 -------- d-----w- c:\programdata\Malwarebytes
2011-02-11 23:36 . 2010-04-29 20:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 23:36 . 2011-02-11 23:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-10 13:53 . 2009-07-01 05:00 176128 ----a-w- c:\windows\system32\dlxzizil.dll
2011-02-10 13:53 . 2006-09-05 18:12 77312 ----a-w- c:\windows\system32\dlzcinst.dll
2011-02-10 13:50 . 2011-02-10 13:50 -------- d-----w- C:\dell
2011-02-09 06:33 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 06:33 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-09 06:33 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 06:33 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 06:33 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-09 06:33 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-02-09 06:33 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-02-09 06:33 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 06:33 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-09 06:33 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 06:33 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-08 16:18 . 2011-02-08 16:18 -------- d-----w- c:\program files (x86)\Xenocode
2011-02-08 16:14 . 2011-02-08 16:14 -------- d-----w- c:\programdata\Deskshare
2011-02-06 15:24 . 2011-02-06 15:24 -------- d-----w- c:\program files (x86)\PlayItAll
2011-02-06 08:00 . 2011-02-06 08:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-02-06 00:57 . 2011-02-06 00:57 -------- d-----w- c:\program files (x86)\VideoLAN
2011-02-04 22:55 . 2009-07-17 04:12 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2011-02-04 22:55 . 2009-07-17 04:12 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-02-04 22:55 . 2011-02-04 23:07 -------- d-----w- c:\program files (x86)\File Recover
2011-02-04 22:53 . 2011-02-04 22:53 -------- d-----w- c:\program files (x86)\Filerecoveryangel
2011-02-04 22:46 . 2011-02-04 22:46 -------- d-----w- c:\program files (x86)\Runtime Software
2011-02-04 17:03 . 2011-02-04 17:03 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-02-04 17:03 . 2011-02-04 17:03 -------- d-----w- c:\program files\DivX
2011-02-04 17:03 . 2011-02-04 17:03 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-02-04 17:02 . 2011-02-04 17:04 -------- d-----w- c:\program files (x86)\DivX
2011-02-04 17:02 . 2011-02-04 17:41 -------- d-----w- c:\programdata\DivX
2011-02-03 22:38 . 2011-02-03 22:38 -------- d-----w- c:\program files (x86)\Common Files\L&H
2011-02-03 22:38 . 2011-02-03 22:38 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2011-02-03 22:37 . 2011-02-03 22:37 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-02-03 22:37 . 2011-02-03 22:37 -------- d-----w- c:\windows\PCHEALTH
2011-02-02 00:55 . 2011-01-20 15:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC95055E-BB6E-441B-AB0E-114585E756A7}\mpengine.dll
2011-02-01 17:00 . 2011-02-01 17:01 -------- d-----w- c:\programdata\NVIDIA
2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\windows\SysWow64\Wat
2011-02-01 16:57 . 2011-02-01 16:57 -------- d-----w- c:\windows\system32\Wat
2011-02-01 16:53 . 2011-02-01 16:53 -------- d-----w- c:\program files (x86)\Google
2011-02-01 15:23 . 2011-02-01 15:24 -------- d-----w- c:\programdata\WinZip
2011-02-01 15:22 . 2011-02-20 20:07 -------- d-sh--w- c:\windows\Installer
2011-02-01 15:18 . 2009-03-06 16:52 410656 ----a-w- c:\windows\system32\nvcpl.cpl
2011-02-01 15:18 . 2009-03-06 16:52 2113568 ----a-w- c:\windows\system32\nvcplui.exe
2011-02-01 15:18 . 2009-03-06 16:52 1097248 ----a-w- c:\windows\system32\nvcpluir.dll
2011-02-01 15:18 . 2009-03-06 16:52 502304 ----a-w- c:\windows\system32\nvuninst.exe
2011-02-01 15:14 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-01 15:14 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-02-01 15:05 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-02-01 15:05 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-02-01 15:05 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-01 15:05 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-02-01 15:05 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-02-01 15:05 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-02-01 15:05 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-01 15:05 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-02-01 15:05 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-01 15:05 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-02-01 15:00 . 2011-02-01 15:00 -------- d-----w- C:\extensions
2011-02-01 15:00 . 2011-02-01 15:00 -------- d-----w- c:\program files (x86)\BitTorrent
2011-02-01 14:56 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-01 14:56 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-02-01 13:26 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-02-01 13:26 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-02-01 13:26 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-01 13:26 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-01 13:26 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-01 13:26 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-01 13:26 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-02-01 13:26 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-02-01 13:26 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-02-01 13:24 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2011-02-01 03:50 . 2011-02-01 00:59 -------- d-----w- c:\windows\Panther
2011-02-01 02:27 . 2010-10-19 15:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 02:05 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-02-01 02:05 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-02-01 02:05 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-02-01 02:05 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-02-01 00:59 . 2011-02-19 19:20 -------- d-----w- c:\users\David
2011-02-01 00:59 . 2011-02-01 00:59 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\basesrv.dll is missing
c:\windows\winsxs\amd64_microsoft-windows-basesrv_31bf3856ad364e35_6.1.7600.16385_none_68bfdc7cfd6bd477\basesrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-02 396152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
.
Contents of the 'Scheduled Tasks' folder
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162282268-3122236727-120223778-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 02:22]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162282268-3122236727-120223778-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 02:22]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\system32\crypserv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2011-02-20 15:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-20 20:45
Pre-Run: 211,584,831,488 bytes free
Post-Run: 211,117,629,440 bytes free
- - End Of File - - 0DF51295F0E6AB4A8A736188E0CFCDF3
Thanks in advance
Dave