espfrank
Members-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by espfrank
-
So far so good. If we are done what would be an appropriate donation. And should I enable the defogger thing?
-
ComboFix 11-02-23.05 - ESP 02/23/2011 15:53:32.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.720 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\ESP\Desktop\CFScript.txt * Created a new restore point . /wow section - STAGE 25 The system cannot find the path specified. grep: temp2401: No such file or directory @DO was unexpected at this time. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\66b0ba c:\documents and settings\All Users\Application Data\SITVVDHRP c:\documents and settings\All Users\Application Data\SITVVDHRP\SIYJXP.cfg c:\documents and settings\All Users\Application Data\Viewpoint c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini c:\powerprompter\PowerPrompter.exe . ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 19:22 . 2011-02-23 19:32 -------- d-----w- c:\documents and settings\ESP\Application Data\ntr 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 17:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll . Completion time: 2011-02-23 17:19:26 ComboFix-quarantined-files.txt 2011-02-23 23:19 ComboFix2.txt 2011-02-22 19:21 ComboFix3.txt 2011-02-22 17:28 ComboFix4.txt 2011-02-21 19:27 Pre-Run: 26,837,041,152 bytes free Post-Run: 26,841,956,352 bytes free - - End Of File - - 2C74ECC9D1166EE5C07927402BE2D533
-
I know be patient. Finally a log after 90 minutes ComboFix 11-02-21.02 - ESP 02/22/2011 11:42:05.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.997 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\ESP\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\UNWISE.EXE . ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))))) . 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP 2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\66b0ba ---- ---- Directory of c:\documents and settings\All Users\Application Data\SITVVDHRP ---- 2011-01-31 14:59 . 2011-01-31 21:18 43234 --sha-w- c:\documents and settings\All Users\Application Data\SITVVDHRP\SIYJXP.cfg ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-22 12:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll . Completion time: 2011-02-22 13:20:42 ComboFix-quarantined-files.txt 2011-02-22 19:20 ComboFix2.txt 2011-02-22 17:28 ComboFix3.txt 2011-02-21 19:27 Pre-Run: 26,933,710,848 bytes free Post-Run: 26,904,399,872 bytes free - - End Of File - - 69A23D799EF0BFB072457FDD5AA8BB96
-
Combo-fix has not done anything for 1 hour now. Should I re-boot?
-
Combo fix is now stuck on Preparing Log Report Do not run any programs until Combofix is finished. It has been on this for 20 minutes
-
Well it has just woken up and is preparing Log Report. - Once completed I will forward to you
-
Okay running combo-fix with script... It completed Stage_50 Deleting Files: C:\WINDOWS\system32\UNWISE.EXE Icons are missing from Desktop No action has happened for over 13 minutes. Hard Drive shows very little action.
-
This was done with running a new combo-fix (not dragging in script) ComboFix 11-02-21.02 - ESP 02/22/2011 11:17:12.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1044 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))))) . 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP 2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-22 11:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(19948) c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-02-22 11:28:37 ComboFix-quarantined-files.txt 2011-02-22 17:28 ComboFix2.txt 2011-02-21 19:27 Pre-Run: 26,935,959,552 bytes free Post-Run: 26,912,321,536 bytes free - - End Of File - - 0B75DEFCF5EF63C61332092493A88AE1
-
I've had to reboot computer at this point.
