Jump to content

JaneSmith

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by JaneSmith

  1. yes i'm still here, hadn't checked this for a couple of days, will do what you last posted now.
  2. here's the kaspersky report.... Autoscan: malfunction (events: 1, objects: 0, time: Unknown) 05/07/2011 20:58:08 Task started Autoscan: completed 2 hours ago (events: 2, objects: 2058321, time: 10:43:07) 05/07/2011 23:56:17 Task started 06/07/2011 10:39:25 Task completed it never found anything... and the problem's still there :L
  3. Here is the ComboFix log... ComboFix 11-07-03.01 - Stephanie 04/07/2011 0:58.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4026.2527 [GMT 1:00] Running from: c:\users\Stephanie\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll c:\users\Stephanie\AppData\Roaming\cacaoweb c:\users\Stephanie\AppData\Roaming\cacaoweb\npdfile.dat c:\users\Stephanie\AppData\Roaming\cacaoweb\storage.db c:\windows\security\Database\tmp.edb c:\windows\SysWow64\html c:\windows\SysWow64\html\calendar.html c:\windows\SysWow64\html\calendarbottom.html c:\windows\SysWow64\html\calendartop.html c:\windows\SysWow64\html\crystalexportdialog.htm c:\windows\SysWow64\html\crystalprinthost.html c:\windows\SysWow64\images c:\windows\SysWow64\images\toolbar\calendar.gif c:\windows\SysWow64\images\toolbar\crlogo.gif c:\windows\SysWow64\images\toolbar\export.gif c:\windows\SysWow64\images\toolbar\export_over.gif c:\windows\SysWow64\images\toolbar\exportd.gif c:\windows\SysWow64\images\toolbar\First.gif c:\windows\SysWow64\images\toolbar\first_over.gif c:\windows\SysWow64\images\toolbar\Firstd.gif c:\windows\SysWow64\images\toolbar\gotopage.gif c:\windows\SysWow64\images\toolbar\gotopage_over.gif c:\windows\SysWow64\images\toolbar\gotopaged.gif c:\windows\SysWow64\images\toolbar\grouptree.gif c:\windows\SysWow64\images\toolbar\grouptree_over.gif c:\windows\SysWow64\images\toolbar\grouptreed.gif c:\windows\SysWow64\images\toolbar\grouptreepressed.gif c:\windows\SysWow64\images\toolbar\Last.gif c:\windows\SysWow64\images\toolbar\last_over.gif c:\windows\SysWow64\images\toolbar\Lastd.gif c:\windows\SysWow64\images\toolbar\Next.gif c:\windows\SysWow64\images\toolbar\next_over.gif c:\windows\SysWow64\images\toolbar\Nextd.gif c:\windows\SysWow64\images\toolbar\Prev.gif c:\windows\SysWow64\images\toolbar\prev_over.gif c:\windows\SysWow64\images\toolbar\Prevd.gif c:\windows\SysWow64\images\toolbar\print.gif c:\windows\SysWow64\images\toolbar\print_over.gif c:\windows\SysWow64\images\toolbar\printd.gif c:\windows\SysWow64\images\toolbar\Refresh.gif c:\windows\SysWow64\images\toolbar\refresh_over.gif c:\windows\SysWow64\images\toolbar\refreshd.gif c:\windows\SysWow64\images\toolbar\Search.gif c:\windows\SysWow64\images\toolbar\search_over.gif c:\windows\SysWow64\images\toolbar\searchd.gif c:\windows\SysWow64\images\toolbar\up.gif c:\windows\SysWow64\images\toolbar\up_over.gif c:\windows\SysWow64\images\toolbar\upd.gif c:\windows\SysWow64\images\tree\begindots.gif c:\windows\SysWow64\images\tree\beginminus.gif c:\windows\SysWow64\images\tree\beginplus.gif c:\windows\SysWow64\images\tree\blank.gif c:\windows\SysWow64\images\tree\blankdots.gif c:\windows\SysWow64\images\tree\dots.gif c:\windows\SysWow64\images\tree\lastdots.gif c:\windows\SysWow64\images\tree\lastminus.gif c:\windows\SysWow64\images\tree\lastplus.gif c:\windows\SysWow64\images\tree\Magnify.gif c:\windows\SysWow64\images\tree\minus.gif c:\windows\SysWow64\images\tree\minusbox.gif c:\windows\SysWow64\images\tree\plus.gif c:\windows\SysWow64\images\tree\plusbox.gif c:\windows\SysWow64\images\tree\singleminus.gif c:\windows\SysWow64\images\tree\singleplus.gif . . ((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 ))))))))))))))))))))))))))))))) . . 2011-07-04 00:19 . 2011-07-04 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-01 23:33 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{820BD05A-1D0B-4146-B04C-6175DB914BC9}\mpengine.dll 2011-06-29 18:27 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll 2011-06-29 18:27 . 2011-05-04 05:22 2223616 ----a-w- c:\windows\system32\mssrch.dll 2011-06-29 18:27 . 2011-05-04 05:19 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-29 18:27 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll 2011-06-29 18:27 . 2011-05-04 05:19 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-29 18:27 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\SysWow64\tquery.dll 2011-06-29 18:27 . 2011-05-04 04:28 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2011-06-29 18:27 . 2011-05-04 04:28 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2011-06-29 17:35 . 2011-06-29 17:35 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes 2011-06-29 17:35 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-29 17:35 . 2011-06-29 17:35 -------- d-----w- c:\programdata\Malwarebytes 2011-06-29 17:35 . 2011-06-29 17:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-06-29 17:35 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-29 17:14 . 2011-06-29 17:14 -------- d-----w- c:\users\Stephanie\AppData\Local\{8E5EF0A7-204E-4997-B8F2-22658834699D} 2011-06-27 17:38 . 2011-06-27 17:38 -------- d-----w- c:\users\Stephanie\AppData\Local\{9161734D-980C-4ECA-A38D-7F9B45ADB718} 2011-06-26 21:06 . 2011-06-26 21:06 -------- d-----w- c:\users\Stephanie\AppData\Local\Origin 2011-06-26 20:59 . 2011-06-26 21:07 -------- d-----w- c:\programdata\Origin 2011-06-26 20:59 . 2011-06-26 20:59 -------- d-----w- c:\program files (x86)\Origin Games 2011-06-26 20:58 . 