espfrank

Members

View Profile See their activity

Posts
20
Joined
February 19, 2011
Last visited
March 7, 2011

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by espfrank

Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

So far so good. If we are done what would be an appropriate donation. And should I enable the defogger thing?
- February 25, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

ComboFix 11-02-23.05 - ESP 02/23/2011 15:53:32.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.720 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\ESP\Desktop\CFScript.txt * Created a new restore point . /wow section - STAGE 25 The system cannot find the path specified. grep: temp2401: No such file or directory @DO was unexpected at this time. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\66b0ba c:\documents and settings\All Users\Application Data\SITVVDHRP c:\documents and settings\All Users\Application Data\SITVVDHRP\SIYJXP.cfg c:\documents and settings\All Users\Application Data\Viewpoint c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini c:\powerprompter\PowerPrompter.exe . ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 19:22 . 2011-02-23 19:32 -------- d-----w- c:\documents and settings\ESP\Application Data\ntr 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 17:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll . Completion time: 2011-02-23 17:19:26 ComboFix-quarantined-files.txt 2011-02-23 23:19 ComboFix2.txt 2011-02-22 19:21 ComboFix3.txt 2011-02-22 17:28 ComboFix4.txt 2011-02-21 19:27 Pre-Run: 26,837,041,152 bytes free Post-Run: 26,841,956,352 bytes free - - End Of File - - 2C74ECC9D1166EE5C07927402BE2D533
- February 23, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

I know be patient. Finally a log after 90 minutes ComboFix 11-02-21.02 - ESP 02/22/2011 11:42:05.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.997 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\ESP\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\UNWISE.EXE . ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))))) . 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP 2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\66b0ba ---- ---- Directory of c:\documents and settings\All Users\Application Data\SITVVDHRP ---- 2011-01-31 14:59 . 2011-01-31 21:18 43234 --sha-w- c:\documents and settings\All Users\Application Data\SITVVDHRP\SIYJXP.cfg ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-22 12:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll . Completion time: 2011-02-22 13:20:42 ComboFix-quarantined-files.txt 2011-02-22 19:20 ComboFix2.txt 2011-02-22 17:28 ComboFix3.txt 2011-02-21 19:27 Pre-Run: 26,933,710,848 bytes free Post-Run: 26,904,399,872 bytes free - - End Of File - - 69A23D799EF0BFB072457FDD5AA8BB96
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Combo-fix has not done anything for 1 hour now. Should I re-boot?
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Combo fix is now stuck on Preparing Log Report Do not run any programs until Combofix is finished. It has been on this for 20 minutes
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Well it has just woken up and is preparing Log Report. - Once completed I will forward to you
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Okay running combo-fix with script... It completed Stage_50 Deleting Files: C:\WINDOWS\system32\UNWISE.EXE Icons are missing from Desktop No action has happened for over 13 minutes. Hard Drive shows very little action.
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

This was done with running a new combo-fix (not dragging in script) ComboFix 11-02-21.02 - ESP 02/22/2011 11:17:12.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1044 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))))) . 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP 2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-22 11:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(19948) c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-02-22 11:28:37 ComboFix-quarantined-files.txt 2011-02-22 17:28 ComboFix2.txt 2011-02-21 19:27 Pre-Run: 26,935,959,552 bytes free Post-Run: 26,912,321,536 bytes free - - End Of File - - 0B75DEFCF5EF63C61332092493A88AE1
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

