Jump to content


Photo
- - - - -

Help, I think I'm infected!


  • This topic is locked This topic is locked
13 replies to this topic

#1 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 29 June 2011 - 01:26 PM

After clicking a bad link by mistake, my firefox is randomly opening 8 tabs, and malwarebytes is blocking a outgoing connect to 93.114.40.221 & others Port 50587, processes svchost.exe & firefox.exe.

I have followed the instructions and here is my DDS file and my Malwarebytes log underneath. Attach.zip contains my Ark & Attach txt files. Please help me!

Thanks,
Louis
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Louis at 18:45:42 on 2011-06-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.5883.4075 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\taskhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1C1D3609-0891-404A-AF0E-E8F1C23FED7F} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\jj0fllzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-15 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-1-6 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-16 249672]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-12-3 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-29 366640]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2011-06-29 17:41:21 -------- d-----w- C:\Users\Louis\AppData\Local\{F4A602E6-B250-42F9-945B-3EB3E63B7C30}
2011-06-29 07:30:58 -------- d-----w- C:\Users\Louis\AppData\Local\CrashDumps
2011-06-29 06:35:06 -------- d-----w- C:\Users\Louis\AppData\Roaming\SUPERAntiSpyware.com
2011-06-29 06:35:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-29 06:34:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-28 23:05:34 -------- d-----w- C:\Users\Louis\AppData\Roaming\Malwarebytes
2011-06-28 23:04:31 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-28 23:04:31 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-28 23:04:28 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-28 23:04:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-28 22:49:22 -------- d-----w- C:\Users\Louis\AppData\Roaming\AVG10
2011-06-28 22:45:25 -------- d--h--w- C:\ProgramData\Common Files
2011-06-28 22:44:36 -------- d-----w- C:\ProgramData\AVG10
2011-06-28 22:43:51 -------- d-----w- C:\Program Files (x86)\AVG
2011-06-28 22:32:15 -------- d-----w- C:\ProgramData\MFAData
2011-06-28 22:28:52 200008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2011-06-28 21:49:03 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-06-28 21:03:18 -------- d-----w- C:\Users\Louis\AppData\Roaming\SoftGrid Client
2011-06-28 21:03:18 -------- d-----w- C:\Users\Louis\AppData\Local\SoftGrid Client
2011-06-28 21:02:35 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-06-28 21:02:19 -------- d-----w- C:\Users\Louis\AppData\Roaming\TP
2011-06-28 20:59:17 -------- d-----w- C:\Users\Louis\AppData\Local\Adobe
2011-06-28 20:45:25 -------- d-----w- C:\Users\Louis\AppData\Local\{99FFC1D0-D3DA-4F41-89A2-EB3CA108E318}
2011-06-28 20:45:04 -------- d-----w- C:\Users\Louis\Tracing
2011-06-28 20:37:13 -------- d-----w- C:\Program Files\Lexmark
2011-06-28 20:32:02 -------- d-----w- C:\HP_TOOLS_mountHPSF
2011-06-28 20:23:47 -------- d-----w- C:\Users\Louis\AppData\Local\HP
2011-06-28 20:23:30 -------- d-----w- C:\Users\Louis\AppData\Local\AuthenTec
2011-06-28 18:01:35 2588952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-28 18:01:18 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-28 18:01:15 710976 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-28 17:47:48 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2011-06-28 17:14:07 -------- dc----w- C:\Users\Louis\AppData\Local\MigWiz
2011-06-28 17:10:29 1397248 ----a-w- C:\Windows\SysWow64\win_utilman.exe
2011-06-28 17:10:25 -------- d-----w- C:\Users\Louis\AppData\Roaming\_MDLogs
2011-06-28 16:43:58 66048 ----a-w- C:\Program Files\Internet Explorer\JSProfilerCore.dll
2011-06-28 16:43:54 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-06-28 16:43:44 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DBCA6C3-31E9-449C-A16F-E96DE9295139}\mpengine.dll
2011-06-28 16:43:43 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-28 16:38:49 -------- d-----w- C:\Users\Louis\AppData\Roaming\IDT
2011-06-28 16:35:06 -------- d-----w- C:\Users\Louis\AppData\Local\AMD
2011-06-28 16:35:00 -------- d-----w- C:\Users\Louis\AppData\Local\ATI
2011-06-28 16:34:59 -------- d-----w- C:\Users\Louis\AppData\Roaming\PictureMover
2011-06-28 16:34:03 -------- d-----w- C:\Users\Louis\AppData\Local\Broadcom
2011-06-28 16:33:59 -------- d-----w- C:\Users\Louis\AppData\Roaming\Synaptics
2011-06-28 16:33:20 -------- d-----w- C:\Users\Louis\AppData\Roaming\hpqlog
2011-06-28 16:33:18 -------- d-----w- C:\Users\Louis\AppData\Local\RemEngine
2011-06-28 16:29:49 -------- d-----w- C:\Users\Louis\AppData\Local\Hewlett-Packard
2011-06-28 16:29:38 -------- d-----w- C:\Users\Louis\AppData\Local\Hewlett-Packard_Company
2011-06-28 16:28:26 -------- d-----w- C:\Users\Louis\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-06-28 16:41:58 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-04 03:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-15 10:52:58 0 ----a-w- C:\Windows\ativpsrm.bin
2011-04-15 10:48:38 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2011-04-15 10:48:37 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2011-04-15 10:48:37 3896832 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2011-04-15 10:48:37 3561472 ----a-w- C:\Windows\System32\bcmihvui64.dll
2011-04-15 10:48:37 3065408 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2011-04-15 10:34:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-04-15 10:34:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-04-15 10:33:52 112000 ----a-w- C:\Windows\System32\consent.exe
2011-04-15 10:33:42 3124224 ----a-w- C:\Windows\System32\win32k.sys
2011-04-15 10:32:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-04-15 10:32:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-04-15 10:32:15 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-15 10:32:15 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-04-15 10:32:15 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2011-04-15 10:32:15 464384 ----a-w- C:\Windows\System32\taskeng.exe
2011-04-15 10:32:15 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-04-15 10:32:15 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-04-15 10:32:15 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-04-15 10:32:15 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-04-15 10:32:15 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2011-04-15 10:32:15 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
.
============= FINISH: 18:49:05.54 ===============