2011-06-26 20:59 -------- d-----w- c:\program files (x86)\Origin 2011-06-26 20:39 . 2011-06-26 20:59 -------- d-----w- c:\programdata\Electronic Arts 2011-06-26 20:27 . 2011-06-26 20:27 -------- d-----w- c:\program files (x86)\Microsoft WSE 2011-06-26 20:27 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll 2011-06-26 20:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll 2011-06-26 19:54 . 2011-06-27 12:55 -------- d-----w- c:\program files (x86)\Electronic Arts 2011-06-26 19:03 . 2011-06-26 19:03 -------- d-----w- c:\users\Stephanie\AppData\Local\{FDF15329-384D-4B6B-AF05-6B60A029CD91} 2011-06-25 01:48 . 2011-06-25 01:48 -------- d-----w- c:\windows\system32\SPReview 2011-06-25 01:47 . 2011-06-25 01:47 -------- d-----w- c:\windows\system32\EventProviders 2011-06-23 22:59 . 2011-06-23 22:59 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 22:59 . 2011-06-23 22:59 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-06-23 19:40 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-06-23 19:40 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-06-23 19:38 . 2010-11-20 13:25 1975296 ----a-w- c:\windows\system32\CertEnroll.dll 2011-06-23 19:37 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll 2011-06-23 19:36 . 2010-11-20 13:27 769536 ----a-w- c:\windows\system32\sud.dll 2011-06-23 19:35 . 2010-11-20 13:27 145920 ----a-w- c:\windows\system32\sppc.dll 2011-06-23 19:34 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll 2011-06-23 19:34 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll 2011-06-23 19:34 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-06-23 19:34 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-06-23 19:31 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-06-23 19:31 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-06-23 19:31 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-06-23 19:30 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-06-23 19:30 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-06-23 19:30 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-06-23 19:30 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-06-19 19:19 . 2011-06-19 19:19 -------- d-----w- c:\users\Stephanie\AppData\Local\{3F58F7D7-61D7-42E4-91DA-C635B1E5E4B8} 2011-06-19 08:04 . 2003-09-02 20:39 7106560 ----a-w- c:\program files (x86)\Microsoft Games\Age of Mythology\aomx.exe 2011-06-18 18:50 . 2011-06-18 18:50 -------- d-----w- c:\program files\iPod 2011-06-18 18:50 . 2011-06-18 18:50 -------- d-----w- c:\program files\iTunes 2011-06-18 12:08 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-18 12:08 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-18 12:08 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2011-06-18 12:08 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 12:08 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 12:08 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-18 12:08 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-18 12:08 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-18 12:08 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys 2011-06-18 12:06 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-18 12:06 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-06-18 12:05 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-18 12:05 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-06-07 11:35 . 2011-06-07 11:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 11:35 . 2011-06-07 11:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-25 02:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-25 02:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 09:54 . 2011-04-14 22:54 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-06-24 09:54 . 2011-04-14 22:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-06-23 13:08 . 2011-06-02 14:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-21 20:27 . 2011-04-29 11:41 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-06-21 20:26 . 2011-04-29 11:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-05-24 18:14 . 2010-08-24 14:24 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-11 20:35 . 2011-04-29 11:41 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-05-10 12:10 . 2010-08-24 20:41 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2010-08-24 20:41 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-05-10 12:10 . 2011-05-25 20:53 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:04 . 2011-05-25 20:53 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:04 . 2010-08-24 20:42 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2010-08-24 20:42 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2010-08-24 20:42 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2010-08-24 20:42 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2010-08-24 20:42 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-10 07:06 . 2011-05-10 07:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2011-05-10 07:06 . 2011-05-10 07:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-04 16:37 . 2011-04-14 22:53 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-04-22 22:15 . 2011-05-24 18:43 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 07:02 . 2011-05-11 16:37 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:58 . 2011-05-24 18:43 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:02 . 