I've had to reboot computer at this point.
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Welcome back, For some reason I was unable to turn off windows firewall before doing this. I tried running combo-fix with new script. It asked me to update Combo-fix. I did update. It started to run scan... it wanted me to install windows recovery. even though I did yesterday. I installed. Scan Started got error message bcmwltry Application failed to inialize properly 0xc0000142 I clicked ok Another error message came up for findste.exe I clicked ok combo-fix scan screen disappeared. Awaiting your commands Thanks
- February 22, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Combo-Fix Log ComboFix 11-02-16.01 - ESP 02/21/2011 12:49:26.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1059 [GMT -6:00] Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe FW: Smart Internet Protection 2011 *Enabled* {4EDF61D5-D7DA-4FA3-A96D-42F6B3B941CA} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Toolbar4 c:\documents and settings\ESP\Recent\ANTIGEN.exe c:\documents and settings\ESP\Recent\ANTIGEN.sys c:\documents and settings\ESP\Recent\cb.dll c:\documents and settings\ESP\Recent\cb.tmp c:\documents and settings\ESP\Recent\DBOLE.tmp c:\documents and settings\ESP\Recent\ddv.exe c:\documents and settings\ESP\Recent\ddv.sys c:\documents and settings\ESP\Recent\eb.dll c:\documents and settings\ESP\Recent\energy.tmp c:\documents and settings\ESP\Recent\exec.dll c:\documents and settings\ESP\Recent\fan.tmp c:\documents and settings\ESP\Recent\FS.tmp c:\documents and settings\ESP\Recent\kernel32.tmp c:\documents and settings\ESP\Recent\PE.exe c:\documents and settings\ESP\Recent\PE.sys c:\documents and settings\ESP\Recent\ppal.dll c:\documents and settings\ESP\Recent\ppal.tmp c:\documents and settings\ESP\Recent\SM.exe c:\documents and settings\ESP\Recent\tjd.dll c:\documents and settings\ESP\Recent\tjd.tmp C:\LOG13D.tmp C:\LOG13E.tmp C:\LOG26D.tmp c:\windows\system32\bszip.dll c:\windows\system32\gotomon.log c:\windows\system32\ijomehad.ini . ((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 ))))))))))))))))))))))))))))))) . 2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro 2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit 2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE 2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache 2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache 2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator 2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP 2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 19:09 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat 2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] c:\documents and settings\ESP\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG] 2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] 2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"= "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"= "c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1778:UDP"= 1778:UDP:HAVA Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] 2011-02-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40] 2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] 2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job - c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Registry Cleaner Scheduler - e:\cleanmypc\Registry Cleaner\RCHelper.exe HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-Smart Internet Protection 2011 - c:\documents and settings\All Users\Application Data\66b0ba\SI66b_290.exe AddRemove-CleanMyPC - Registry Cleaner_is1 - e:\cleanmypc\Registry Cleaner\unins000.exe AddRemove-FxFoto - e:\fxfoto\FxViewer.exe AddRemove-TriscapeFxFoto - e:\fxfoto\FxViewer.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-21 13:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll c:\program files\Citrix\GoToMyPC\G2WinLogon.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(8904) c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\bcmwltry.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Citrix\GoToMyPC\g2svc.exe c:\program files\Citrix\GoToMyPC\g2comm.exe c:\program files\Citrix\GoToMyPC\g2pre.exe c:\program files\Citrix\GoToMyPC\g2tray.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\windows\system32\rundll32.exe c:\program files\AOL 9.1\waol.exe c:\windows\system32\StacSV.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.BIN c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\fxssvc.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msdtc.exe c:\program files\Java\jre1.6.0_04\bin\jucheck.exe c:\program files\AOL 9.1\shellmon.exe . ************************************************************************** . Completion time: 2011-02-21 13:27:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-21 19:26 Pre-Run: 23,816,826,880 bytes free Post-Run: 26,938,040,320 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - A7CC3A69AA9E5EEF268C540BF8780194
- February 21, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

When I try with combo-fix again. Should I drag the script in again or just run it? Also how do I close the AutoScan box?
- February 21, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Hi, Combo-fix appears to not be running... it is in Autoscan for over 20 minutes = however hard drive is not spinning. Screen says... "Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double." I dragged the CSScript file to Compbo-fix got message that Smart Internet Protection had to be removed - went ahead with at your own risk - thinking the script was meant to kill it It asked to download a program from Microsoft so I did so.... it started scan but not action now for 30 minutes. Allow though yesterday I disabled Malwarebytes - I think it may be active right now - don't know why - also the windows firewall is enabled right now. How should I proceed. This post is from second computer. I will not touch infected computer till I hear from you. Thanks
- February 21, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Good Morning... Ran Appremover, Clean Up - It did not find any programs. 02-22-11 DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 10:36:23.40 on Mon 02/21/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.995 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x] =============== Created Last 30 ================ 2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 10:36:48.32 ===============
- February 21, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs
- February 21, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

