kashu

Unable to restore my system

3 posts in this topic

Hi,

Couple of days back i downloaded a crack and it was actually a spyware, virus or whatever it is, it has turned my system restore off. I have AVAST 5.0.545 internet security and it detected the spyware right away and blocked it. However, i am not able to turn the system restore on from the point onward. Also, my Windows security center service has been disabled. I tried to enable it by going to services.msc and started the service and restarted the system, but nothing seems to be working. Please help me by cleaning my system.

Here are all the details after following the the instructions:

Malawarebyte Log

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6862

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

16/06/2011 12:32:52 AM

mbam-log-2011-06-16 (00-32-52).txt

Scan type: Full scan (C:\|)

Objects scanned: 602291

Time elapsed: 2 hour(s), 45 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\kashutu\Desktop\HP DM4T\softwares\macromedia flash mx pro 2004 + keygen\flash_video_exporter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\removewat21\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\w7.activate.permanent.ryu\rwt_v2.2.5.2_ryu\rwt v2.2.5.2_ryu\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\w7.activate.permanent.ryu\windows 7 activator + remove wat\windows 7 activator + remove wat\removewatv2.2.5.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\windows activation tools\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\windows activation tools\wpatcherp5575987\keyfinder.exe (Application.FindKey) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\windows activation tools\wpatcherp5575987\wga-fix.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\windows activation tools\wpatcherp5575987\windows xp keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\winrar_2009\winrar_2009\Install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\HP DM4T\softwares\winrar_2009\winrar_2009\winrar.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\kashutu\Desktop\Movies\lifetimecs4mastercollectionlicenseworkaround\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\Users\kashutu\documents\downloads\compressed\rvnc.enterprise.v4.5.1.plus.keymaker\Key.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Windows.old\Users\kashif butt\Desktop\softwares\idm 5.19.3@akhilesh910\idm 5.19.3@akhilesh910\idm 5.19.3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Windows.old\Users\kashif butt\Desktop\softwares\obytirucestenret1760322902010\1box_ntr2010_2.9\1box_ntr2010_2.9\1box_ntr2010.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.

DDS Log File:

.

DDS (Ver_2011-06-12.02) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by kashutu at 1:45:11 on 2011-06-16

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3894.2135 [GMT 5:00]

.

AV: avast! Internet Security *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Internet Security *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\locator.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\RealVNC\VNC4\winvnc4.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = 204.45.210.228:8800

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [cdloader] "C:\Users\kashutu\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [X-Lite 4] "C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe" -bootload

uRun: [<NO NAME>]

uRun: [Google Update] "C:\Users\kashutu\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4A155B69-9AD2-4D9D-9583-25D4C2B92051} : NameServer = 10.110.1.5,202.166.166.3

TCP: Interfaces\{AF99F39B-0211-4E7C-9132-28AB9B7B011C} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AF99F39B-0211-4E7C-9132-28AB9B7B011C}\2456C6B696E6F5E413F575962756C6563737F5531463445493 : DhcpNameServer = 192.168.2.1 192.168.1.1

TCP: Interfaces\{AF99F39B-0211-4E7C-9132-28AB9B7B011C}\9624271696E60224573796E65637370235F6C6574796F6E637 : DhcpNameServer = 10.110.1.5

TCP: Interfaces\{AF99F39B-0211-4E7C-9132-28AB9B7B011C}\D6F647F627F6C616 : DhcpNameServer = 192.168.15.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll

BHO-X64: EgisPBIE - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 74.208.10.249 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\kashutu\AppData\Roaming\Mozilla\Firefox\Profiles\v64436cp.default\

FF - prefs.js: network.proxy.ftp - 173.234.56.168

FF - prefs.js: network.proxy.ftp_port - 27808

FF - prefs.js: network.proxy.http - 173.234.56.168

FF - prefs.js: network.proxy.http_port - 27808

FF - prefs.js: network.proxy.socks - 173.234.56.168

FF - prefs.js: network.proxy.socks_port - 27808

FF - prefs.js: network.proxy.ssl - 173.234.56.168

FF - prefs.js: network.proxy.ssl_port - 27808

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll

FF - component: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt\components\EgisPBFF.dll

FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: C:\Users\kashutu\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: C:\Users\kashutu\AppData\Roaming\Mozilla\Firefox\Profiles\v64436cp.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\kashutu\AppData\Roaming\Mozilla\Firefox\Profiles\v64436cp.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\kashutu\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\kashutu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\kashutu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-2 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-30 40384]

R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-5-30 119200]

R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-3-25 689008]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-13 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-15 366640]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-19 2271608]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-14 2533400]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-30 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-30 40384]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 TwonkyMedia;TwonkyMedia;C:\Program Files (x86)\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> C:\Program Files (x86)\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

S3 B-Service;B-Service;C:\Users\kashutu\Documents\Downloads\Programs\B-Service.exe [2011-6-3 185640]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-15 14:02:15 388096 ----a-r- C:\Users\kashutu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-15 14:02:14 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-06-15 13:53:02 -------- d-----w- C:\Users\kashutu\AppData\Roaming\Malwarebytes

2011-06-15 13:52:50 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-15 13:52:48 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-15 13:52:44 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-15 13:52:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-15 13:21:21 -------- d-----w- C:\Users\kashutu\AppData\Local\{CAF968FD-1CAF-488A-86E4-3112EFEB324B}

2011-06-14 14:13:06 -------- d-----w- C:\Program Files\CCleaner

2011-06-14 12:02:32 -------- d-----w- C:\Users\kashutu\AppData\Local\{CC4B61D0-32EA-446D-9260-D4F950D499B6}

2011-06-13 19:22:59 -------- d-----w- C:\Users\kashutu\AppData\Local\{525CAE9D-D2BE-419F-A944-DF0A8C77FABF}

2011-06-13 17:58:14 137216 --sha-r- C:\Windows\SysWow64\winrssrvt.dll

2011-06-13 17:20:12 -------- d-----w- C:\Do Not Call Data

2011-06-13 17:19:57 -------- d-----w- C:\ProgramData\DoubleTimeSoftware

2011-06-13 17:13:05 -------- d-----w- C:\Program Files (x86)\Double-Time Software

2011-06-13 07:22:16 -------- d-----w- C:\Users\kashutu\AppData\Local\{E866DC2A-0F12-4092-9E41-26708C11885F}

2011-06-12 10:02:22 -------- d-----w- C:\Users\kashutu\AppData\Local\{ADCB9C52-506C-45A2-8FCF-EFD392D800C1}

2011-06-12 08:55:44 -------- d-----w- C:\Users\kashutu\AppData\Local\{0A16639D-EF39-4FE1-A0DC-FDDD9858625A}

2011-06-12 08:08:12 -------- d-----w- C:\Users\kashutu\AppData\Local\{B67F30F6-6233-49E6-9D70-CB99962A178B}

2011-06-12 06:49:11 -------- d-----w- C:\Users\kashutu\AppData\Local\{BEE382EF-0120-4A63-BDF7-EB68A8708BBF}

2011-06-11 09:09:21 -------- d-----w- C:\Users\kashutu\AppData\Local\{5B6EB900-C4BE-4C18-828C-5398A5553181}

2011-06-10 10:12:21 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFE103C5-0ADD-416E-98C6-DDDAE6E34956}\mpengine.dll

2011-06-10 10:07:25 -------- d-----w- C:\Users\kashutu\AppData\Local\{3DC842E1-DF52-4D21-95BB-4F2DC0B0D75C}

2011-06-09 13:16:45 -------- d-----w- C:\Users\kashutu\AppData\Local\{C7674753-BC9E-4800-8BA7-6534B84DBE9E}

2011-06-08 23:16:49 -------- d-----w- C:\Users\kashutu\AppData\Local\{46EEC186-7F0D-4CA1-B1D3-AE87EC3FA0B1}