-
Welcome back, For some reason I was unable to turn off windows firewall before doing this. I tried running combo-fix with new script. It asked me to update Combo-fix. I did update. It started to run scan... it wanted me to install windows recovery. even though I did yesterday. I installed. Scan Started got error message bcmwltry Application failed to inialize properly 0xc0000142 I clicked ok Another error message came up for findste.exe I clicked ok combo-fix scan screen disappeared. Awaiting your commands Thanks
-
Combo-Fix Log ComboFix 11-02-16.01 - ESP 02/21/2011 12:49:26.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1059 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe FW: Smart Internet Protection 2011 *Enabled* {4EDF61D5-D7DA-4FA3-A96D-42F6B3B941CA} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Toolbar4 c:\documents and settings\ESP\Recent\ANTIGEN.exe c:\documents and settings\ESP\Recent\ANTIGEN.sys c:\documents and settings\ESP\Recent\cb.dll c:\documents and settings\ESP\Recent\cb.tmp c:\documents and settings\ESP\Recent\DBOLE.tmp c:\documents and settings\ESP\Recent\ddv.exe c:\documents and settings\ESP\Recent\ddv.sys c:\documents and settings\ESP\Recent\eb.dll c:\documents and settings\ESP\Recent\energy.tmp c:\documents and settings\ESP\Recent\exec.dll c:\documents and settings\ESP\Recent\fan.tmp c:\documents and settings\ESP\Recent\FS.tmp c:\documents and settings\ESP\Recent\kernel32.tmp c:\documents and settings\ESP\Recent\PE.exe c:\documents and settings\ESP\Recent\PE.sys c:\documents and settings\ESP\Recent\ppal.dll c:\documents and settings\ESP\Recent\ppal.tmp c:\documents and settings\ESP\Recent\SM.exe c:\documents and settings\ESP\Recent\tjd.dll c:\documents and settings\ESP\Recent\tjd.tmp C:\LOG13D.tmp C:\LOG13E.tmp C:\LOG26D.tmp c:\windows\system32\bszip.dll c:\windows\system32\gotomon.log c:\windows\system32\ijomehad.ini . ((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 ))))))))))))))))))))))))))))))) . 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP 2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 19:09 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Registry Cleaner Scheduler - e:\cleanmypc\Registry Cleaner\RCHelper.exe HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-Smart Internet Protection 2011 - c:\documents and settings\All Users\Application Data\66b0ba\SI66b_290.exe AddRemove-CleanMyPC - Registry Cleaner_is1 - e:\cleanmypc\Registry Cleaner\unins000.exe AddRemove-FxFoto - e:\fxfoto\FxViewer.exe AddRemove-TriscapeFxFoto - e:\fxfoto\FxViewer.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-21 13:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(8904) c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\bcmwltry.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Citrix\GoToMyPC\g2svc.exe c:\program files\Citrix\GoToMyPC\g2comm.exe c:\program files\Citrix\GoToMyPC\g2pre.exe c:\program files\Citrix\GoToMyPC\g2tray.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\windows\system32\rundll32.exe c:\program files\AOL 9.1\waol.exe c:\windows\system32\StacSV.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.BIN c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\fxssvc.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msdtc.exe c:\program files\Java\jre1.6.0_04\bin\jucheck.exe c:\program files\AOL 9.1\shellmon.exe . ************************************************************************** . Completion time: 2011-02-21 13:27:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-21 19:26 Pre-Run: 23,816,826,880 bytes free Post-Run: 26,938,040,320 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - A7CC3A69AA9E5EEF268C540BF8780194
-
When I try with combo-fix again. Should I drag the script in again or just run it? Also how do I close the AutoScan box?
-
Hi, Combo-fix appears to not be running... it is in Autoscan for over 20 minutes = however hard drive is not spinning. Screen says... "Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double." I dragged the CSScript file to Compbo-fix got message that Smart Internet Protection had to be removed - went ahead with at your own risk - thinking the script was meant to kill it It asked to download a program from Microsoft so I did so.... it started scan but not action now for 30 minutes. Allow though yesterday I disabled Malwarebytes - I think it may be active right now - don't know why - also the windows firewall is enabled right now. How should I proceed. This post is from second computer. I will not touch infected computer till I hear from you. Thanks
-
Good Morning... Ran Appremover, Clean Up - It did not find any programs. 02-22-11 DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 10:36:23.40 on Mon 02/21/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.995 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x] =============== Created Last 30 ================ 2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 10:36:48.32 ===============
-
-
ran AVG removal - here is latest DDS thanks DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 18:06:44.79 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1163 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x] =============== Created Last 30 ================ 2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 18:07:49.70 ===============
-
Hi, Tried running Combo-fix. Got error stating to remove AVG - Avg is not listed in my programs for removal. How should I proceed? Also when I was shutting off firewall - "Smart Internet Protection" is listed as running... This program showed up a couple of weeks ago. Thought Malwarebytes had removed it.... but there must be some lingering parts. I don't know how to remove this or shut off.