ran AVG removal - here is latest DDS thanks DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 18:06:44.79 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1163 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x] =============== Created Last 30 ================ 2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream 2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 18:07:49.70 ===============
- February 21, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Hi, Tried running Combo-fix. Got error stating to remove AVG - Avg is not listed in my programs for removal. How should I proceed? Also when I was shutting off firewall - "Smart Internet Protection" is listed as running... This program showed up a couple of weeks ago. Thought Malwarebytes had removed it.... but there must be some lingering parts. I don't know how to remove this or shut off.
- February 20, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Here yeah go.... Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5822 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/20/2011 1:58:06 PM mbam-log-2011-02-20 (13-58-06).txt Scan type: Quick scan Objects scanned: 175869 Time elapsed: 10 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Latest DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 15:48:52.34 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.939 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] =============== Created Last 30 ================ 2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira 2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 15:49:50.70 ===============
- February 20, 2011
- 35 replies
Bad search re-directs

espfrank replied to espfrank's topic in Resolved Malware Removal Logs

Hello, Thanks for your help While I was filling this out got one of those "Congradulations your the lucky winner" pages - this is not the first time that this BS has been going on. 2011/02/20 10:48:34.0531 4512 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/20 10:48:34.0750 4512 ================================================================================ 2011/02/20 10:48:34.0750 4512 SystemInfo: 2011/02/20 10:48:34.0750 4512 2011/02/20 10:48:34.0750 4512 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/20 10:48:34.0750 4512 Product type: Workstation 2011/02/20 10:48:34.0750 4512 ComputerName: D531A 2011/02/20 10:48:34.0750 4512 UserName: ESP 2011/02/20 10:48:34.0750 4512 Windows directory: C:\WINDOWS 2011/02/20 10:48:34.0750 4512 System windows directory: C:\WINDOWS 2011/02/20 10:48:34.0750 4512 Processor architecture: Intel x86 2011/02/20 10:48:34.0750 4512 Number of processors: 2 2011/02/20 10:48:34.0750 4512 Page size: 0x1000 2011/02/20 10:48:34.0750 4512 Boot type: Normal boot 2011/02/20 10:48:34.0750 4512 ================================================================================ 2011/02/20 10:48:35.0031 4512 Initialize success 2011/02/20 10:48:50.0359 2464 ================================================================================ 2011/02/20 10:48:50.0359 2464 Scan started 2011/02/20 10:48:50.0359 2464 Mode: Manual; 2011/02/20 10:48:50.0359 2464 ================================================================================ 2011/02/20 10:48:50.0640 2464 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/02/20 10:48:50.0687 2464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/20 10:48:50.0765 2464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/20 10:48:50.0796 2464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/20 10:48:50.0843 2464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/20 10:48:50.0890 2464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/20 10:48:50.0937 2464 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/20 10:48:50.0984 2464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/20 10:48:51.0000 2464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/20 10:48:51.0015 2464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/20 10:48:51.0046 2464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/20 10:48:51.0078 2464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/20 10:48:51.0125 2464 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2011/02/20 10:48:51.0140 2464 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2011/02/20 10:48:51.0171 2464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/20 10:48:51.0218 2464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/20 10:48:51.0234 2464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/20 10:48:51.0265 2464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/20 10:48:51.0328 2464 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/02/20 10:48:51.0359 2464 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/02/20 10:48:51.0406 2464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/20 10:48:51.0437 2464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/20 10:48:51.0453 2464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/20 10:48:51.0484 2464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/20 10:48:51.0546 2464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/20 10:48:51.0578 2464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/20 10:48:51.0703 2464 ati2mtag (4f1d98c5faa232d89f479aa2f6ef4196) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/02/20 10:48:51.0781 2464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/20 10:48:51.0812 2464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/20 10:48:51.0843 2464 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/02/20 10:48:51.0937 2464 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/02/20 10:48:51.0984 2464 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/02/20 10:48:52.0015 2464 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/02/20 10:48:52.0062 2464 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/20 10:48:52.0125 2464 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 2011/02/20 10:48:52.0203 2464 bcm (abadc13ec1ecee9301b5190bfd84d8f1) C:\WINDOWS\system32\DRIVERS\drxvi314.sys 2011/02/20 10:48:52.0265 2464 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/02/20 10:48:52.0296 2464 bcmbusctr (1388d943da2692f8f76b9a8b48be3932) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys 2011/02/20 10:48:52.0328 2464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/20 10:48:52.0406 2464 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys 2011/02/20 10:48:52.0437 2464 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/02/20 10:48:52.0500 2464 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/02/20 10:48:52.0531 2464 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/02/20 10:48:52.0578 2464 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/02/20 10:48:52.0609 2464 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/02/20 10:48:52.0687 2464 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2011/02/20 10:48:52.0734 2464 BTSERIAL (af3cc52fc040a402a6ad07ac1bd4fe76) C:\WINDOWS\system32\drivers\btserial.sys 2011/02/20 10:48:52.0765 2464 BTSLBCSP (e233ae94f1b66ddbfbca9566d0f7fdba) C:\WINDOWS\system32\drivers\btslbcsp.sys 2011/02/20 10:48:52.0828 2464 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/02/20 10:48:52.0859 2464 btwhid (0d8faae0fc0515b6f3b6884b1592de8d) C:\WINDOWS\system32\DRIVERS\btwhid.sys 2011/02/20 10:48:52.0921 2464 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/02/20 10:48:52.0953 2464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/20 10:48:52.0968 2464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/20 10:48:53.0015 2464 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/20 10:48:53.0046 2464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/20 10:48:53.0062 2464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/20 10:48:53.0109 2464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/20 10:48:53.0156 2464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/20 10:48:53.0250 2464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/02/20 10:48:53.0265 2464 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/20 10:48:53.0312 2464 cm_net (8be938fe04e3a9d091f379c1d5f4b873) C:\WINDOWS\system32\DRIVERS\cm_net.sys 2011/02/20 10:48:53.0359 2464 