2011-05-11 16:37 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 16:37 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-24 18:43 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 15:26 . 2011-04-06 15:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 15:26 . 2011-04-06 15:26 237856 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-04 98304] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-03-01 373640] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2010-09-22 19:19 284208 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-04 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-04 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-04 365592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&affID=17159 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Stephanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 TCP: Interfaces\{EFB484CE-37BC-4555-AA18-A36FF0CE020C}: NameServer = 10.36.40.1 FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&instlRef=sst&affID=17159&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe AddRemove-AsUninst.exe - c:\windows\system32\AsUninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Mozilla Firefox\firefox.exe c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe c:\program files (x86)\Mozilla Firefox\plugin-container.exe . ************************************************************************** . Completion time: 2011-07-04 01:52:14 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-04 00:51 . Pre-Run: 198,557,712,384 bytes free Post-Run: 200,194,273,280 bytes free . - - End Of File - - AEA14A597582359938EB7CC9D389D0CB And the problem still remains
  4. TDSKiller.log 2011/07/02 01:15:53.0706 1580 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/07/02 01:15:54.0763 1580 ================================================================================ 2011/07/02 01:15:54.0763 1580 SystemInfo: 2011/07/02 01:15:54.0763 1580 2011/07/02 01:15:54.0763 1580 OS Version: 6.1.7601 ServicePack: 1.0 2011/07/02 01:15:54.0763 1580 Product type: Workstation 2011/07/02 01:15:54.0763 1580 ComputerName: STEPHANIE-PC 2011/07/02 01:15:54.0763 1580 UserName: Stephanie 2011/07/02 01:15:54.0763 1580 Windows directory: C:\Windows 2011/07/02 01:15:54.0763 1580 System windows directory: C:\Windows 2011/07/02 01:15:54.0763 1580 Running under WOW64 2011/07/02 01:15:54.0764 1580 Processor architecture: Intel x64 2011/07/02 01:15:54.0764 1580 Number of processors: 2 2011/07/02 01:15:54.0764 1580 Page size: 0x1000 2011/07/02 01:15:54.0764 1580 Boot type: Normal boot 2011/07/02 01:15:54.0764 1580 ================================================================================ 2011/07/02 01:15:56.0041 1580 Initialize success 2011/07/02 01:16:17.0649 3208 ================================================================================ 2011/07/02 01:16:17.0649 3208 Scan started 2011/07/02 01:16:17.0649 3208 Mode: Manual; 2011/07/02 01:16:17.0649 3208 ================================================================================ 2011/07/02 01:16:18.0415 3208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/07/02 01:16:18.0536 3208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/07/02 01:16:18.0613 3208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/07/02 01:16:18.0758 3208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/07/02 01:16:18.0877 3208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/07/02 01:16:18.0925 3208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/07/02 01:16:19.0081 3208 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 2011/07/02 01:16:19.0206 3208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/07/02 01:16:19.0350 3208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/07/02 01:16:19.0498 3208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/07/02 01:16:19.0575 3208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/02 01:16:19.0940 3208 amdkmdag (437b35aab579ab7ce35203a9aa64383e) C:\Windows\system32\DRIVERS\atipmdag.sys 2011/07/02 01:16:20.0123 3208 amdkmdap (dc1ac1c07ca01bc976c528eb065e76a2) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/07/02 01:16:20.0196 3208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/07/02 01:16:20.0268 3208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 2011/07/02 01:16:20.0376 3208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/07/02 01:16:20.0445 3208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 2011/07/02 01:16:20.0528 3208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/07/02 01:16:20.0702 3208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/07/02 01:16:20.0742 3208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/07/02 01:16:20.0845 3208 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys 2011/07/02 01:16:20.0894 3208 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys 2011/07/02 01:16:20.0995 3208 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys 2011/07/02 01:16:21.0188 3208 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys 2011/07/02 01:16:21.0243 3208 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys 2011/07/02 01:16:21.0312 3208 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys 2011/07/02 01:16:21.0505 3208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/02 01:16:21.0574 3208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/07/02 01:16:21.0897 3208 atikmdag (437b35aab579ab7ce35203a9aa64383e) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/02 01:16:22.0160 3208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/07/02 01:16:22.0466 