louishowe

Help, I think I'm infected!

14 posts in this topic

After clicking a bad link by mistake, my firefox is randomly opening 8 tabs, and malwarebytes is blocking a outgoing connect to 93.114.40.221 & others Port 50587, processes svchost.exe & firefox.exe.

I have followed the instructions and here is my DDS file and my Malwarebytes log underneath. Attach.zip contains my Ark & Attach txt files. Please help me!

Thanks,

Louis

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Louis at 18:45:42 on 2011-06-29

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.5883.4075 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\msfeedssync.exe

C:\Windows\system32\taskhost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wuauclt.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [<NO NAME>]

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{1C1D3609-0891-404A-AF0E-E8F1C23FED7F} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [(Default)]

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\jj0fllzn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-15 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-1-6 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-16 249672]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-12-3 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-29 366640]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2011-06-29 17:41:21 -------- d-----w- C:\Users\Louis\AppData\Local\{F4A602E6-B250-42F9-945B-3EB3E63B7C30}

2011-06-29 07:30:58 -------- d-----w- C:\Users\Louis\AppData\Local\CrashDumps

2011-06-29 06:35:06 -------- d-----w- C:\Users\Louis\AppData\Roaming\SUPERAntiSpyware.com

2011-06-29 06:35:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-06-29 06:34:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-06-28 23:05:34 -------- d-----w- C:\Users\Louis\AppData\Roaming\Malwarebytes

2011-06-28 23:04:31 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-28 23:04:31 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-28 23:04:28 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-28 23:04:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-28 22:49:22 -------- d-----w- C:\Users\Louis\AppData\Roaming\AVG10

2011-06-28 22:45:25 -------- d--h--w- C:\ProgramData\Common Files

2011-06-28 22:44:36 -------- d-----w- C:\ProgramData\AVG10

2011-06-28 22:43:51 -------- d-----w- C:\Program Files (x86)\AVG

2011-06-28 22:32:15 -------- d-----w- C:\ProgramData\MFAData

2011-06-28 22:28:52 200008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll

2011-06-28 21:49:03 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2011-06-28 21:03:18 -------- d-----w- C:\Users\Louis\AppData\Roaming\SoftGrid Client

2011-06-28 21:03:18 -------- d-----w- C:\Users\Louis\AppData\Local\SoftGrid Client

2011-06-28 21:02:35 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2011-06-28 21:02:19 -------- d-----w- C:\Users\Louis\AppData\Roaming\TP

2011-06-28 20:59:17 -------- d-----w- C:\Users\Louis\AppData\Local\Adobe

2011-06-28 20:45:25 -------- d-----w- C:\Users\Louis\AppData\Local\{99FFC1D0-D3DA-4F41-89A2-EB3CA108E318}

2011-06-28 20:45:04 -------- d-----w- C:\Users\Louis\Tracing

2011-06-28 20:37:13 -------- d-----w- C:\Program Files\Lexmark

2011-06-28 20:32:02 -------- d-----w- C:\HP_TOOLS_mountHPSF

2011-06-28 20:23:47 -------- d-----w- C:\Users\Louis\AppData\Local\HP

2011-06-28 20:23:30 -------- d-----w- C:\Users\Louis\AppData\Local\AuthenTec

2011-06-28 18:01:35 2588952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-06-28 18:01:18 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-06-28 18:01:15 710976 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-28 17:47:48 -------- d-----w- C:\Program Files (x86)\WildTangent Games

2011-06-28 17:14:07 -------- dc----w- C:\Users\Louis\AppData\Local\MigWiz

2011-06-28 17:10:29 1397248 ----a-w- C:\Windows\SysWow64\win_utilman.exe

2011-06-28 17:10:25 -------- d-----w- C:\Users\Louis\AppData\Roaming\_MDLogs

2011-06-28 16:43:58 66048 ----a-w- C:\Program Files\Internet Explorer\JSProfilerCore.dll

2011-06-28 16:43:54 603648 ----a-w- C:\Windows\System32\vbscript.dll

2011-06-28 16:43:44 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DBCA6C3-31E9-449C-A16F-E96DE9295139}\mpengine.dll

2011-06-28 16:43:43 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-06-28 16:38:49 -------- d-----w- C:\Users\Louis\AppData\Roaming\IDT

2011-06-28 16:35:06 -------- d-----w- C:\Users\Louis\AppData\Local\AMD

2011-06-28 16:35:00 -------- d-----w- C:\Users\Louis\AppData\Local\ATI

2011-06-28 16:34:59 -------- d-----w- C:\Users\Louis\AppData\Roaming\PictureMover

2011-06-28 16:34:03 -------- d-----w- C:\Users\Louis\AppData\Local\Broadcom

2011-06-28 16:33:59 -------- d-----w- C:\Users\Louis\AppData\Roaming\Synaptics

2011-06-28 16:33:20 -------- d-----w- C:\Users\Louis\AppData\Roaming\hpqlog

2011-06-28 16:33:18 -------- d-----w- C:\Users\Louis\AppData\Local\RemEngine

2011-06-28 16:29:49 -------- d-----w- C:\Users\Louis\AppData\Local\Hewlett-Packard

2011-06-28 16:29:38 -------- d-----w- C:\Users\Louis\AppData\Local\Hewlett-Packard_Company

2011-06-28 16:28:26 -------- d-----w- C:\Users\Louis\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2011-06-28 16:41:58 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-05-04 03:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-04-15 10:52:58 0 ----a-w- C:\Windows\ativpsrm.bin