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\WINDOWS\system32\DRIVERS\cm_ser.sys 2011/02/20 10:48:53.0390 2464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/02/20 10:48:53.0437 2464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/20 10:48:53.0468 2464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/20 10:48:53.0500 2464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/20 10:48:53.0531 2464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/20 10:48:53.0593 2464 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/02/20 10:48:53.0609 2464 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/02/20 10:48:53.0671 2464 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/02/20 10:48:53.0687 2464 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/02/20 10:48:53.0718 2464 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/02/20 10:48:53.0734 2464 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/02/20 10:48:53.0765 2464 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/02/20 10:48:53.0796 2464 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/02/20 10:48:53.0843 2464 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/02/20 10:48:53.0875 2464 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/02/20 10:48:53.0937 2464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/20 10:48:53.0968 2464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/20 10:48:54.0000 2464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/20 10:48:54.0031 2464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/20 10:48:54.0109 2464 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2011/02/20 10:48:54.0140 2464 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2011/02/20 10:48:54.0171 2464 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys 2011/02/20 10:48:54.0203 2464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/20 10:48:54.0250 2464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/20 10:48:54.0281 2464 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/02/20 10:48:54.0328 2464 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/02/20 10:48:54.0375 2464 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 2011/02/20 10:48:54.0390 2464 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/20 10:48:54.0437 2464 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys 2011/02/20 10:48:54.0484 2464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/20 10:48:54.0531 2464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/20 10:48:54.0562 2464 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS 2011/02/20 10:48:54.0609 2464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/20 10:48:54.0671 2464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/20 10:48:54.0703 2464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/20 10:48:54.0734 2464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/20 10:48:54.0796 2464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/20 10:48:54.0828 2464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/02/20 10:48:54.0875 2464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/20 10:48:54.0921 2464 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2011/02/20 10:48:54.0968 2464 havabus (47004d039aa229b6a2821165c06083ce) C:\WINDOWS\system32\DRIVERS\havabus.sys 2011/02/20 10:48:55.0000 2464 havanet (7778ffb3c7232c274d72c16493607cbd) C:\WINDOWS\system32\DRIVERS\havanet.sys 2011/02/20 10:48:55.0031 2464 HAVATV (5f93bcc70790f3e029a2591e94b4ef8e) C:\WINDOWS\system32\DRIVERS\HAVATV.sys 2011/02/20 10:48:55.0062 2464 HavaTV_10 (5f93bcc70790f3e029a2591e94b4ef8e) C:\WINDOWS\system32\DRIVERS\HavaTV_10.sys 2011/02/20 10:48:55.0109 2464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/20 10:48:55.0140 2464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/20 10:48:55.0187 2464 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys 2011/02/20 10:48:55.0250 2464 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\WINDOWS\system32\drivers\hpfxfax.sys 2011/02/20 10:48:55.0296 2464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/20 10:48:55.0375 2464 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/20 10:48:55.0453 2464 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/02/20 10:48:55.0500 2464 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/02/20 10:48:55.0546 2464 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/20 10:48:55.0562 2464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/20 10:48:55.0609 2464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/20 10:48:55.0640 2464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/20 10:48:55.0671 2464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/20 10:48:55.0718 2464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/20 10:48:55.0781 2464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/20 10:48:55.0812 2464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/20 10:48:55.0843 2464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/20 10:48:55.0890 2464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/20 10:48:55.0937 2464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/20 10:48:55.0968 2464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/20 10:48:56.0000 2464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/20 10:48:56.0031 2464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/20 10:48:56.0062 2464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/20 10:48:56.0093 2464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/20 10:48:56.0125 2464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/20 10:48:56.0171 2464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/20 10:48:56.0218 2464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/20 10:48:56.0328 2464 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys 2011/02/20 10:48:56.0359 2464 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/02/20 10:48:56.0421 2464 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/02/20 10:48:56.0468 2464 MLPTDR_B (124aaf5d2a58e00c05019b0fb77c0966) C:\WINDOWS\system32\MLPTDR_B.SYS 2011/02/20 10:48:56.0578 2464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/20 10:48:56.0625 2464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/20 10:48:56.0671 2464 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2011/02/20 10:48:56.0718 2464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/20 10:48:56.0765 2464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/20 10:48:56.0796 2464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/20 10:48:56.0843 2464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/20 10:48:56.0875 2464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/20 10:48:56.0937 2464 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/20 10:48:56.0984 2464 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/02/20 10:48:57.0031 2464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/20 10:48:57.0078 2464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/20 10:48:57.0093 2464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/20 10:48:57.0125 2464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/20 10:48:57.0156 2464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/20 10:48:57.0187 2464 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/20 10:48:57.0218 2464 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/20 10:48:57.0265 2464 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/20 10:48:57.0296 2464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/20 10:48:57.0328 2464 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/20 10:48:57.0359 2464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/20 10:48:57.0406 2464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/20 10:48:57.0421 2464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/20 10:48:57.0484 2464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/20 10:48:57.0500 2464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/20 10:48:57.0531 2464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/20 10:48:57.0593 2464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/20 10:48:57.0640 2464 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys 2011/02/20 10:48:57.0671 