3208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/07/02 01:16:22.0618 3208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/07/02 01:16:22.0713 3208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/07/02 01:16:22.0865 3208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/02 01:16:22.0918 3208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/07/02 01:16:23.0001 3208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/07/02 01:16:23.0072 3208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/07/02 01:16:23.0161 3208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/07/02 01:16:23.0216 3208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/07/02 01:16:23.0278 3208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/07/02 01:16:23.0330 3208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/02 01:16:23.0469 3208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/02 01:16:23.0556 3208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 2011/07/02 01:16:23.0695 3208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/07/02 01:16:23.0760 3208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/07/02 01:16:23.0946 3208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/02 01:16:24.0005 3208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/07/02 01:16:24.0142 3208 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/07/02 01:16:24.0299 3208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/02 01:16:24.0422 3208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/07/02 01:16:24.0525 3208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/07/02 01:16:24.0725 3208 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 2011/07/02 01:16:24.0921 3208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/07/02 01:16:25.0072 3208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/07/02 01:16:25.0166 3208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/07/02 01:16:25.0325 3208 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 2011/07/02 01:16:25.0423 3208 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys 2011/07/02 01:16:25.0502 3208 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/07/02 01:16:25.0583 3208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/07/02 01:16:25.0832 3208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/02 01:16:26.0186 3208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/07/02 01:16:26.0431 3208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/07/02 01:16:26.0620 3208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/07/02 01:16:26.0866 3208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/07/02 01:16:26.0941 3208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/07/02 01:16:27.0032 3208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/02 01:16:27.0110 3208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/07/02 01:16:27.0177 3208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/07/02 01:16:27.0312 3208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/02 01:16:27.0397 3208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/07/02 01:16:27.0528 3208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/07/02 01:16:27.0826 3208 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/07/02 01:16:27.0981 3208 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/02 01:16:28.0151 3208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/02 01:16:28.0285 3208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/07/02 01:16:28.0413 3208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/02 01:16:28.0472 3208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/07/02 01:16:28.0642 3208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/07/02 01:16:28.0783 3208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/02 01:16:28.0893 3208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/07/02 01:16:28.0944 3208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/07/02 01:16:28.0992 3208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/07/02 01:16:29.0099 3208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 2011/07/02 01:16:29.0265 3208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/07/02 01:16:29.0457 3208 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys 2011/07/02 01:16:29.0612 3208 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys 2011/07/02 01:16:29.0753 3208 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys 2011/07/02 01:16:29.0842 3208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/07/02 01:16:29.0973 3208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/07/02 01:16:30.0051 3208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/07/02 01:16:30.0158 3208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 2011/07/02 01:16:30.0473 3208 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/07/02 01:16:30.0713 3208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/07/02 01:16:30.0797 3208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/07/02 01:16:31.0117 3208 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys 2011/07/02 01:16:31.0357 3208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/02 01:16:31.0453 3208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/02 01:16:31.0552 3208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/07/02 01:16:31.0649 3208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/07/02 01:16:31.0788 3208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/07/02 01:16:31.0850 3208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/07/02 