2011-06-08 11:16:04 -------- d-----w- C:\Users\kashutu\AppData\Local\{F2373DC0-773A-4C67-881F-99502758B373}

2011-06-07 20:20:08 -------- d-----w- C:\Users\kashutu\AppData\Local\{E7573127-A660-4CDD-A8D0-7915A07D002D}

2011-06-07 07:57:11 -------- d-----w- C:\Users\kashutu\AppData\Local\{DAA022DE-5DC8-4525-84E6-6E4278B4CDAD}

2011-06-06 14:12:20 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-06-06 14:00:51 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-06 12:50:40 -------- d-----w- C:\Users\kashutu\AppData\Local\{5B4C704C-45F6-41FC-AB89-D0C1CF6435E6}

2011-06-05 18:39:37 -------- d-----w- C:\Users\kashutu\AppData\Local\{AB9C085D-19C7-439B-85BA-73EF1CAA8372}

2011-06-05 06:38:46 -------- d-----w- C:\Users\kashutu\AppData\Local\{A170CD46-FA53-4BAA-8319-19C9CBBE0999}

2011-06-04 15:47:18 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm

2011-06-04 15:47:18 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2011-06-04 15:47:17 631808 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2011-06-04 15:47:17 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2011-06-04 15:47:17 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll

2011-06-04 15:47:16 80896 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-06-04 15:47:06 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2011-06-04 15:42:15 970240 ----a-w- C:\Windows\SysWow64\msmpeg2adec.dll

2011-06-04 15:42:15 79872 ----a-w- C:\Windows\SysWow64\mp3dmod.dll

2011-06-04 15:42:15 653824 ----a-w- C:\Windows\System32\mp4sdecd.dll

2011-06-04 15:42:15 415744 ----a-w- C:\Windows\SysWow64\mp4sdecd.dll

2011-06-04 15:42:15 241152 ----a-w- C:\Windows\SysWow64\mp43decd.dll

2011-06-04 15:42:15 223744 ----a-w- C:\Windows\System32\mp43decd.dll

2011-06-04 15:42:15 2134016 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2011-06-04 15:42:15 100864 ----a-w- C:\Windows\System32\mp3dmod.dll

2011-06-04 13:53:18 -------- d-----w- C:\Users\kashutu\AppData\Local\{E05770C0-C60C-43B6-8645-78010F244757}

2011-06-03 08:57:52 -------- d-----w- C:\Users\kashutu\AppData\Local\{0D9B24A9-18F3-44D8-9AF9-AB8F1769C5E3}

2011-06-02 20:30:38 -------- d-----w- C:\Users\kashutu\AppData\Local\{6DA653C6-9B6D-4683-929D-4BED31368F09}

2011-06-02 08:30:01 -------- d-----w- C:\Users\kashutu\AppData\Local\{7F59390A-51BD-4D91-A29A-FDEE870AA778}

2011-06-01 20:29:25 -------- d-----w- C:\Users\kashutu\AppData\Local\{438B2EE7-F0EE-4BC6-97BD-D4C940F6709A}

2011-06-01 08:27:48 -------- d-----w- C:\Users\kashutu\AppData\Local\{DEF4F12C-6E1B-48D8-B1CE-5E090BC7EC37}

2011-06-01 08:22:40 -------- d-----w- C:\Users\kashutu\AppData\Local\{A648E098-ED8A-4FB2-897D-126067A67ABA}

2011-06-01 08:11:17 -------- d-----w- C:\Users\kashutu\AppData\Local\{B389CBF6-4B7C-4465-85C2-7EA47EEC097F}

2011-05-31 13:48:25 -------- d-----w- C:\Users\kashutu\AppData\Local\{F612E74C-6967-4937-B268-23B0773C73FC}

2011-05-31 07:13:32 -------- d-----w- C:\Users\kashutu\AppData\Local\{7CCBEBFB-210A-40B9-8B07-5FF79E693215}