2011-04-15 10:48:38 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

2011-04-15 10:48:37 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll

2011-04-15 10:48:37 3896832 ----a-w- C:\Windows\System32\bcmihvsrv64.dll

2011-04-15 10:48:37 3561472 ----a-w- C:\Windows\System32\bcmihvui64.dll

2011-04-15 10:48:37 3065408 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS

2011-04-15 10:34:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-04-15 10:34:07 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-04-15 10:33:52 112000 ----a-w- C:\Windows\System32\consent.exe

2011-04-15 10:33:42 3124224 ----a-w- C:\Windows\System32\win32k.sys

2011-04-15 10:32:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-04-15 10:32:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2011-04-15 10:32:15 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-04-15 10:32:15 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2011-04-15 10:32:15 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2011-04-15 10:32:15 464384 ----a-w- C:\Windows\System32\taskeng.exe

2011-04-15 10:32:15 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2011-04-15 10:32:15 285696 ----a-w- C:\Windows\System32\schtasks.exe

2011-04-15 10:32:15 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2011-04-15 10:32:15 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2011-04-15 10:32:15 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2011-04-15 10:32:15 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

.

============= FINISH: 18:49:05.54 ===============

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6970

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

29/06/2011 00:41:57

mbam-log-2011-06-29 (00-41-57).txt

Scan type: Full scan (C:\|Q:\|)

Objects scanned: 308026

Time elapsed: 34 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Louis\AppData\Local\Temp\7FA0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Louis\AppData\Local\Temp\E9A8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\Users\Louis\Desktop\Louis\Director\director mx\Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

c:\Users\Louis\Desktop\Louis\Director\macromedia director mx 2004 v10.0\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

attach.zip

Share this post


Link to post
Share on other sites

Hello louishowe and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Share this post


Link to post
Share on other sites

Hi D-Fred_Brown, Thank you for helping me with this, I much appreciate it.

I have done as you suggested, here are the logs. (In seperate posts)

TDSSKILLER:

2011/06/30 18:38:56.0189 1724 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/06/30 18:38:56.0672 1724 ================================================================================

2011/06/30 18:38:56.0672 1724 SystemInfo:

2011/06/30 18:38:56.0672 1724

2011/06/30 18:38:56.0672 1724 OS Version: 6.1.7600 ServicePack: 0.0

2011/06/30 18:38:56.0672 1724 Product type: Workstation

2011/06/30 18:38:56.0672 1724 ComputerName: LOUIS-HP

2011/06/30 18:38:56.0672 1724 UserName: Louis

2011/06/30 18:38:56.0672 1724 Windows directory: C:\Windows

2011/06/30 18:38:56.0672 1724 System windows directory: C:\Windows

2011/06/30 18:38:56.0672 1724 Running under WOW64

2011/06/30 18:38:56.0672 1724 Processor architecture: Intel x64

2011/06/30 18:38:56.0672 1724 Number of processors: 2

2011/06/30 18:38:56.0672 1724 Page size: 0x1000

2011/06/30 18:38:56.0672 1724 Boot type: Normal boot

2011/06/30 18:38:56.0672 1724 ================================================================================

2011/06/30 18:39:00.0276 1724 Initialize success

2011/06/30 18:39:07.0031 5592 ================================================================================

2011/06/30 18:39:07.0031 5592 Scan started

2011/06/30 18:39:07.0031 5592 Mode: Manual;

2011/06/30 18:39:07.0031 5592 ================================================================================

2011/06/30 18:39:12.0663 5592 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/06/30 18:39:13.0599 5592 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/06/30 18:39:15.0595 5592 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/06/30 18:39:16.0500 5592 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/06/30 18:39:17.0202 5592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/06/30 18:39:17.0795 5592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/06/30 18:39:18.0528 5592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/06/30 18:39:19.0199 5592 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2011/06/30 18:39:21.0211 5592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/06/30 18:39:21.0742 5592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/06/30 18:39:24.0378 5592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/06/30 18:39:25.0533 5592 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

2011/06/30 18:39:26.0157 5592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/06/30 18:39:27.0295 5592 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/30 18:39:28.0138 5592 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/06/30 18:39:29.0027 5592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/06/30 18:39:29.0589 5592 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys

2011/06/30 18:39:31.0351 5592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/06/30 18:39:31.0866 5592 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys

2011/06/30 18:39:32.0943 5592 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/06/30 18:39:34.0721 5592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/06/30 18:39:37.0763 5592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/06/30 18:39:39.0931 5592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/30 18:39:40.0945 5592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/06/30 18:39:43.0051 5592 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

2011/06/30 18:39:44.0097 5592 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

2011/06/30 18:39:44.0783 5592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/06/30 18:39:45.0485 5592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/06/30 18:39:47.0310 5592 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys

2011/06/30 18:39:48.0340 5592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/06/30 18:39:49.0323 5592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/30 18:39:49.0931 5592 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/30 18:39:51.0382 5592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/06/30 18:39:52.0567 5592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/06/30 18:39:53.0800 5592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/06/30 18:39:54.0627 5592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/30 18:39:58.0168 5592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/30 18:40:01.0366 5592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/30 18:40:02.0193 5592 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/06/30 18:40:03.0066 5592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/06/30 18:40:03.0721 5592 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/06/30 18:40:05.0859 5592 BTHPORT (d0168821eb2593a2dc5c5bf71bb21cbb) C:\Windows\system32\Drivers\BTHport.sys

2011/06/30 18:40:06.0935 5592 BTHUSB (857667b6a26a307a78758e5ea2ce05d9) C:\Windows\system32\Drivers\BTHUSB.sys

2011/06/30 18:40:07.0637 5592 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys

2011/06/30 18:40:08.0495 5592 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys

2011/06/30 18:40:09.0291 5592 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys

2011/06/30 18:40:09.0915 5592 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/06/30 18:40:11.0412 5592 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/06/30 18:40:12.0052 5592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/30 18:40:13.0347 5592 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/30 18:40:14.0002 5592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/06/30 18:40:14.0626 5592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/06/30 18:40:15.0390 5592 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

2011/06/30 18:40:16.0077 5592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/30 18:40:17.0761 5592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/06/30 18:40:18.0744 5592 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/06/30 18:40:19.0509 5592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/30 18:40:20.0367 5592 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/06/30 18:40:20.0975 5592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/06/30 18:40:22.0363 5592 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2011/06/30 18:40:24.0064 5592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/06/30 18:40:25.0156 5592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/06/30 18:40:26.0107 5592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/06/30 18:40:27.0246 5592 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/30 18:40:29.0383 5592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/06/30 18:40:30.0351 5592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/06/30 18:40:31.0006 5592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/06/30 18:40:31.0645 5592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/06/30 18:40:32.0956 5592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/06/30 18:40:34.0063 5592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/30 18:40:34.0984 5592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/06/30 18:40:35.0655 5592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/06/30 18:40:36.0793 5592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/30 18:40:37.0386 5592 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/06/30 18:40:37.0979 5592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/06/30 18:40:38.0603 5592 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/30 18:40:40.0288 5592 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/30 18:40:41.0598 5592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/06/30 18:40:42.0550 5592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/30 18:40:43.0517 5592 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/06/30 18:40:44.0250 5592 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/30 18:40:45.0514 5592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/06/30 18:40:47.0058 5592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/06/30 18:40:47.0667 5592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/06/30 18:40:49.0055 5592 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/30 18:40:49.0975 5592 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/06/30 18:40:50.0724 5592 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/06/30 18:40:51.0489 5592 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/06/30 18:40:52.0175 5592 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/30 18:40:53.0033 5592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/30 18:40:53.0610 5592 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/06/30 18:40:54.0811 5592 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/06/30 18:40:55.0623 5592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/06/30 18:40:56.0200 5592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/06/30 18:40:56.0871 5592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/30 18:40:57.0573 5592 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/30 18:40:58.0166 5592 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/06/30 18:40:58.0899 5592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/06/30 18:40:59.0616 5592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/06/30 18:41:01.0176 5592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/06/30 18:41:01.0769 5592 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/30 18:41:03.0126 5592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/30 18:41:03.0610 5592 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/06/30 18:41:04.0016 5592 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/30 18:41:04.0889 5592 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/30 18:41:05.0451 5592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/06/30 18:41:06.0200 5592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/30 18:41:07.0775 5592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/06/30 18:41:08.0774 5592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/06/30 18:41:09.0429 5592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/06/30 18:41:10.0209 5592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/06/30 18:41:11.0098 5592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/06/30 18:41:11.0722 5592 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys

2011/06/30 18:41:13.0516 5592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/06/30 18:41:14.0546 5592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/06/30 18:41:15.0201 5592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/06/30 18:41:16.0168 5592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/30 18:41:16.0901 5592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/30 18:41:18.0773 5592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/30 18:41:19.0584 5592 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/06/30 18:41:20.0286 5592 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/06/30 18:41:20.0926 5592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/30 18:41:22.0392 5592 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/06/30 18:41:23.0937 5592 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/30 18:41:24.0966 5592 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/30 18:41:25.0559 5592 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/30 18:41:27.0010 5592 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys

2011/06/30 18:41:27.0993 5592 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/06/30 18:41:29.0194 5592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/06/30 18:41:29.0787 5592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/30 18:41:30.0816 5592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/06/30 18:41:32.0298 5592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/30 18:41:33.0453 5592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/30 18:41:34.0233 5592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/06/30 18:41:34.0872 5592 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/06/30 18:41:35.0418 5592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/30 18:41:35.0964 5592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/06/30 18:41:37.0758 5592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/06/30 18:41:38.0882 5592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/06/30 18:41:39.0552 5592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/30 18:41:40.0130 5592 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/06/30 18:41:40.0847 5592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/30 18:41:41.0892 5592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/30 18:41:42.0641 5592 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/30 18:41:43.0296 5592 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/30 18:41:44.0778 5592 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/06/30 18:41:45.0527 5592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/30 18:41:46.0182 5592 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/30 18:41:47.0337 5592 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/06/30 18:41:48.0086 5592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/06/30 18:41:50.0004 5592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/06/30 18:41:50.0925 5592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/30 18:41:52.0188 5592 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys

2011/06/30 18:41:52.0750 5592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/06/30 18:41:53.0577 5592 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys

2011/06/30 18:41:54.0388 5592 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys

2011/06/30 18:41:55.0230 5592 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys

2011/06/30 18:41:56.0166 5592 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys

2011/06/30 18:41:56.0837 5592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/06/30 18:41:57.0414 5592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/06/30 18:41:59.0052 5592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/06/30 18:42:00.0363 5592 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/06/30 18:42:01.0455 5592 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/06/30 18:42:02.0141 5592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/06/30 18:42:02.0999 5592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/06/30 18:42:04.0512 5592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/06/30 18:42:05.0792 5592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/06/30 18:42:06.0743 5592 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/30 18:42:07.0383 5592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/06/30 18:42:08.0069 5592 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/30 18:42:08.0818 5592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/06/30 18:42:09.0426 5592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/06/30 18:42:10.0128 5592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/30 18:42:12.0375 5592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/30 18:42:13.0576 5592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/30 18:42:14.0294 5592 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/30 18:42:16.0446 5592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/30 18:42:20.0159 5592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/30 18:42:22.0484 5592 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/30 18:42:24.0621 5592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/30 18:42:26.0867 5592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/30 18:42:28.0958 5592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/30 18:42:31.0391 5592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/30 18:42:32.0984 5592 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/06/30 18:42:34.0220 5592 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