-
Here yeah go.... Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5822 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/20/2011 1:58:06 PM mbam-log-2011-02-20 (13-58-06).txt Scan type: Quick scan Objects scanned: 175869 Time elapsed: 10 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Latest DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 15:48:52.34 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.939 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] =============== Created Last 30 ================ 2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira 2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 15:49:50.70 ===============
-
Hello, Thanks for your help While I was filling this out got one of those "Congradulations your the lucky winner" pages - this is not the first time that this BS has been going on. 2011/02/20 10:48:34.0531 4512 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/20 10:48:34.0750 4512 ================================================================================ 2011/02/20 10:48:34.0750 4512 SystemInfo: 2011/02/20 10:48:34.0750 4512 2011/02/20 10:48:34.0750 4512 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/20 10:48:34.0750 4512 Product type: Workstation 2011/02/20 10:48:34.0750 4512 ComputerName: D531A 2011/02/20 10:48:34.0750 4512 UserName: ESP 2011/02/20 10:48:34.0750 4512 Windows directory: C:\WINDOWS 2011/02/20 10:48:34.0750 4512 System windows directory: C:\WINDOWS 2011/02/20 10:48:34.0750 4512 Processor architecture: Intel x86 2011/02/20 10:48:34.0750 4512 Number of processors: 2 2011/02/20 10:48:34.0750 4512 Page size: 0x1000 2011/02/20 10:48:34.0750 4512 Boot type: Normal boot 2011/02/20 10:48:34.0750 4512 ================================================================================ 2011/02/20 10:48:35.0031 4512 Initialize success 2011/02/20 10:48:50.0359 2464 ================================================================================ 2011/02/20 10:48:50.0359 2464 Scan started 2011/02/20 10:48:50.0359 2464 Mode: Manual; 2011/02/20 10:48:50.0359 2464 ================================================================================ 2011/02/20 10:48:50.0640 2464 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/02/20 10:48:50.0687 2464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/20 10:48:50.0765 2464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/20 10:48:50.0796 2464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/20 10:48:50.0843 2464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/20 10:48:50.0890 2464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/20 10:48:50.0937 2464 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/20 10:48:50.0984 2464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/20 10:48:51.0000 2464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/20 10:48:51.0015 2464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/20 10:48:51.0046 2464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/20 10:48:51.0078 2464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/20 10:48:51.0125 2464 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2011/02/20 10:48:51.0140 2464 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2011/02/20 10:48:51.0171 2464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/20 10:48:51.0218 2464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/20 10:48:51.0234 2464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/20 10:48:51.0265 2464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/20 10:48:51.0328 2464 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/02/20 10:48:51.0359 2464 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/02/20 10:48:51.0406 2464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/20 10:48:51.0437 2464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/20 10:48:51.0453 2464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/20 10:48:51.0484 2464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/20 10:48:51.0546 2464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/20 10:48:51.0578 2464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/20 10:48:51.0703 2464 ati2mtag (4f1d98c5faa232d89f479aa2f6ef4196) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/02/20 10:48:51.0781 2464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/20 10:48:51.0812 2464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/20 10:48:51.0843 2464 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/02/20 10:48:51.0937 2464 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/02/20 10:48:51.0984 2464 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/02/20 10:48:52.0015 2464 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/02/20 10:48:52.0062 2464 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/20 10:48:52.0125 2464 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 2011/02/20 10:48:52.0203 2464 bcm (abadc13ec1ecee9301b5190bfd84d8f1) C:\WINDOWS\system32\DRIVERS\drxvi314.sys 2011/02/20 10:48:52.0265 2464 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/02/20 10:48:52.0296 2464 bcmbusctr (1388d943da2692f8f76b9a8b48be3932) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys 2011/02/20 10:48:52.0328 2464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/20 10:48:52.0406 2464 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys 2011/02/20 10:48:52.0437 2464 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/02/20 10:48:52.0500 2464 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/02/20 10:48:52.0531 2464 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/02/20 10:48:52.0578 2464 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/02/20 10:48:52.0609 2464 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/02/20 10:48:52.0687 2464 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2011/02/20 10:48:52.0734 2464 BTSERIAL (af3cc52fc040a402a6ad07ac1bd4fe76) C:\WINDOWS\system32\drivers\btserial.sys 2011/02/20 10:48:52.0765 2464 BTSLBCSP (e233ae94f1b66ddbfbca9566d0f7fdba) C:\WINDOWS\system32\drivers\btslbcsp.sys 2011/02/20 10:48:52.0828 2464 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/02/20 10:48:52.0859 2464 btwhid (0d8faae0fc0515b6f3b6884b1592de8d) C:\WINDOWS\system32\DRIVERS\btwhid.sys 2011/02/20 10:48:52.0921 2464 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/02/20 10:48:52.0953 2464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/20 10:48:52.0968 2464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/20 10:48:53.0015 2464 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/20 10:48:53.0046 2464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/20 10:48:53.0062 2464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/20 10:48:53.0109 2464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/20 10:48:53.0156 2464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/20 10:48:53.0250 2464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/02/20 10:48:53.0265 2464 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/20 10:48:53.0312 2464 cm_net (8be938fe04e3a9d091f379c1d5f4b873) C:\WINDOWS\system32\DRIVERS\cm_net.sys 2011/02/20 10:48:53.0359 2464 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\WINDOWS\system32\DRIVERS\cm_ser.sys 2011/02/20 10:48:53.0390 2464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/02/20 10:48:53.0437 2464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/20 10:48:53.0468 2464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/20 10:48:53.0500 2464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/20 10:48:53.0531 2464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/20 10:48:53.0593 2464 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/02/20 10:48:53.0609 2464 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/02/20 10:48:53.0671 2464 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/02/20 10:48:53.0687 2464 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/02/20 10:48:53.0718 2464 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/02/20 10:48:53.0734 2464 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/02/20 10:48:53.0765 2464 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/02/20 10:48:53.0796 2464 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/02/20 10:48:53.0843 2464 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/02/20 10:48:53.0875 2464 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/02/20 10:48:53.0937 2464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/20 10:48:53.0968 2464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/20 10:48:54.0000 2464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/20 10:48:54.0031 2464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/20 10:48:54.0109 2464 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2011/02/20 10:48:54.0140 2464 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2011/02/20 10:48:54.0171 2464 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys 2011/02/20 10:48:54.0203 2464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/20 10:48:54.0250 2464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/20 10:48:54.0281 2464 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/02/20 10:48:54.0328 2464 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/02/20 10:48:54.0375 2464 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 2011/02/20 10:48:54.0390 2464 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/20 10:48:54.0437 2464 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys 2011/02/20 10:48:54.0484 2464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/20 10:48:54.0531 2464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/20 10:48:54.0562 2464 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS 2011/02/20 10:48:54.0609 2464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/20 10:48:54.0671 2464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/20 10:48:54.0703 2464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/20 10:48:54.0734 2464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/20 10:48:54.0796 2464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/20 10:48:54.0828 2464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/02/20 10:48:54.0875 2464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/20 10:48:54.0921 2464 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2011/02/20 10:48:54.0968 2464 havabus (47004d039aa229b6a2821165c06083ce) C:\WINDOWS\system32\DRIVERS\havabus.sys 2011/02/20 10:48:55.0000 2464 havanet (7778ffb3c7232c274d72c16493607cbd) C:\WINDOWS\system32\DRIVERS\havanet.sys 2011/02/20 10:48:55.0031 2464 HAVATV (5f93bcc70790f3e029a2591e94b4ef8e) C:\WINDOWS\system32\DRIVERS\HAVATV.sys 2011/02/20 10:48:55.0062 2464 HavaTV_10 (5f93bcc70790f3e029a2591e94b4ef8e) C:\WINDOWS\system32\DRIVERS\HavaTV_10.sys 2011/02/20 10:48:55.0109 2464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/20 10:48:55.0140 2464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/20 10:48:55.0187 2464 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys 2011/02/20 10:48:55.0250 2464 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\WINDOWS\system32\drivers\hpfxfax.sys 2011/02/20 10:48:55.0296 2464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/20 10:48:55.0375 2464 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/20 10:48:55.0453 2464 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/02/20 10:48:55.0500 2464 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/02/20 10:48:55.0546 2464 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/20 10:48:55.0562 2464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/20 10:48:55.0609 2464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/20 10:48:55.0640 2464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/20 10:48:55.0671 2464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/20 10:48:55.0718 2464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/20 10:48:55.0781 2464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/20 10:48:55.0812 2464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/20 10:48:55.0843 2464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/20 10:48:55.0890 2464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/20 10:48:55.0937 2464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/20 10:48:55.0968 2464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/20 10:48:56.0000 