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6970

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

29/06/2011 00:41:57
mbam-log-2011-06-29 (00-41-57).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 308026
Time elapsed: 34 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Louis\AppData\Local\Temp\7FA0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Louis\AppData\Local\Temp\E9A8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Louis\Desktop\Louis\Director\director mx\Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\Users\Louis\Desktop\Louis\Director\macromedia director mx 2004 v10.0\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Attached Files



#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 30 June 2011 - 01:01 AM

Hello louishowe and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.


***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.
You can reinstall it after the computer is clean.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt
How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 June 2011 - 01:11 PM

Hi D-Fred_Brown, Thank you for helping me with this, I much appreciate it.

I have done as you suggested, here are the logs. (In seperate posts)

TDSSKILLER:

2011/06/30 18:38:56.0189 1724 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/30 18:38:56.0672 1724 ================================================================================
2011/06/30 18:38:56.0672 1724 SystemInfo:
2011/06/30 18:38:56.0672 1724
2011/06/30 18:38:56.0672 1724 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/30 18:38:56.0672 1724 Product type: Workstation
2011/06/30 18:38:56.0672 1724 ComputerName: LOUIS-HP
2011/06/30 18:38:56.0672 1724 UserName: Louis
2011/06/30 18:38:56.0672 1724 Windows directory: C:\Windows
2011/06/30 18:38:56.0672 1724 System windows directory: C:\Windows
2011/06/30 18:38:56.0672 1724 Running under WOW64
2011/06/30 18:38:56.0672 1724 Processor architecture: Intel x64
2011/06/30 18:38:56.0672 1724 Number of processors: 2
2011/06/30 18:38:56.0672 1724 Page size: 0x1000
2011/06/30 18:38:56.0672 1724 Boot type: Normal boot
2011/06/30 18:38:56.0672 1724 ================================================================================
2011/06/30 18:39:00.0276 1724 Initialize success
2011/06/30 18:39:07.0031 5592 ================================================================================
2011/06/30 18:39:07.0031 5592 Scan started
2011/06/30 18:39:07.0031 5592 Mode: Manual;
2011/06/30 18:39:07.0031 5592 ================================================================================
2011/06/30 18:39:12.0663 5592 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/30 18:39:13.0599 5592 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/06/30 18:39:15.0595 5592 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/30 18:39:16.0500 5592 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/30 18:39:17.0202 5592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/30 18:39:17.0795 5592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/30 18:39:18.0528 5592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/30 18:39:19.0199 5592 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/30 18:39:21.0211 5592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/30 18:39:21.0742 5592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/30 18:39:24.0378 5592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/30 18:39:25.0533 5592 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/06/30 18:39:26.0157 5592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/30 18:39:27.0295 5592 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/30 18:39:28.0138 5592 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/30 18:39:29.0027 5592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/30 18:39:29.0589 5592 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/30 18:39:31.0351 5592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/30 18:39:31.0866 5592 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/30 18:39:32.0943 5592 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/30 18:39:34.0721 5592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/30 18:39:37.0763 5592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/30 18:39:39.0931 5592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/30 18:39:40.0945 5592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/30 18:39:43.0051 5592 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/30 18:39:44.0097 5592 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
2011/06/30 18:39:44.0783 5592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/30 18:39:45.0485 5592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/30 18:39:47.0310 5592 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/30 18:39:48.0340 5592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/30 18:39:49.0323 5592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/30 18:39:49.0931 5592 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/30 18:39:51.0382 5592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/30 18:39:52.0567 5592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/30 18:39:53.0800 5592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/30 18:39:54.0627 5592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/30 18:39:58.0168 5592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/30 18:40:01.0366 5592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/30 18:40:02.0193 5592 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/30 18:40:03.0066 5592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/30 18:40:03.0721 5592 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/30 18:40:05.0859 5592 BTHPORT (d0168821eb2593a2dc5c5bf71bb21cbb) C:\Windows\system32\Drivers\BTHport.sys
2011/06/30 18:40:06.0935 5592 BTHUSB (857667b6a26a307a78758e5ea2ce05d9) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/30 18:40:07.0637 5592 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
2011/06/30 18:40:08.0495 5592 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
2011/06/30 18:40:09.0291 5592 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/06/30 18:40:09.0915 5592 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/30 18:40:11.0412 5592 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/30 18:40:12.0052 5592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/30 18:40:13.0347 5592 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/30 18:40:14.0002 5592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/30 18:40:14.0626 5592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/30 18:40:15.0390 5592 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
2011/06/30 18:40:16.0077 5592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/30 18:40:17.0761 5592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/30 18:40:18.0744 5592 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/30 18:40:19.0509 5592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/30 18:40:20.0367 5592 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/30 18:40:20.0975 5592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/30 18:40:22.0363 5592 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/30 18:40:24.0064 5592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/30 18:40:25.0156 5592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/30 18:40:26.0107 5592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/30 18:40:27.0246 5592 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/30 18:40:29.0383 5592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/30 18:40:30.0351 5592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/30 18:40:31.0006 5592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/30 18:40:31.0645 5592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/30 18:40:32.0956 5592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/30 18:40:34.0063 5592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/30 18:40:34.0984 5592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/30 18:40:35.0655 5592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/30 18:40:36.0793 5592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/30 18:40:37.0386 5592 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/30 18:40:37.0979 5592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/30 18:40:38.0603 5592 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/30 18:40:40.0288 5592 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/30 18:40:41.0598 5592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/30 18:40:42.0550 5592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/30 18:40:43.0517 5592 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/30 18:40:44.0250 5592 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/30 18:40:45.0514 5592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/30 18:40:47.0058 5592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/30 18:40:47.0667 5592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/30 18:40:49.0055 5592 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/30 18:40:49.0975 5592 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/06/30 18:40:50.0724 5592 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/30 18:40:51.0489 5592 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/30 18:40:52.0175 5592 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/30 18:40:53.0033 5592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/30 18:40:53.0610 5592 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/30 18:40:54.0811 5592 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/30 18:40:55.0623 5592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/30 18:40:56.0200 5592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/30 18:40:56.0871 5592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/30 18:40:57.0573 5592 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/30 18:40:58.0166 5592 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/30 18:40:58.0899 5592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/30 18:40:59.0616 5592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/30 18:41:01.0176 5592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/30 18:41:01.0769 5592 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/30 18:41:03.0126 5592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/30 18:41:03.0610 5592 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/30 18:41:04.0016 5592 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/30 18:41:04.0889 5592 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/30 18:41:05.0451 5592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/30 18:41:06.0200 5592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/30 18:41:07.0775 5592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/30 18:41:08.0774 5592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/30 18:41:09.0429 5592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/30 18:41:10.0209 5592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/30 18:41:11.0098 5592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/30 18:41:11.0722 5592 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/30 18:41:13.0516 5592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/30 18:41:14.0546 5592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/30 18:41:15.0201 5592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/30 18:41:16.0168 5592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/30 18:41:16.0901 5592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/30 18:41:18.0773 5592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/30 18:41:19.0584 5592 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/30 18:41:20.0286 5592 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/30 18:41:20.0926 5592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/30 18:41:22.0392 5592 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/30 18:41:23.0937 5592 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/30 18:41:24.0966 5592 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/30 