2011/06/30 18:42:36.0279 5592 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/06/30 18:42:37.0452 5592 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys

2011/06/30 18:42:38.0436 5592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/30 18:42:39.0370 5592 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/06/30 18:42:39.0685 5592 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2011/06/30 18:42:40.0024 5592 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2011/06/30 18:42:41.0390 5592 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/06/30 18:42:42.0273 5592 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/30 18:42:44.0079 5592 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

2011/06/30 18:42:45.0324 5592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/06/30 18:42:47.0397 5592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/30 18:42:49.0685 5592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/06/30 18:42:50.0236 5592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/06/30 18:42:56.0309 5592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/06/30 18:42:58.0707 5592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/06/30 18:43:00.0393 5592 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/06/30 18:43:02.0916 5592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/30 18:43:04.0071 5592 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys

2011/06/30 18:43:05.0238 5592 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2011/06/30 18:43:06.0983 5592 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2011/06/30 18:43:09.0228 5592 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys

2011/06/30 18:43:11.0488 5592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/06/30 18:43:14.0334 5592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/06/30 18:43:16.0106 5592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/06/30 18:43:17.0518 5592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/06/30 18:43:20.0214 5592 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2011/06/30 18:43:21.0514 5592 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/30 18:43:22.0835 5592 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2011/06/30 18:43:24.0639 5592 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2011/06/30 18:43:25.0608 5592 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2011/06/30 18:43:26.0328 5592 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/30 18:43:27.0339 5592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/06/30 18:43:28.0411 5592 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys

2011/06/30 18:43:29.0249 5592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/30 18:43:31.0466 5592 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

2011/06/30 18:43:32.0650 5592 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2011/06/30 18:43:34.0752 5592 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/30 18:43:35.0605 5592 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/30 18:43:37.0050 5592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/06/30 18:43:37.0572 5592 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/06/30 18:43:39.0342 5592 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/30 18:43:43.0121 5592 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/30 18:43:44.0522 5592 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/30 18:43:45.0182 5592 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/30 18:43:45.0811 5592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/06/30 18:43:47.0339 5592 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/30 18:43:48.0032 5592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/06/30 18:43:49.0553 5592 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/30 18:43:51.0206 5592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/06/30 18:43:52.0150 5592 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/30 18:43:53.0485 5592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/06/30 18:43:55.0409 5592 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/30 18:43:56.0820 5592 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys

2011/06/30 18:43:57.0908 5592 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/30 18:43:59.0760 5592 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/06/30 18:44:00.0649 5592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/30 18:44:01.0528 5592 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/06/30 18:44:02.0987 5592 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/30 18:44:05.0063 5592 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/30 18:44:06.0710 5592 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

2011/06/30 18:44:07.0887 5592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/06/30 18:44:09.0098 5592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/30 18:44:10.0509 5592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/06/30 18:44:11.0494 5592 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/06/30 18:44:12.0206 5592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/06/30 18:44:13.0673 5592 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/06/30 18:44:14.0518 5592 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/06/30 18:44:15.0960 5592 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/06/30 18:44:16.0678 5592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/06/30 18:44:17.0295 5592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/06/30 18:44:18.0707 5592 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/06/30 18:44:20.0136 5592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/06/30 18:44:23.0199 5592 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 18:44:23.0210 5592 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 18:44:24.0914 5592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/06/30 18:44:25.0957 5592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/30 18:44:26.0953 5592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/30 18:44:28.0008 5592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/06/30 18:44:29.0093 5592 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys

2011/06/30 18:44:29.0761 5592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/06/30 18:44:30.0800 5592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/30 18:44:31.0336 5592 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/06/30 18:44:32.0750 5592 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/30 18:44:33.0348 5592 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/06/30 18:44:33.0504 5592 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0

2011/06/30 18:44:33.0510 5592 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/30 18:44:33.0568 5592 Boot (0x1200) (fc998d7601b0523572dc8200f3f02d23) \Device\Harddisk0\DR0\Partition0

2011/06/30 18:44:33.0589 5592 Boot (0x1200) (0394aa1f94d26bf00673dadce90c8683) \Device\Harddisk0\DR0\Partition1

2011/06/30 18:44:33.0664 5592 Boot (0x1200) (cc184aefa712e6f7f35b122fa02f0052) \Device\Harddisk0\DR0\Partition2

2011/06/30 18:44:33.0707 5592 Boot (0x1200) (ac034a5200922613abeeba9280878dfa) \Device\Harddisk0\DR0\Partition3

2011/06/30 18:44:33.0712 5592 ================================================================================

2011/06/30 18:44:33.0712 5592 Scan finished

2011/06/30 18:44:33.0712 5592 ================================================================================

2011/06/30 18:44:33.0724 3852 Detected object count: 1

2011/06/30 18:44:33.0724 3852 Actual detected object count: 1

2011/06/30 18:45:18.0273 3852 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/30 18:45:18.0274 3852 \Device\Harddisk0\DR0 - ok

2011/06/30 18:45:18.0276 3852 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/30 18:45:52.0662 2796 Deinitialize success

Share this post


Link to post
Share on other sites

Combofix is attached here as a zip, it was too long to post..

CHECKUP:

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player

Mozilla Firefox (x86 en-GB..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````

I Havent had any tabs opening so far, but did get a message Runtime Error R6016 after running the checkup? AVG is uninstalled, but didnt show on the appremover list?