01:16:31.0922 3208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/07/02 01:16:32.0034 3208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 2011/07/02 01:16:32.0109 3208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 2011/07/02 01:16:32.0242 3208 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/02 01:16:32.0301 3208 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/07/02 01:16:32.0409 3208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/07/02 01:16:32.0483 3208 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys 2011/07/02 01:16:32.0635 3208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/02 01:16:32.0943 3208 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 2011/07/02 01:16:33.0170 3208 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys 2011/07/02 01:16:33.0384 3208 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys 2011/07/02 01:16:33.0527 3208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/07/02 01:16:33.0602 3208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/07/02 01:16:33.0641 3208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/07/02 01:16:33.0737 3208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/07/02 01:16:33.0794 3208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/07/02 01:16:33.0920 3208 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys 2011/07/02 01:16:34.0066 3208 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys 2011/07/02 01:16:34.0360 3208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/07/02 01:16:34.0461 3208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/07/02 01:16:34.0631 3208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/07/02 01:16:34.0694 3208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/02 01:16:34.0782 3208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 2011/07/02 01:16:34.0884 3208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/02 01:16:34.0968 3208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/07/02 01:16:35.0065 3208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/07/02 01:16:35.0159 3208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/02 01:16:35.0403 3208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/07/02 01:16:35.0467 3208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/02 01:16:35.0546 3208 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/02 01:16:35.0646 3208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/02 01:16:35.0765 3208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/07/02 01:16:35.0853 3208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/07/02 01:16:35.0982 3208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/07/02 01:16:36.0077 3208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/07/02 01:16:36.0146 3208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/07/02 01:16:36.0275 3208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/02 01:16:36.0309 3208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/02 01:16:36.0452 3208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/07/02 01:16:36.0707 3208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/07/02 01:16:37.0032 3208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/07/02 01:16:37.0301 3208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/07/02 01:16:37.0361 3208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/07/02 01:16:37.0420 3208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/07/02 01:16:37.0506 3208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/02 01:16:37.0646 3208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/07/02 01:16:37.0719 3208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/07/02 01:16:37.0804 3208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/02 01:16:37.0867 3208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/02 01:16:37.0923 3208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/02 01:16:38.0027 3208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/07/02 01:16:38.0248 3208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/02 01:16:38.0330 3208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/02 01:16:38.0738 3208 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 2011/07/02 01:16:38.0934 3208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/07/02 01:16:39.0085 3208 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys 2011/07/02 01:16:39.0133 3208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/07/02 01:16:39.0243 3208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/02 01:16:39.0366 3208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 2011/07/02 01:16:39.0471 3208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/07/02 01:16:39.0545 3208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 2011/07/02 01:16:39.0669 3208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 2011/07/02 01:16:39.0743 3208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/07/02 01:16:39.0864 3208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/07/02 01:16:40.0057 3208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/07/02 01:16:40.0121 3208 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/07/02 01:16:40.0300 3208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/07/02 01:16:40.0349 3208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/07/02 01:16:40.0426 3208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/02 01:16:40.0472 3208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/07/02 