18:41:25.0559 5592 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/30 18:41:27.0010 5592 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/30 18:41:27.0993 5592 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/30 18:41:29.0194 5592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/30 18:41:29.0787 5592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/30 18:41:30.0816 5592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/30 18:41:32.0298 5592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/30 18:41:33.0453 5592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/30 18:41:34.0233 5592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/30 18:41:34.0872 5592 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/30 18:41:35.0418 5592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/30 18:41:35.0964 5592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/30 18:41:37.0758 5592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/30 18:41:38.0882 5592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/30 18:41:39.0552 5592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/30 18:41:40.0130 5592 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/30 18:41:40.0847 5592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/30 18:41:41.0892 5592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/30 18:41:42.0641 5592 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/30 18:41:43.0296 5592 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/30 18:41:44.0778 5592 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/30 18:41:45.0527 5592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/30 18:41:46.0182 5592 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/30 18:41:47.0337 5592 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/06/30 18:41:48.0086 5592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/30 18:41:50.0004 5592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/30 18:41:50.0925 5592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/30 18:41:52.0188 5592 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
2011/06/30 18:41:52.0750 5592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/30 18:41:53.0577 5592 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/06/30 18:41:54.0388 5592 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/06/30 18:41:55.0230 5592 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/30 18:41:56.0166 5592 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/30 18:41:56.0837 5592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/30 18:41:57.0414 5592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/30 18:41:59.0052 5592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/30 18:42:00.0363 5592 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/30 18:42:01.0455 5592 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/30 18:42:02.0141 5592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/30 18:42:02.0999 5592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/30 18:42:04.0512 5592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/30 18:42:05.0792 5592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/30 18:42:06.0743 5592 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/30 18:42:07.0383 5592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/30 18:42:08.0069 5592 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/30 18:42:08.0818 5592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/30 18:42:09.0426 5592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/30 18:42:10.0128 5592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/30 18:42:12.0375 5592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/30 18:42:13.0576 5592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/30 18:42:14.0294 5592 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/30 18:42:16.0446 5592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/30 18:42:20.0159 5592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/30 18:42:22.0484 5592 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/30 18:42:24.0621 5592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/30 18:42:26.0867 5592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/30 18:42:28.0958 5592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/30 18:42:31.0391 5592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/30 18:42:32.0984 5592 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/30 18:42:34.0220 5592 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/06/30 18:42:36.0279 5592 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/30 18:42:37.0452 5592 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
2011/06/30 18:42:38.0436 5592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/30 18:42:39.0370 5592 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/30 18:42:39.0685 5592 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/30 18:42:40.0024 5592 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/30 18:42:41.0390 5592 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/30 18:42:42.0273 5592 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/30 18:42:44.0079 5592 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/30 18:42:45.0324 5592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/30 18:42:47.0397 5592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/30 18:42:49.0685 5592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/30 18:42:50.0236 5592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/30 18:42:56.0309 5592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/30 18:42:58.0707 5592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/30 18:43:00.0393 5592 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/30 18:43:02.0916 5592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/30 18:43:04.0071 5592 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/30 18:43:05.0238 5592 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/30 18:43:06.0983 5592 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/30 18:43:09.0228 5592 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/30 18:43:11.0488 5592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/30 18:43:14.0334 5592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/30 18:43:16.0106 5592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/30 18:43:17.0518 5592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/30 18:43:20.0214 5592 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/30 18:43:21.0514 5592 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/30 18:43:22.0835 5592 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/30 18:43:24.0639 5592 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/30 18:43:25.0608 5592 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/30 18:43:26.0328 5592 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/30 18:43:27.0339 5592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/30 18:43:28.0411 5592 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/30 18:43:29.0249 5592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/30 18:43:31.0466 5592 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/30 18:43:32.0650 5592 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/30 18:43:34.0752 5592 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/30 18:43:35.0605 5592 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/30 18:43:37.0050 5592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/30 18:43:37.0572 5592 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/30 18:43:39.0342 5592 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/30 18:43:43.0121 5592 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/30 18:43:44.0522 5592 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/30 18:43:45.0182 5592 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/30 18:43:45.0811 5592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/30 18:43:47.0339 5592 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/30 18:43:48.0032 5592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/30 18:43:49.0553 5592 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/30 18:43:51.0206 5592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/30 18:43:52.0150 5592 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/30 18:43:53.0485 5592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/30 18:43:55.0409 5592 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/30 18:43:56.0820 5592 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/30 18:43:57.0908 5592 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/30 18:43:59.0760 5592 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/30 18:44:00.0649 5592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/30 18:44:01.0528 5592 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/30 18:44:02.0987 5592 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/30 18:44:05.0063 5592 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/30 18:44:06.0710 5592 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/30 18:44:07.0887 5592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/30 18:44:09.0098 5592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/30 18:44:10.0509 5592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/30 18:44:11.0494 5592 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/30 18:44:12.0206 5592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/30 18:44:13.0673 5592 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/30 18:44:14.0518 5592 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/30 18:44:15.0960 5592 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/30 18:44:16.0678 5592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/30 18:44:17.0295 5592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/30 18:44:18.0707 5592 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/30 18:44:20.0136 5592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/30 18:44:23.0199 5592 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/30 18:44:23.0210 5592 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/30 18:44:24.0914 5592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/30 18:44:25.0957 5592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/30 18:44:26.0953 5592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/30 18:44:28.0008 5592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/30 18:44:29.0093 5592 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/30 18:44:29.0761 5592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/30 18:44:30.0800 5592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/30 18:44:31.0336 5592 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/30 18:44:32.0750 5592 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/30 18:44:33.0348 5592 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/30 18:44:33.0504 5592 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/06/30 18:44:33.0510 5592 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/30 18:44:33.0568 5592 Boot (0x1200) (fc998d7601b0523572dc8200f3f02d23) \Device\Harddisk0\DR0\Partition0
2011/06/30 18:44:33.0589 5592 Boot (0x1200) (0394aa1f94d26bf00673dadce90c8683) \Device\Harddisk0\DR0\Partition1
2011/06/30 18:44:33.0664 5592 Boot (0x1200) (cc184aefa712e6f7f35b122fa02f0052) \Device\Harddisk0\DR0\Partition2
2011/06/30 18:44:33.0707 5592 Boot (0x1200) (ac034a5200922613abeeba9280878dfa) \Device\Harddisk0\DR0\Partition3
2011/06/30 18:44:33.0712 5592 ================================================================================
2011/06/30 18:44:33.0712 5592 Scan finished
2011/06/30 18:44:33.0712 5592 ================================================================================
2011/06/30 18:44:33.0724 3852 Detected object count: 1
2011/06/30 18:44:33.0724 3852 Actual detected object count: 1
2011/06/30 18:45:18.0273 3852 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/30 18:45:18.0274 3852 \Device\Harddisk0\DR0 - ok
2011/06/30 18:45:18.0276 3852 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/30 18:45:52.0662 2796 Deinitialize success