Many Thanks,

Louis

ComboFix.zip

Share this post


Link to post
Share on other sites

Good news!: TDSSKiller took care of the main infection ;). There are still some remnants that we need to clean up.

Hi D-Fred_Brown, Thank you for helping me with this, I much appreciate it.

No problem :).

but did get a message Runtime Error R6016 after running the checkup?

That is odd. Try rebooting the computer. Let me know if you encounter this message again, it might have just been an issue with Security Check.

AVG is uninstalled, but didnt show on the appremover list?

Don't worry about it then. It looks like its gone ;).

--------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Reglock::

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know if you've encountered any issues :).

Share this post


Link to post
Share on other sites

Brilliant news! No more problems yet, so fingers crossed all is okay with the log below! The runtime error didnt come up either.

ComboFix 11-06-30.03 - Louis 30/06/2011 20:44:54.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.5883.4354 [GMT 1:00]

Running from: c:\users\Louis\Desktop\ComboFix.exe

Command switches used :: c:\users\Louis\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))

.

.

2011-06-30 19:47 . 2011-06-30 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-29 19:51 . 2011-06-29 19:51 -------- d-----w- c:\programdata\VirtualizedApplications

2011-06-29 17:56 . 2011-06-29 17:56 -------- d-----w- c:\programdata\Avira

2011-06-29 17:56 . 2011-06-29 17:56 -------- d-----w- c:\program files (x86)\Avira

2011-06-29 06:35 . 2011-06-29 06:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-29 06:34 . 2011-07-01 02:30 -------- d-----w- c:\programdata\!SASCORE

2011-06-29 06:34 . 2011-07-01 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-28 23:04 . 2011-06-28 23:04 -------- d-----w- c:\programdata\Malwarebytes

2011-06-28 23:04 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-28 23:04 . 2011-06-28 23:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-28 23:04 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-28 22:49 . 2011-06-28 22:49 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-28 22:45 . 2011-06-28 22:45 -------- d--h--w- c:\programdata\Common Files

2011-06-28 22:44 . 2011-06-29 06:32 -------- d-----w- c:\programdata\AVG10

2011-06-28 22:43 . 2011-06-30 02:37 -------- d-----w- c:\program files (x86)\AVG

2011-06-28 22:32 . 2011-06-30 02:38 -------- d-----w- c:\programdata\MFAData

2011-06-28 21:49 . 2011-06-28 21:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-06-28 21:39 . 2011-06-28 21:48 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-28 21:30 . 2011-06-28 21:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-06-28 21:02 . 2011-07-01 02:30 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2011-06-28 20:37 . 2011-06-28 20:37 -------- d-----w- c:\program files\Lexmark

2011-06-28 18:01 . 2011-06-28 18:01 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-06-28 18:01 . 2011-06-28 18:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-06-28 18:01 . 2011-06-28 18:01 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-28 17:47 . 2011-06-28 17:48 -------- d-----w- c:\program files (x86)\WildTangent Games

2011-06-28 17:10 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe

2011-06-28 16:43 . 2011-06-28 16:43 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-28 16:43 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DBCA6C3-31E9-449C-A16F-E96DE9295139}\mpengine.dll

2011-06-28 16:43 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-06-28 16:29 . 2011-06-28 16:29 -------- d-----w- c:\users\Public\Symantec

2011-06-28 16:27 . 2011-07-01 02:30 -------- d-----w- c:\users\Louis

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 18:16 . 2011-06-30 18:16 22291 ----a-w- C:\ComboFix.zip

2011-06-28 16:28 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-05-04 03:52 . 2011-01-05 23:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-04-15 10:48 . 2011-04-15 10:48 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-04-15 10:48 . 2011-04-15 10:48 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-04-15 10:48 . 2011-04-15 10:48 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2011-04-15 10:48 . 2011-04-15 10:48 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll

2011-04-15 10:48 . 2011-04-15 10:48 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS

2011-04-15 10:34 . 2011-04-15 10:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-04-15 10:34 . 2011-04-15 10:34 2048 ----a-w- c:\windows\system32\tzres.dll

2011-04-15 10:33 . 2011-04-15 10:33 112000 ----a-w- c:\windows\system32\consent.exe

2011-04-15 10:33 . 2011-04-15 10:33 3124224 ----a-w- c:\windows\system32\win32k.sys

2011-04-15 10:32 . 2011-04-15 10:32 395776 ----a-w- c:\windows\system32\webio.dll

2011-04-15 10:32 . 2011-04-15 10:32 314368 ----a-w- c:\windows\SysWow64\webio.dll

2011-04-15 10:32 . 2011-04-15 10:32 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-04-15 10:32 . 2011-04-15 10:32 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2011-04-15 10:32 . 2011-04-15 10:32 473600 ----a-w- c:\windows\system32\taskcomp.dll

2011-04-15 10:32 . 2011-04-15 10:32 464384 ----a-w- c:\windows\system32\taskeng.exe

2011-04-15 10:32 . 2011-04-15 10:32 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2011-04-15 10:32 . 2011-04-15 10:32 285696 ----a-w- c:\windows\system32\schtasks.exe

2011-04-15 10:32 . 2011-04-15 10:32 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2011-04-15 10:32 . 2011-04-15 10:32 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2011-04-15 10:32 . 2011-04-15 10:32 1169408 ----a-w- c:\windows\system32\taskschd.dll

2011-04-15 10:32 . 2011-04-15 10:32 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2011-04-15 10:31 . 2011-04-15 10:31 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-04-15 10:31 . 2011-04-15 10:31 367104 ----a-w- c:\windows\system32\atmfd.dll

2011-04-15 10:31 . 2011-04-15 10:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-04-15 10:31 . 2011-04-15 10:31 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-04-15 10:31 . 2011-04-15 10:31 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-04-15 10:31 . 2011-04-15 10:31 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-04-15 10:31 . 2011-04-15 10:31 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-04-15 10:31 . 2011-04-15 10:31 552960 ----a-w- c:\windows\system32\msdri.dll

2011-04-15 10:31 . 2011-04-15 10:31 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-04-15 10:31 . 2011-04-15 10:31 288256 ----a-w- c:\windows\system32\MSNP.ax

2011-04-15 10:31 . 2011-04-15 10:31 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2011-04-15 10:31 . 2011-04-15 10:31 204288 ----a-w- c:\windows\SysWow64\MSNP.ax

2011-04-15 10:31 . 2011-04-15 10:31 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

.