2011-05-30 16:47:42 424016 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-05-30 16:47:41 124496 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2011-05-30 16:47:10 250448 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2011-05-30 16:47:08 63568 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-05-30 16:46:28 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys

2011-05-30 14:45:10 -------- d-----w- C:\Users\kashutu\AppData\Local\{E67F6718-D515-49CE-8CE7-4895E71AD017}

2011-05-29 05:37:42 -------- d-----w- C:\Users\kashutu\AppData\Local\{CE5619A2-66BA-44B6-BC5B-C6A89F663DFE}

2011-05-28 14:03:01 -------- d-----w- C:\Users\kashutu\AppData\Local\{B22F4C4F-F24C-45E1-A692-0A0B7A169B7C}

2011-05-27 14:03:21 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-05-27 14:03:20 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-05-27 14:03:20 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-05-27 14:03:18 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-05-27 14:03:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-05-27 11:51:10 -------- d-----w- C:\Users\kashutu\AppData\Local\{BF994156-9305-478A-B3E1-F0EDD0A0A18D}

2011-05-26 19:29:26 -------- d-----w- C:\Users\kashutu\AppData\Local\{BDE57549-57F6-4067-A187-222378992EEC}

2011-05-26 19:03:46 2871808 ----a-w- C:\Windows\explorer.exe

2011-05-26 19:03:45 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-05-26 19:03:36 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-05-26 19:03:35 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-05-26 19:03:31 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-05-26 19:03:30 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-05-26 19:01:17 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-05-26 19:01:15 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-05-26 19:01:15 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-05-26 18:40:58 419840 ----a-w- C:\Windows\System32\systemcplx64.dll

2011-05-26 18:40:58 14848 ----a-w- C:\Windows\System32\slwga.dll

2011-05-26 18:40:58 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

2011-05-26 14:49:27 -------- d-----w- C:\Windows\System32\SPReview

2011-05-26 14:48:51 -------- d-----w- C:\Windows\System32\EventProviders

2011-05-26 14:42:02 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-05-26 14:42:02 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-05-26 14:40:59 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2011-05-26 14:39:59 424448 ----a-w- C:\Windows\System32\aeinv.dll

2011-05-26 14:38:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2011-05-26 14:37:56 48128 ----a-w- C:\Windows\System32\ftp.exe

2011-05-26 14:36:59 280064 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2011-05-26 14:35:54 6144 ----a-w- C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui

2011-05-26 14:35:54 4096 ----a-w- C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui

2011-05-26 14:35:54 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui

2011-05-26 14:35:53 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui

2011-05-26 14:35:49 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui

2011-05-26 14:35:49 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui

2011-05-26 14:35:31 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe

2011-05-26 14:35:31 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-05-26 14:35:06 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-05-26 14:35:06 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-05-26 14:35:00 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-05-26 14:35:00 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-05-26 14:30:41 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-05-26 14:30:41 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-05-26 14:30:41 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-05-26 14:30:26 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-05-26 14:30:16 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-05-26 14:29:35 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-05-26 14:29:34 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-05-26 07:28:45 -------- d-----w- C:\Users\kashutu\AppData\Local\{CE535590-F325-4E14-9FF0-C6DCC06CDBAA}

2011-05-25 19:28:08 -------- d-----w- C:\Users\kashutu\AppData\Local\{924CCC2E-57F0-4B5E-AAC2-2D34CF742C78}

2011-05-25 07:27:31 -------- d-----w- C:\Users\kashutu\AppData\Local\{2586DECA-A0B0-42D5-B386-D3E7A00AF132}

2011-05-24 16:30:41 -------- d-----w- C:\Users\kashutu\AppData\Local\{CC4EEB9A-A875-459C-9417-513DF2430DB4}

2011-05-23 18:12:31 -------- d-----w- C:\Users\kashutu\AppData\Local\{4B69ECB8-3C2E-4F51-A53B-AED2AC15821A}