#4 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 June 2011 - 01:15 PM

Combofix is attached here as a zip, it was too long to post..


CHECKUP:

Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Adobe Flash Player
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````


I Havent had any tabs opening so far, but did get a message Runtime Error R6016 after running the checkup? AVG is uninstalled, but didnt show on the appremover list?

Many Thanks,
Louis

Attached Files



#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 30 June 2011 - 01:59 PM

Good news!: TDSSKiller took care of the main infection ;). There are still some remnants that we need to clean up.

Hi D-Fred_Brown, Thank you for helping me with this, I much appreciate it.

No problem :).

but did get a message Runtime Error R6016 after running the checkup?

That is odd. Try rebooting the computer. Let me know if you encounter this message again, it might have just been an issue with Security Check.

AVG is uninstalled, but didnt show on the appremover list?

Don't worry about it then. It looks like its gone ;).

--------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know if you've encountered any issues :).
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 June 2011 - 02:55 PM

Brilliant news! No more problems yet, so fingers crossed all is okay with the log below! The runtime error didnt come up either.

ComboFix 11-06-30.03 - Louis 30/06/2011 20:44:54.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.5883.4354 [GMT 1:00]
Running from: c:\users\Louis\Desktop\ComboFix.exe
Command switches used :: c:\users\Louis\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 19:47 . 2011-06-30 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-29 19:51 . 2011-06-29 19:51 -------- d-----w- c:\programdata\VirtualizedApplications
2011-06-29 17:56 . 2011-06-29 17:56 -------- d-----w- c:\programdata\Avira
2011-06-29 17:56 . 2011-06-29 17:56 -------- d-----w- c:\program files (x86)\Avira
2011-06-29 06:35 . 2011-06-29 06:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-29 06:34 . 2011-07-01 02:30 -------- d-----w- c:\programdata\!SASCORE
2011-06-29 06:34 . 2011-07-01 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-28 23:04 . 2011-06-28 23:04 -------- d-----w- c:\programdata\Malwarebytes
2011-06-28 23:04 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-28 23:04 . 2011-06-28 23:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-28 23:04 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 22:49 . 2011-06-28 22:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-28 22:45 . 2011-06-28 22:45 -------- d--h--w- c:\programdata\Common Files
2011-06-28 22:44 . 2011-06-29 06:32 -------- d-----w- c:\programdata\AVG10
2011-06-28 22:43 . 2011-06-30 02:37 -------- d-----w- c:\program files (x86)\AVG
2011-06-28 22:32 . 2011-06-30 02:38 -------- d-----w- c:\programdata\MFAData
2011-06-28 21:49 . 2011-06-28 21:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-28 21:39 . 2011-06-28 21:48 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-28 21:30 . 2011-06-28 21:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-06-28 21:02 . 2011-07-01 02:30 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-06-28 20:37 . 2011-06-28 20:37 -------- d-----w- c:\program files\Lexmark
2011-06-28 18:01 . 2011-06-28 18:01 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-28 18:01 . 2011-06-28 18:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-28 18:01 . 2011-06-28 18:01 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-28 17:47 . 2011-06-28 17:48 -------- d-----w- c:\program files (x86)\WildTangent Games
2011-06-28 17:10 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2011-06-28 16:43 . 2011-06-28 16:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-28 16:43 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DBCA6C3-31E9-449C-A16F-E96DE9295139}\mpengine.dll
2011-06-28 16:43 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-28 16:29 . 2011-06-28 16:29 -------- d-----w- c:\users\Public\Symantec
2011-06-28 16:27 . 2011-07-01 02:30 -------- d-----w- c:\users\Louis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 18:16 . 2011-06-30 18:16 22291 ----a-w- C:\ComboFix.zip
2011-06-28 16:28 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-04 03:52 . 2011-01-05 23:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-15 10:48 . 2011-04-15 10:48 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-04-15 10:48 . 2011-04-15 10:48 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-04-15 10:48 . 2011-04-15 10:48 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-04-15 10:48 . 2011-04-15 10:48 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-04-15 10:48 . 2011-04-15 10:48 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-04-15 10:34 . 2011-04-15 10:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-04-15 10:34 . 2011-04-15 10:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-04-15 10:33 . 2011-04-15 10:33 112000 ----a-w- c:\windows\system32\consent.exe
2011-04-15 10:33 . 2011-04-15 10:33 3124224 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 10:32 . 2011-04-15 10:32 395776 ----a-w- c:\windows\system32\webio.dll
2011-04-15 10:32 . 2011-04-15 10:32 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-04-15 10:32 . 2011-04-15 10:32 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-15 10:32 . 2011-04-15 10:32 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-04-15 10:32 . 2011-04-15 10:32 473600 ----a-w- c:\windows\system32\taskcomp.dll
2011-04-15 10:32 . 2011-04-15 10:32 464384 ----a-w- c:\windows\system32\taskeng.exe
2011-04-15 10:32 . 2011-04-15 10:32 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-04-15 10:32 . 2011-04-15 10:32 285696 ----a-w- c:\windows\system32\schtasks.exe
2011-04-15 10:32 . 2011-04-15 10:32 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-04-15 10:32 . 2011-04-15 10:32 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2011-04-15 10:32 . 2011-04-15 10:32 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-04-15 10:32 . 2011-04-15 10:32 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2011-04-15 10:31 . 2011-04-15 10:31 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 10:31 . 2011-04-15 10:31 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 10:31 . 2011-04-15 10:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-15 10:31 . 2011-04-15 10:31 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-15 10:31 . 2011-04-15 10:31 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-04-15 10:31 . 2011-04-15 10:31 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-04-15 10:31 . 2011-04-15 10:31 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-04-15 10:31 . 2011-04-15 10:31 552960 ----a-w- c:\windows\system32\msdri.dll
2011-04-15 10:31 . 2011-04-15 10:31 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-04-15 10:31 . 2011-04-15 10:31 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-04-15 10:31 . 2011-04-15 10:31 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-15 10:31 . 2011-04-15 10:31 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-04-15 10:31 . 2011-04-15 10:31 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-30_18.00.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-04-15 10:39 . 2011-06-30 17:46 3305 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-04-15 10:39 . 2011-06-30 19:47 3305 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-06-30 17:46 . 2011-06-30 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-30 19:48 . 2011-06-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-30 17:46 . 2011-06-30 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 19:48 . 2011-06-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-06-30 19:47 310952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-06-30 17:46 310952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-15 11:11 . 2011-06-30 17:46 1156584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-15 11:11 . 2011-06-30 19:47 1156584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-28 23:42 . 2011-06-30 19:47 2101920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2101646418-2903813283-1072909387-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-10 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-16 249672]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-12-03 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\HPCeeScheduleForLOUIS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\jj0fllzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-06-30 20:52:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 19:52
ComboFix2.txt 2011-06-30 18:01
ComboFix3.txt 2011-06-29 07:36
.
Pre-Run: 634,167,226,368 bytes free
Post-Run: 633,832,603,648 bytes free
.
- - End Of File - - 96FADAE8A4D4E3E8345F83D029B17AA3