2464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/20 10:48:57.0750 2464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/20 10:48:57.0796 2464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/20 10:48:57.0875 2464 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/20 10:48:58.0000 2464 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 2011/02/20 10:48:58.0031 2464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/20 10:48:58.0046 2464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/20 10:48:58.0109 2464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/20 10:48:58.0140 2464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/20 10:48:58.0156 2464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/20 10:48:58.0218 2464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/20 10:48:58.0265 2464 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 2011/02/20 10:48:58.0296 2464 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys 2011/02/20 10:48:58.0328 2464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/20 10:48:58.0375 2464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/20 10:48:58.0390 2464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/02/20 10:48:58.0421 2464 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS 2011/02/20 10:48:58.0531 2464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/20 10:48:58.0562 2464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/20 10:48:58.0656 2464 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys 2011/02/20 10:48:58.0718 2464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/20 10:48:58.0750 2464 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/02/20 10:48:58.0781 2464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/20 10:48:58.0812 2464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/20 10:48:58.0843 2464 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/20 10:48:59.0140 2464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/20 10:48:59.0156 2464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/20 10:48:59.0203 2464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/20 10:48:59.0234 2464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/20 10:48:59.0250 2464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/20 10:48:59.0281 2464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/20 10:48:59.0343 2464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/20 10:48:59.0359 2464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/20 10:48:59.0390 2464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/20 10:48:59.0421 2464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/20 10:48:59.0437 2464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/20 10:48:59.0484 2464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/20 10:48:59.0531 2464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/20 10:48:59.0593 2464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/20 10:48:59.0640 2464 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/02/20 10:48:59.0703 2464 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys 2011/02/20 10:48:59.0734 2464 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/02/20 10:48:59.0765 2464 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/02/20 10:48:59.0890 2464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/20 10:48:59.0953 2464 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 2011/02/20 10:49:00.0000 2464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/20 10:49:00.0031 2464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/20 10:49:00.0062 2464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/20 10:49:00.0156 2464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/20 10:49:00.0203 2464 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/20 10:49:00.0234 2464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/20 10:49:00.0281 2464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/20 10:49:00.0328 2464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/20 10:49:00.0406 2464 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/20 10:49:00.0453 2464 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/02/20 10:49:00.0531 2464 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/02/20 10:49:00.0593 2464 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/20 10:49:00.0625 2464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/20 10:49:00.0671 2464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/20 10:49:00.0703 2464 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys 2011/02/20 10:49:00.0750 2464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/20 10:49:00.0796 2464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/20 10:49:00.0828 2464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/20 10:49:00.0843 2464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/20 10:49:00.0890 2464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/20 10:49:00.0937 2464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/20 10:49:00.0984 2464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/20 10:49:01.0046 2464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/20 10:49:01.0109 2464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/20 10:49:01.0140 2464 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/20 10:49:01.0187 2464 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS 2011/02/20 10:49:01.0234 2464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/20 10:49:01.0296 2464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/20 10:49:01.0375 2464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/20 10:49:01.0406 2464 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/20 10:49:01.0437 2464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/20 10:49:01.0468 2464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/20 10:49:01.0515 2464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/20 10:49:01.0531 2464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/02/20 10:49:01.0578 2464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/20 10:49:01.0625 2464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/20 10:49:01.0640 2464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/20 10:49:01.0703 2464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/20 10:49:01.0750 2464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/20 10:49:01.0796 2464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/20 10:49:01.0828 2464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/20 10:49:01.0875 2464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/20 10:49:01.0921 2464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/20 10:49:01.0953 2464 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/02/20 10:49:01.0984 2464 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 2011/02/20 10:49:02.0031 2464 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 2011/02/20 10:49:02.0078 2464 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/20 10:49:02.0140 2464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/20 10:49:02.0203 2464 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/02/20 10:49:02.0281 2464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/02/20 10:49:02.0328 2464 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/02/20 10:49:02.0359 2464 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/20 10:49:02.0406 2464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/20 10:49:02.0437 2464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/20 10:49:02.0625 2464 ================================================================================ 2011/02/20 10:49:02.0625 2464 Scan finished 2011/02/20 10:49:02.0625 2464 ================================================================================ DDS.txt contents DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 10:51:37.57 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1141 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] =============== Created Last 30 ================ 2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira 2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 10:52:52.93 ===============
- February 20, 2011
- 35 replies
Bad search re-directs