2011-05-23 06:11:56 -------- d-----w- C:\Users\kashutu\AppData\Local\{34F6E600-AD56-481D-A557-F340E7D5B5C7}

2011-05-22 14:58:55 -------- d-----w- C:\Users\kashutu\AppData\Local\{96958BFB-9D1B-4A90-8F50-1FCB99E69CFA}

2011-05-21 21:20:23 -------- d-----w- C:\Users\kashutu\AppData\Local\{A738DFA3-F12A-46C5-B51E-C8896F4755AA}

2011-05-21 09:19:41 -------- d-----w- C:\Users\kashutu\AppData\Local\{05001A55-7217-43DD-AAE3-27BBE275B670}

2011-05-20 13:53:18 -------- d-----w- C:\Users\kashutu\AppData\Local\{29AF7368-1B34-498C-ABC4-BFEE0A74C7B5}

2011-05-19 13:39:16 -------- d-----w- C:\Users\kashutu\AppData\Local\{DCC77298-ED28-493C-B7D1-7FC98623DA72}

2011-05-19 06:34:22 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-19 06:34:22 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-18 21:27:46 -------- d-----w- C:\Users\kashutu\AppData\Local\LogMeIn

2011-05-18 21:27:46 -------- d-----w- C:\ProgramData\LogMeIn

2011-05-18 19:51:41 -------- d-----w- C:\Users\kashutu\AppData\Local\{E4B286C3-F205-437E-8944-96624F5001FE}

2011-05-18 07:50:08 -------- d-----w- C:\Users\kashutu\AppData\Local\{1F536EC4-FD81-4E29-B8C4-DEC3DA7D41C5}

2011-05-17 17:45:39 -------- d-----w- C:\Users\kashutu\AppData\Roaming\TeamViewer

2011-05-17 14:18:45 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-17 14:16:59 -------- d-----w- C:\Users\kashutu\AppData\Local\{D1F3F2F1-68C4-44A1-AE3D-D9FFF47A98D1}

.

==================== Find3M ====================

.

2011-06-14 14:06:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2011-06-14 14:06:59 85504 ----a-w- C:\Windows\System32\iesetup.dll

2011-06-14 14:06:59 76800 ----a-w- C:\Windows\System32\tdc.ocx

2011-06-14 14:06:59 603648 ----a-w- C:\Windows\System32\vbscript.dll

2011-06-14 14:06:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll

2011-06-14 14:06:59 448512 ----a-w- C:\Windows\System32\html.iec

2011-06-14 14:06:59 30720 ----a-w- C:\Windows\System32\licmgr10.dll

2011-06-14 14:06:59 165888 ----a-w- C:\Windows\System32\iexpress.exe

2011-06-14 14:06:59 160256 ----a-w- C:\Windows\System32\wextract.exe

2011-06-14 14:06:59 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-06-14 14:06:59 135168 ----a-w- C:\Windows\System32\IEAdvpack.dll

2011-06-14 14:06:59 111616 ----a-w- C:\Windows\System32\iesysprep.dll

2011-05-26 15:04:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-26 15:04:28 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-05-24 14:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-04-20 14:02:28 17720 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll

2011-04-20 14:02:22 30008 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys

2011-04-20 14:02:16 30520 ----a-w- C:\Windows\System32\hpservice.exe

2011-04-20 14:02:08 20792 ----a-w- C:\Windows\System32\accelerometerdll.DLL

2011-04-20 14:02:00 43320 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-03-30 15:30:32 8505856 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys

2011-03-30 15:30:31 799232 ----a-w- C:\Windows\System32\NETwNc64.dll

2011-03-30 15:30:31 2750464 ----a-w- C:\Windows\System32\NETwNr64.dll

.

============= FINISH: 1:47:15.95 ===============

ATTACH.txt Log:

PFA

GMER ark.txt Log:

PFA

ark.rar

Attach.rar

Share this post


Link to post
Share on other sites

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for your cracks and your pirated version of Windows.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.