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 30 June 2011 - 03:21 PM

Brilliant news! No more problems yet, so fingers crossed all is okay with the log below! The runtime error didnt come up either.

Excellent! :D


Before we move on, let's run some online scans to make sure you're clean ;):

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

-------

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

-------

Please incldue the ESET and BitDefender reports in your next reply, and let me know of any issues you've encountered :).
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 June 2011 - 04:49 PM

No Issues with this one ...

QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Thu Jun 30 21:37:08 2011
Machine ID: F68E2F4B



No infection found.
-------------------



Processes
---------
Adobe Reader and Acrobat Manager 3856 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Bing Bar 1028 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
ESET Online Scanner container 2812 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Firefox 264 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
HP On Screen Display 3668 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HP Quick Launch 3572 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HP Quick Launch 316 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
HP Quick Synchronization Service 1348 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
hpqwmiex Module 4500 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
Java™ Platform SE Auto Updater 2 0 3472 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LightScribe 4092 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
LightScribe 2076 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
Malwarebytes' Anti-Malware 3124 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes' Anti-Malware 3036 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft Application Virtualization 2536 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
Microsoft Application Virtualization 2384 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
Microsoft Office 2010 2096 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
Microsoft Search Client Server 3692 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
Microsoft Search Enhancement Pack 2124 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® Windows® Operating System 3948 C:\Windows\SysWOW64\rundll32.exe
OnlineCmdLineScanner.exe 1096 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PictureMover Application 3780 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
Shared EasyBits services for Windows 1960 C:\Windows\SysWOW64\ezSharedSvcHost.exe
Simple Pass 2011 772 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
USB 3.0 Monitor 3852 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Windows® Internet Explorer 1728 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4024 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4248 C:\Program Files (x86)\Internet Explorer\iexplore.exe
YCMMirag Application 4580 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe


Network activity
----------------
Process OnlineCmdLineScanner.exe (1096) connected on port 80 (HTTP) --> 89.202.157.227
Process iexplore.exe (1728) connected on port 80 (HTTP) --> 66.235.142.2
Process iexplore.exe (1728) connected on port 80 (HTTP) --> 66.235.142.2
Process iexplore.exe (1728) connected on port 80 (HTTP) --> 209.85.147.138
Process iexplore.exe (1728) connected on port 80 (HTTP) --> 209.85.147.138



Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe CS5.5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Default Manager C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
EasyBits Magic Desktop C:\Windows\SysWOW64\ezUPBHook.dll
ezRecover.exe C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
HP On Screen Display C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LightScribe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System C:\Windows\system32\Bubbles.scr
PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
USB 3.0 Monitor C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Bing Bar C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Java™ Platform SE 6 U26 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Search Enhancement Pack C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
Simple Pass 2011 C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: af9e721f0e9fccda88ddd566cb271df3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: e1636f57581cab5d995fd54d2991ef57 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 328ef5d436fadded0d0d709a394a0c75 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
MD5: f8d349e18ab09b340231cd5689b7c6d3 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
MD5: a206f9c6a80585f19873febe2546aed1 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
MD5: fcbdcc6f1801e32244235608e1277752 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: d02f845ef350910b3424ad15bbb68e83 C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MD5: 9ab3620c0a97366e1565967bd78bf64c C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MD5: 7da4f72284d2c927927dfc0e12afab85 C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MD5: b4d97e9ace89400ee9b0c9e2fcc3f408 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\cvhshared.dll
MD5: 61a86809b62769643892bc0812b204aa C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
MD5: 74af1ffcafd60da88a386ae161f56438 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\en-us\cvhintl.dll
MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL
MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: b00f98ff6fe8682ff941beb2559bf191 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
MD5: 30d7bb258a97bda7c7e2ec63c23554aa C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MD5: 10b7abf103e30e50e02f6c8d749eceb4 C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW_a.DLL
MD5: 36af5e8b91c2277ce16897e0936c6627 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: b31e4518561429f1312e0ce643442add C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
MD5: af51d4fe088a3efa5303b36fffd0581b C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
MD5: 7a24ad37416b91e4b5e5b46bd25c075f C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
MD5: 4bc504f17b301603778898b2cb35dfb6 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MD5: d59abed205f424bd4c52419479930be9 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MD5: f630dd7564ebb7248a13b1cc774d9ea6 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\MSVCR100.dll
MD5: f81c07efa97303895294bf38f0038556 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
MD5: a15cca65211727809a64f7c235f0e370 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
MD5: c7eea27b5010bcb4b530b1408895506b C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
MD5: 78148bbd0712e16c7243ae2e8350d4a3 C:\Program Files (x86)\HP SimplePass 2011\BioLayer.dll
MD5: 45706aa7f6a5f59cf00820e062cd2711 C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
MD5: 8eef00005472dfcef67bbe801b383c7e C:\Program Files (x86)\HP SimplePass 2011\TokenMachine.dll
MD5: 0dcef328bccd4e1622ea613f84bd3e54 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
MD5: 01e3c1d30ccfc4e485197754d3145c41 C:\Program Files (x86)\HP SimplePass 2011\TSLog.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: daab337efa9577364a245d3c6ca8d00c C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 0b85e5d913d862e57abb4f9721b14d74 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MD5: f06ca6475b7a538db9dc3f7b896b97e4 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 84271ba3b94323704f00730b7e6caeef C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: ec60491a5ff57700f10fe0403f7dcad4 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 3222919a8a452a05f8246f5bcb90b894 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
MD5: cacff517e2afe06c690075d817c807ea C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTCORE.dll
MD5: 07516b0ff41e1bddd3f36d338f91b32f C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
MD5: 71c8ead838c6c02d9f5b992055807959 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
MD5: bfdb58616ff5ea540a5f58301d50641e C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
MD5: f4fb7d3106999a0038b10bafaa41e89b C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
MD5: 1f7c43d53a5b581b54c6e25a812eda16 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
MD5: 41e3bd420a82df16b3582ea611ca6725 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
MD5: b94c3c4dca2093243c76ca218ede2a97 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
MD5: fe957e471958ce98456d98a6122c54d2 c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\agcore.dll
MD5: 7f86a3be3d020545fc5e9b6f8e09ac74 c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\coreclr.dll
MD5: 8006fc6a9a7c3168ef15dba842c3afc5 c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
MD5: c04b0bca15f30cf7d68e7733997ea90b c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlUI.dll
MD5: 5875b778b188fd9fc4b49c03da3cf4fc C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