.

((((((((((((((((((((((((((((( SnapShot_2011-06-30_18.00.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2011-04-15 10:39 . 2011-06-30 17:46 3305 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2011-04-15 10:39 . 2011-06-30 19:47 3305 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2011-06-30 17:46 . 2011-06-30 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-30 19:48 . 2011-06-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-06-30 17:46 . 2011-06-30 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-30 19:48 . 2011-06-30 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2011-06-30 19:47 310952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-06-30 17:46 310952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-04-15 11:11 . 2011-06-30 17:46 1156584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-04-15 11:11 . 2011-06-30 19:47 1156584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-06-28 23:42 . 2011-06-30 19:47 2101920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2101646418-2903813283-1072909387-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-10 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-16 249672]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-12-03 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-28 c:\windows\Tasks\HPCeeScheduleForLOUIS-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\jj0fllzn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

.

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\SysWOW64\RunDll32.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2011-06-30 20:52:47 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-30 19:52

ComboFix2.txt 2011-06-30 18:01

ComboFix3.txt 2011-06-29 07:36

.

Pre-Run: 634,167,226,368 bytes free

Post-Run: 633,832,603,648 bytes free

.

- - End Of File - - 96FADAE8A4D4E3E8345F83D029B17AA3

Share this post


Link to post
Share on other sites
Brilliant news! No more problems yet, so fingers crossed all is okay with the log below! The runtime error didnt come up either.

Excellent! :D

Before we move on, let's run some online scans to make sure you're clean ;):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

-------

Please incldue the ESET and BitDefender reports in your next reply, and let me know of any issues you've encountered :).

Share this post


Link to post
Share on other sites

No Issues with this one ...

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Thu Jun 30 21:37:08 2011

Machine ID: F68E2F4B

No infection found.

-------------------

Processes

---------

Adobe Reader and Acrobat Manager 3856 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Bing Bar 1028 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe

ESET Online Scanner container 2812 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

Firefox 264 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HP On Screen Display 3668 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

HP Quick Launch 3572 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

HP Quick Launch 316 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

HP Quick Synchronization Service 1348 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

hpqwmiex Module 4500 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

Java Platform SE Auto Updater 2 0 3472 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

LightScribe 4092 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

LightScribe 2076 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

Malwarebytes' Anti-Malware 3124 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

Malwarebytes' Anti-Malware 3036 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Microsoft Application Virtualization 2536 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

Microsoft Application Virtualization 2384 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

Microsoft Office 2010 2096 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

Microsoft Search Client Server 3692 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

Microsoft Search Enhancement Pack 2124 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

Microsoft® Windows® Operating System 3948 C:\Windows\SysWOW64\rundll32.exe

OnlineCmdLineScanner.exe 1096 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

PictureMover Application 3780 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

Shared EasyBits services for Windows 1960 C:\Windows\SysWOW64\ezSharedSvcHost.exe

Simple Pass 2011 772 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

USB 3.0 Monitor 3852 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

Windows® Internet Explorer 1728 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 4024 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 4248 C:\Program Files (x86)\Internet Explorer\iexplore.exe

YCMMirag Application 4580 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

Network activity

----------------

Process OnlineCmdLineScanner.exe (1096) connected on port 80 (HTTP) --> 89.202.157.227

Process iexplore.exe (1728) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (1728) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (1728) connected on port 80 (HTTP) --> 209.85.147.138

Process iexplore.exe (1728) connected on port 80 (HTTP) --> 209.85.147.138

Autoruns and critical files

---------------------------

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe CS5.5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

Default Manager C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

EasyBits Magic Desktop C:\Windows\SysWOW64\ezUPBHook.dll

ezRecover.exe C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

HP On Screen Display C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

LightScribe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft® Windows® Operating System C:\Windows\system32\Bubbles.scr

PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

USB 3.0 Monitor C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Bing Bar C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Java Platform SE 6 U26 c:\program files (x86)\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

Microsoft Search Enhancement Pack C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll

NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

Simple Pass 2011 C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan

----

MD5: af9e721f0e9fccda88ddd566cb271df3 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: e1636f57581cab5d995fd54d2991ef57 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MD5: 328ef5d436fadded0d0d709a394a0c75 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

MD5: f8d349e18ab09b340231cd5689b7c6d3 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll

MD5: a206f9c6a80585f19873febe2546aed1 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll

MD5: fcbdcc6f1801e32244235608e1277752 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

MD5: d02f845ef350910b3424ad15bbb68e83 C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MD5: 9ab3620c0a97366e1565967bd78bf64c C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MD5: 7da4f72284d2c927927dfc0e12afab85 C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MD5: b4d97e9ace89400ee9b0c9e2fcc3f408 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\cvhshared.dll

MD5: 61a86809b62769643892bc0812b204aa C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

MD5: 74af1ffcafd60da88a386ae161f56438 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\en-us\cvhintl.dll

MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL

MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: b00f98ff6fe8682ff941beb2559bf191 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

MD5: 30d7bb258a97bda7c7e2ec63c23554aa C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

MD5: 10b7abf103e30e50e02f6c8d749eceb4 C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW_a.DLL

MD5: 36af5e8b91c2277ce16897e0936c6627 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx

MD5: b31e4518561429f1312e0ce643442add C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

MD5: af51d4fe088a3efa5303b36fffd0581b C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

MD5: 7a24ad37416b91e4b5e5b46bd25c075f C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

MD5: 4bc504f17b301603778898b2cb35dfb6 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

MD5: d59abed205f424bd4c52419479930be9 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

MD5: f630dd7564ebb7248a13b1cc774d9ea6 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\MSVCR100.dll

MD5: f81c07efa97303895294bf38f0038556 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

MD5: a15cca65211727809a64f7c235f0e370 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

MD5: c7eea27b5010bcb4b530b1408895506b C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll

MD5: 78148bbd0712e16c7243ae2e8350d4a3 C:\Program Files (x86)\HP SimplePass 2011\BioLayer.dll

MD5: 45706aa7f6a5f59cf00820e062cd2711 C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

MD5: 8eef00005472dfcef67bbe801b383c7e C:\Program Files (x86)\HP SimplePass 2011\TokenMachine.dll

MD5: 0dcef328bccd4e1622ea613f84bd3e54 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

MD5: 01e3c1d30ccfc4e485197754d3145c41 C:\Program Files (x86)\HP SimplePass 2011\TSLog.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: daab337efa9577364a245d3c6ca8d00c C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files (x86)\java\jre6\bin\jp2ssv.dll

MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 0b85e5d913d862e57abb4f9721b14d74 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll

MD5: f06ca6475b7a538db9dc3f7b896b97e4 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: 84271ba3b94323704f00730b7e6caeef C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: ec60491a5ff57700f10fe0403f7dcad4 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 3222919a8a452a05f8246f5bcb90b894 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll

MD5: cacff517e2afe06c690075d817c807ea C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTCORE.dll

MD5: 07516b0ff41e1bddd3f36d338f91b32f C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll

MD5: 71c8ead838c6c02d9f5b992055807959 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll

MD5: bfdb58616ff5ea540a5f58301d50641e C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

MD5: f4fb7d3106999a0038b10bafaa41e89b C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll

MD5: 1f7c43d53a5b581b54c6e25a812eda16 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll

MD5: 41e3bd420a82df16b3582ea611ca6725 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll

MD5: b94c3c4dca2093243c76ca218ede2a97 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

MD5: fe957e471958ce98456d98a6122c54d2 c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\agcore.dll

MD5: 7f86a3be3d020545fc5e9b6f8e09ac74 c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\coreclr.dll

MD5: 8006fc6a9a7c3168ef15dba842c3afc5 c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

MD5: c04b0bca15f30cf7d68e7733997ea90b c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlUI.dll

MD5: 5875b778b188fd9fc4b49c03da3cf4fc C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

MD5: 74282796a91d5a766d5ce82143813850 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll

MD5: 331e7bde228914574fc9ae6cd520dafa C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

MD5: c38cb686927b111a666124802d0fbab1 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\srchbxex.dll

MD5: 2a8da7e170010beae7aecdfdca10b626 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files (x86)\Mozilla Firefox\firefox.exe

MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll

MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files (x86)\Mozilla Firefox\MOZCPP19.dll

MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll

MD5: 1919d815996470088d20a59e992a9695 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll

MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files (x86)\Mozilla Firefox\nss3.dll

MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll

MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll

MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll

MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files (x86)\Mozilla Firefox\plc4.dll

MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files (x86)\Mozilla Firefox\plds4.dll

MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files (x86)\Mozilla Firefox\smime3.dll

MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files (x86)\Mozilla Firefox\xul.dll

MD5: a8cf4d0fc5ef2d5e4237b28bbb0966e6 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe

MD5: b55019778b8ba4c91f47bbda3f2cefe6 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

MD5: 6cf7d6119fc02fcc558866d1d5ccc182 C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\XmlLite.dll

MD5: 02a6a672d698a59ab41aa0698dfd2630 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

MD5: 1f36981c4deeaa88858317c1642ce160 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll

MD5: 9d51ea92a612b37e76e5e4621650c50a C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

MD5: ba72cfc2bf952da409a953e89d6fe2cd C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

MD5: c403c5db49a0f9aaf4f2128edc0106d8 C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

MD5: 6f0dab13529bcb7c0f8a3082a8b1cde9 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

MD5: c0b113f3bfb3b103226534790ea8c492 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

MD5: dd27f6c3de9bfe50635c721e09edc5dd C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

MD5: 3dc11a802353401332d49c3cbfbbe5fc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

MD5: c930128c8f8ff03d8f8c42b570920d56 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

MD5: 7c49a5e1943afda4672d80726af3bae4 C:\Program Files\IDT\WDM\STacSV64.exe

MD5: ad647cdd6b6a0994e1d08b22d6d6cf37 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

MD5: 99df79c258b3342b6c8a5f802998de56 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

MD5: 2859c35c0651e8eb0d86d48e740388f2 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

MD5: d5675fe7bc5192620038e6172e12a543 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MD5: 692f8648d7686d91e34a65ac698019d8 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

MD5: 17eeac7f9618463da6a8e4df636de636 C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll

MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

MD5: e874d39c2b3527e846bb2d8ce45001c8 C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 1d2fe5278be4f9d831fd1133a7cda49c C:\Users\Louis\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll

MD5: 963b31f21034ae68d206e2e6c2fec635 C:\Users\Louis\AppData\Roaming\PictureMover\Bin\Core.dll

MD5: 4fde2c97d16582125f35e17f8c5c823b C:\Users\Louis\AppData\Roaming\PictureMover\EN-GB\Presentation.dll

MD5: 353f64dd67eb26ae91397c183e8172ef C:\Windows\AppPatch\AcWow64.DLL

MD5: 23dc75d158d484177ffe99e23264f89f C:\Windows\Downloaded Program Files\qsax.dll

MD5: 47c071994c3f649f23d9cd075ac9304a C:\Windows\ehome\ehRecvr.exe

MD5: b99c33e313bfc07adec5a05a847af8fd C:\Windows\system32\aticfx32.dll

MD5: 85675eb6eb910baf92257d3e569fbedd C:\Windows\system32\atidxx32.dll

MD5: aed97c54311054e4b9d9cb0b4b2bb63b C:\Windows\system32\atiuxpag.dll

MD5: 3ebcb634281e023dbb7ba65707f565ba C:\Windows\system32\Bubbles.scr

MD5: 7c5567a00456f3a3a07800ebb3f351c4 C:\Windows\system32\d2d1.dll

MD5: c5f549970ac071ea452e58b6422c94fa C:\Windows\system32\d3d10_1.dll

MD5: 029e2a480ce2020df097e535a2311712 C:\Windows\system32\d3d10_1core.dll

MD5: 524408d5127f14b71e574d80f2f0924f C:\Windows\system32\D3D10Warp.dll

MD5: c0523fe101a30e3821604fe1ca1740d7 C:\Windows\system32\dwrite.dll

MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\explorerframe.dll

MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL

MD5: 9af36c3c48f82d95b5670d7c29923d8a C:\Windows\system32\IEFRAME.dll

MD5: 33de59ca6dc188029528033aee06d780 C:\Windows\system32\IEUI.dll

MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll

MD5: 3f63f95c998f7e1af409bc74e83d45e5 C:\Windows\system32\MSHTML.dll

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Windows\system32\MSVCR100.dll

MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll

MD5: 8d908f346eedd752005a32787a6dcafa C:\Windows\System32\StructuredQuery.dll

MD5: 4fb96aacf2f05c7357546becd7678863 C:\Windows\system32\webio.dll

MD5: 3fad263ce1e2a6fff40d00043b2275e3 C:\Windows\system32\winbio.dll

MD5: d892c77afa8afaba6f474a7da401bd7c C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll

MD5: ca793dcc1d5f619021ef1d37cc7a831e C:\Windows\SysWOW64\ezSharedSvcHost.exe

MD5: 63b85a580d21af9bc788fe69854fabd7 C:\Windows\SysWOW64\ezsvc7x.dll

MD5: f24fc0b2456186e35c51fef5fd55e853 C:\Windows\SysWOW64\ezUPBHook.dll

MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll

MD5: 9af36c3c48f82d95b5670d7c29923d8a c:\windows\syswow64\ieframe.dll

MD5: 733c7f11b06892f9dc283d4bb34abd25 C:\Windows\syswow64\iertutil.dll

MD5: c92f538f531f26f2e240a8b21420692a C:\Windows\SysWOW64\jscript9.dll

MD5: 9c54f2cc2301599d698399d7e49c7321 C:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx

MD5: 3f63f95c998f7e1af409bc74e83d45e5 C:\Windows\SysWOW64\mshtml.dll

MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\syswow64\ole32.dll

MD5: a07da8434b12b2cd0ad2994f05d1129e C:\Windows\syswow64\OLEAUT32.dll

MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\Windows\SysWOW64\schannel.dll

MD5: df6de2f5afb9fa1cfa02081ef9b3e7e8 C:\Windows\SysWOW64\urlmon.dll

MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll

MD5: a1236375b74ea63c75657d564890c436 C:\Windows\syswow64\WININET.dll

MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\Comctl32.dll

MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll

No file uploaded.

Scan finished - communication took 5 sec

Total traffic - 0.02 MB sent, 0.59 KB recvd

Scanned 423 files and modules - 16 seconds

==============================================================================

Share this post


Link to post
Share on other sites

Are you able to run the ESET scan as well :)?

Share this post


Link to post
Share on other sites

Found one here, but it deleted it

esets_scanner_update returned -1 esets_gle=36881

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=db783cc0ab7225498ad945eec2e6e82a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-30 09:38:17

# local_time=2011-06-30 10:38:17 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=1024 16777215 100 0 66492 66492 0 0

# compatibility_mode=1797 16774142 0 6 0 35298948 0 0

# compatibility_mode=5893 16776573 100 94 188508 61932982 0 0

# compatibility_mode=8192 67108863 100 0 2081 2081 0 0

# scanned=163386

# found=1

# cleaned=1

# scan_time=1965

C:\Users\Louis\Desktop\Louis\Director\Director MX\Keygen\keygen.exe probably a variant of Win32/Keygen.BH application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

Your logs look clean! ;)

Since your programs appear to be updated, I will provide you with some suggestions for security software, but first, ComboFix must be unistalled ;):

If there are any remaining issues or concerns, please let me know :)

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall AVG AntiVirus if you haven't already.

-------------

I see you have User Accounts Control (UAC) disabled.

This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.

I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites

Hi,

I have followed your advise, and got a new antivirus, firewall & spybot :)

Thank you so much, I cant thank you enough for your help, it is much appreciated. A big thankyou!

Kind Regards,

Louis

Share this post


Link to post
Share on other sites

You're welcome! :)

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.