2464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/20 10:48:56.0031 2464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/20 10:48:56.0062 2464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/20 10:48:56.0093 2464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/20 10:48:56.0125 2464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/20 10:48:56.0171 2464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/20 10:48:56.0218 2464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/20 10:48:56.0328 2464 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys 2011/02/20 10:48:56.0359 2464 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/02/20 10:48:56.0421 2464 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/02/20 10:48:56.0468 2464 MLPTDR_B (124aaf5d2a58e00c05019b0fb77c0966) C:\WINDOWS\system32\MLPTDR_B.SYS 2011/02/20 10:48:56.0578 2464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/20 10:48:56.0625 2464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/20 10:48:56.0671 2464 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2011/02/20 10:48:56.0718 2464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/20 10:48:56.0765 2464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/20 10:48:56.0796 2464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/20 10:48:56.0843 2464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/20 10:48:56.0875 2464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/20 10:48:56.0937 2464 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/20 10:48:56.0984 2464 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/02/20 10:48:57.0031 2464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/20 10:48:57.0078 2464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/20 10:48:57.0093 2464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/20 10:48:57.0125 2464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/20 10:48:57.0156 2464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/20 10:48:57.0187 2464 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/20 10:48:57.0218 2464 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/20 10:48:57.0265 2464 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/20 10:48:57.0296 2464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/20 10:48:57.0328 2464 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/20 10:48:57.0359 2464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/20 10:48:57.0406 2464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/20 10:48:57.0421 2464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/20 10:48:57.0484 2464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/20 10:48:57.0500 2464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/20 10:48:57.0531 2464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/20 10:48:57.0593 2464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/20 10:48:57.0640 2464 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys 2011/02/20 10:48:57.0671 2464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/20 10:48:57.0750 2464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/20 10:48:57.0796 2464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/20 10:48:57.0875 2464 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/20 10:48:58.0000 2464 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 2011/02/20 10:48:58.0031 2464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/20 10:48:58.0046 2464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/20 10:48:58.0109 2464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/20 10:48:58.0140 2464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/20 10:48:58.0156 2464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/20 10:48:58.0218 2464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/20 10:48:58.0265 2464 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 2011/02/20 10:48:58.0296 2464 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys 2011/02/20 10:48:58.0328 2464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/20 10:48:58.0375 2464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/20 10:48:58.0390 2464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/02/20 10:48:58.0421 2464 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS 2011/02/20 10:48:58.0531 2464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/20 10:48:58.0562 2464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/20 10:48:58.0656 2464 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys 2011/02/20 10:48:58.0718 2464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/20 10:48:58.0750 2464 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/02/20 10:48:58.0781 2464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/20 10:48:58.0812 2464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/20 10:48:58.0843 2464 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/20 10:48:59.0140 2464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/20 10:48:59.0156 2464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/20 10:48:59.0203 2464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/20 10:48:59.0234 2464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/20 10:48:59.0250 2464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/20 10:48:59.0281 2464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/20 10:48:59.0343 2464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/20 10:48:59.0359 2464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/20 10:48:59.0390 2464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/20 10:48:59.0421 2464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/20 10:48:59.0437 2464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/20 10:48:59.0484 2464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/20 10:48:59.0531 2464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/20 10:48:59.0593 2464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/20 10:48:59.0640 2464 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/02/20 10:48:59.0703 2464 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys 2011/02/20 10:48:59.0734 2464 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/02/20 10:48:59.0765 2464 