MD5: 74282796a91d5a766d5ce82143813850 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
MD5: 331e7bde228914574fc9ae6cd520dafa C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
MD5: c38cb686927b111a666124802d0fbab1 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\srchbxex.dll
MD5: 2a8da7e170010beae7aecdfdca10b626 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files (x86)\Mozilla Firefox\MOZCPP19.dll
MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll
MD5: 1919d815996470088d20a59e992a9695 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: a8cf4d0fc5ef2d5e4237b28bbb0966e6 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
MD5: b55019778b8ba4c91f47bbda3f2cefe6 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
MD5: 6cf7d6119fc02fcc558866d1d5ccc182 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\XmlLite.dll
MD5: 02a6a672d698a59ab41aa0698dfd2630 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
MD5: 1f36981c4deeaa88858317c1642ce160 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
MD5: 9d51ea92a612b37e76e5e4621650c50a C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
MD5: ba72cfc2bf952da409a953e89d6fe2cd C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
MD5: c403c5db49a0f9aaf4f2128edc0106d8 C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
MD5: 6f0dab13529bcb7c0f8a3082a8b1cde9 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: c0b113f3bfb3b103226534790ea8c492 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
MD5: dd27f6c3de9bfe50635c721e09edc5dd C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 3dc11a802353401332d49c3cbfbbe5fc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
MD5: c930128c8f8ff03d8f8c42b570920d56 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
MD5: 7c49a5e1943afda4672d80726af3bae4 C:\Program Files\IDT\WDM\STacSV64.exe
MD5: ad647cdd6b6a0994e1d08b22d6d6cf37 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
MD5: 99df79c258b3342b6c8a5f802998de56 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
MD5: 2859c35c0651e8eb0d86d48e740388f2 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
MD5: d5675fe7bc5192620038e6172e12a543 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MD5: 692f8648d7686d91e34a65ac698019d8 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
MD5: 17eeac7f9618463da6a8e4df636de636 C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: e874d39c2b3527e846bb2d8ce45001c8 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 1d2fe5278be4f9d831fd1133a7cda49c C:\Users\Louis\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll
MD5: 963b31f21034ae68d206e2e6c2fec635 C:\Users\Louis\AppData\Roaming\PictureMover\Bin\Core.dll
MD5: 4fde2c97d16582125f35e17f8c5c823b C:\Users\Louis\AppData\Roaming\PictureMover\EN-GB\Presentation.dll
MD5: 353f64dd67eb26ae91397c183e8172ef C:\Windows\AppPatch\AcWow64.DLL
MD5: 23dc75d158d484177ffe99e23264f89f C:\Windows\Downloaded Program Files\qsax.dll
MD5: 47c071994c3f649f23d9cd075ac9304a C:\Windows\ehome\ehRecvr.exe
MD5: b99c33e313bfc07adec5a05a847af8fd C:\Windows\system32\aticfx32.dll
MD5: 85675eb6eb910baf92257d3e569fbedd C:\Windows\system32\atidxx32.dll
MD5: aed97c54311054e4b9d9cb0b4b2bb63b C:\Windows\system32\atiuxpag.dll
MD5: 3ebcb634281e023dbb7ba65707f565ba C:\Windows\system32\Bubbles.scr
MD5: 7c5567a00456f3a3a07800ebb3f351c4 C:\Windows\system32\d2d1.dll
MD5: c5f549970ac071ea452e58b6422c94fa C:\Windows\system32\d3d10_1.dll
MD5: 029e2a480ce2020df097e535a2311712 C:\Windows\system32\d3d10_1core.dll
MD5: 524408d5127f14b71e574d80f2f0924f C:\Windows\system32\D3D10Warp.dll
MD5: c0523fe101a30e3821604fe1ca1740d7 C:\Windows\system32\dwrite.dll
MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\explorerframe.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: 9af36c3c48f82d95b5670d7c29923d8a C:\Windows\system32\IEFRAME.dll
MD5: 33de59ca6dc188029528033aee06d780 C:\Windows\system32\IEUI.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: 3f63f95c998f7e1af409bc74e83d45e5 C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Windows\system32\MSVCR100.dll
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: 8d908f346eedd752005a32787a6dcafa C:\Windows\System32\StructuredQuery.dll
MD5: 4fb96aacf2f05c7357546becd7678863 C:\Windows\system32\webio.dll
MD5: 3fad263ce1e2a6fff40d00043b2275e3 C:\Windows\system32\winbio.dll
MD5: d892c77afa8afaba6f474a7da401bd7c C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: ca793dcc1d5f619021ef1d37cc7a831e C:\Windows\SysWOW64\ezSharedSvcHost.exe
MD5: 63b85a580d21af9bc788fe69854fabd7 C:\Windows\SysWOW64\ezsvc7x.dll
MD5: f24fc0b2456186e35c51fef5fd55e853 C:\Windows\SysWOW64\ezUPBHook.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 9af36c3c48f82d95b5670d7c29923d8a c:\windows\syswow64\ieframe.dll
MD5: 733c7f11b06892f9dc283d4bb34abd25 C:\Windows\syswow64\iertutil.dll
MD5: c92f538f531f26f2e240a8b21420692a C:\Windows\SysWOW64\jscript9.dll
MD5: 9c54f2cc2301599d698399d7e49c7321 C:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx
MD5: 3f63f95c998f7e1af409bc74e83d45e5 C:\Windows\SysWOW64\mshtml.dll
MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\syswow64\ole32.dll
MD5: a07da8434b12b2cd0ad2994f05d1129e C:\Windows\syswow64\OLEAUT32.dll
MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\Windows\SysWOW64\schannel.dll
MD5: df6de2f5afb9fa1cfa02081ef9b3e7e8 C:\Windows\SysWOW64\urlmon.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: a1236375b74ea63c75657d564890c436 C:\Windows\syswow64\WININET.dll
MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\Comctl32.dll
MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.02 MB sent, 0.59 KB recvd
Scanned 423 files and modules - 16 seconds