espfrank posted a topic in Resolved Malware Removal Logs

Malwarebytes log 07:12:29 ESP MESSAGE Scheduled update executed successfully 07:12:29 ESP MESSAGE IP Protection stopped 07:12:38 ESP MESSAGE Database updated successfully 07:12:42 ESP MESSAGE IP Protection started successfully 16:50:00 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:50:03 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:50:09 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:56:49 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:56:52 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) 16:56:58 ESP IP-BLOCK 209.212.147.218 (Type: outgoing) DDS.txt DDS (Ver_10-12-12.02) - NTFSx86 Run by ESP at 11:48:43.33 on Fri 02/18/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1128 [GMT -6:00] AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Smart Internet Protection 2011 *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Brownie\BrstsWnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\AOL 9.1\waol.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Documents and Settings\ESP\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315 uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisallowRun = 1 (0x1) IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth IFEO: image file execution options - svchost.exe IFEO: OLT.exe - svchost.exe Hosts: 64.46.36.163 www.google.com Hosts: 64.46.36.163 google.com Hosts: 64.46.36.163 google.com.au Hosts: 64.46.36.163 www.google.com.au Hosts: 64.46.36.163 google.be Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960] R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376] R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480] R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224] R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?] S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456] S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640] S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504] =============== Created Last 30 ================ 2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData 2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira 2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE 2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache 2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache 2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8 2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira 2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll 2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe 2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe 2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe 2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2011-01-31 23:19:49 -------- d-----w- c:\docume~1\esp\locals~1\applic~1\AskToolbar 2011-01-31 21:57:28 -------- d-----w- c:\program files\Ask.com 2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer 2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-31 20:58:38 -------- d-----w- c:\windows\pss 2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP 2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba ==================== Find3M ==================== 2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin ============= FINISH: 11:49:59.37 =============== Attach.zip
- February 19, 2011
- 35 replies

Events

Profiles

Forums

Everything posted by espfrank

Important Information