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/02/20 10:48:59.0890 2464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/20 10:48:59.0953 2464 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 2011/02/20 10:49:00.0000 2464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/20 10:49:00.0031 2464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/20 10:49:00.0062 2464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/20 10:49:00.0156 2464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/20 10:49:00.0203 2464 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/20 10:49:00.0234 2464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/20 10:49:00.0281 2464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/20 10:49:00.0328 2464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/20 10:49:00.0406 2464 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/20 10:49:00.0453 2464 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/02/20 10:49:00.0531 2464 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/02/20 10:49:00.0593 2464 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/20 10:49:00.0625 2464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/20 10:49:00.0671 2464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/20 10:49:00.0703 2464 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys 2011/02/20 10:49:00.0750 2464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/20 10:49:00.0796 2464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/20 10:49:00.0828 2464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/20 10:49:00.0843 2464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/20 10:49:00.0890 2464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/20 10:49:00.0937 2464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/20 10:49:00.0984 2464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/20 10:49:01.0046 2464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/20 10:49:01.0109 2464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/20 10:49:01.0140 2464 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/20 10:49:01.0187 2464 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS 2011/02/20 10:49:01.0234 2464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/20 10:49:01.0296 2464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/20 10:49:01.0375 2464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/20 10:49:01.0406 2464 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/20 10:49:01.0437 2464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/20 10:49:01.0468 2464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/20 10:49:01.0515 2464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/20 10:49:01.0531 2464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/02/20 10:49:01.0578 2464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/20 10:49:01.0625 2464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/20 10:49:01.0640 2464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/20 10:49:01.0703 2464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/20 10:49:01.0750 2464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/20 10:49:01.0796 2464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/20 10:49:01.0828 2464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/20 10:49:01.0875 2464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/20 10:49:01.0921 2464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/20 10:49:01.0953 2464 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/02/20 10:49:01.0984 2464 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 2011/02/20 10:49:02.0031 2464 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 2011/02/20 10:49:02.0078 2464 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/20 10:49:02.0140 2464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/20 10:49:02.0203 2464 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/02/20 10:49:02.0281 2464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/02/20 10:49:02.0328 2464 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/02/20 10:49:02.0359 2464 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/20 10:49:02.0406 2464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/20 10:49:02.0437 2464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/20 10:49:02.0625 2464 ================================================================================ 2011/02/20 10:49:02.0625 2464 Scan finished 2011/02/20 10:49:02.0625 2464 ================================================================================ DDS.txt contents DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 10:51:37.57 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1141 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] =============== Created Last 30 ================ 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira 2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 10:52:52.93 ===============
-
Malwarebytes log 07:12:29 ESP MESSAGE Scheduled update executed successfully 07:12:29 ESP MESSAGE IP Protection stopped 07:12:38 ESP MESSAGE Database updated successfully 07:12:42 ESP MESSAGE IP Protection started successfully 16:50:00 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:50:03 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:50:09 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:56:49 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:56:52 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:56:58 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) DDS.txt DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 11:48:43.33 on Fri 02/18/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1128 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\AOL 9.1\waol.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] =============== Created Last 30 ================ 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira 2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 23:19:49 -------- d-----w- c:\docume~1\esp\locals~1\applic~1\AskToolbar 2011-01-31 21:57:28 -------- d-----w- c:\program files\Ask.com 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 11:49:59.37 =============== Attach.zip