==============================================================================

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 30 June 2011 - 04:50 PM

Are you able to run the ESET scan as well :)?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 30 June 2011 - 04:51 PM

Found one here, but it deleted it


esets_scanner_update returned -1 esets_gle=36881
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=db783cc0ab7225498ad945eec2e6e82a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-30 09:38:17
# local_time=2011-06-30 10:38:17 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 66492 66492 0 0
# compatibility_mode=1797 16774142 0 6 0 35298948 0 0
# compatibility_mode=5893 16776573 100 94 188508 61932982 0 0
# compatibility_mode=8192 67108863 100 0 2081 2081 0 0
# scanned=163386
# found=1
# cleaned=1
# scan_time=1965
C:\Users\Louis\Desktop\Louis\Director\Director MX\Keygen\keygen.exe probably a variant of Win32/Keygen.BH application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 30 June 2011 - 05:34 PM

Your logs look clean! ;)

Since your programs appear to be updated, I will provide you with some suggestions for security software, but first, ComboFix must be unistalled ;):

If there are any remaining issues or concerns, please let me know :)


The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall AVG AntiVirus if you haven't already.

-------------

I see you have User Accounts Control (UAC) disabled.
This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.
I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.micro...ntrol-on-or-off

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.


If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 louishowe

louishowe

    New Member

  • Members
  • Pip
  • 13 posts

Posted 01 July 2011 - 11:27 AM

Hi,
I have followed your advise, and got a new antivirus, firewall & spybot :)
Thank you so much, I cant thank you enough for your help, it is much appreciated. A big thankyou!
Kind Regards,
Louis

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 3,653 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food

Posted 01 July 2011 - 11:27 AM

You're welcome! :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 01 July 2011 - 11:43 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users