01:16:40.0624 3208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/07/02 01:16:40.0934 3208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/02 01:16:41.0000 3208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/07/02 01:16:41.0167 3208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/02 01:16:41.0295 3208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/07/02 01:16:41.0399 3208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/07/02 01:16:41.0469 3208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/02 01:16:41.0554 3208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/02 01:16:41.0619 3208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/07/02 01:16:41.0743 3208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/02 01:16:41.0823 3208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/02 01:16:41.0914 3208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/02 01:16:41.0983 3208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/02 01:16:42.0069 3208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/07/02 01:16:42.0106 3208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/02 01:16:42.0285 3208 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 2011/07/02 01:16:42.0351 3208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/02 01:16:42.0444 3208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/07/02 01:16:42.0496 3208 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/07/02 01:16:42.0650 3208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/07/02 01:16:42.0833 3208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/02 01:16:42.0907 3208 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 2011/07/02 01:16:43.0005 3208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/07/02 01:16:43.0074 3208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/07/02 01:16:43.0466 3208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/07/02 01:16:43.0544 3208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/02 01:16:43.0591 3208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/07/02 01:16:43.0696 3208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/07/02 01:16:43.0810 3208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/07/02 01:16:43.0848 3208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/02 01:16:43.0944 3208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/02 01:16:44.0053 3208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/02 01:16:44.0198 3208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/07/02 01:16:44.0257 3208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/07/02 01:16:44.0320 3208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/07/02 01:16:44.0447 3208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/07/02 01:16:44.0789 3208 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys 2011/07/02 01:16:44.0916 3208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 2011/07/02 01:16:45.0088 3208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/02 01:16:45.0182 3208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/02 01:16:45.0395 3208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/07/02 01:16:45.0475 3208 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 2011/07/02 01:16:45.0578 3208 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 2011/07/02 01:16:45.0630 3208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/07/02 01:16:45.0749 3208 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 2011/07/02 01:16:45.0870 3208 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys 2011/07/02 01:16:46.0037 3208 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/02 01:16:46.0158 3208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/02 01:16:46.0233 3208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/07/02 01:16:46.0308 3208 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/07/02 01:16:46.0389 3208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/02 01:16:46.0511 3208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/07/02 01:16:46.0632 3208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/02 01:16:46.0759 3208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/07/02 01:16:46.0844 3208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/02 01:16:46.0912 3208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/07/02 01:16:47.0034 3208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/02 01:16:47.0130 3208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/02 01:16:47.0246 3208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 2011/07/02 01:16:47.0286 3208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/02 01:16:47.0421 3208 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 2011/07/02 01:16:47.0476 3208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/02 01:16:47.0550 3208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/07/02 01:16:47.0631 3208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/02 01:16:47.0721 3208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/02 01:16:47.0807 3208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 2011/07/02 01:16:47.0880 3208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/02 01:16:47.0962 3208 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/02 01:16:48.0032 3208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 2011/07/02 01:16:48.0082 3208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/02 01:16:48.0188 3208 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 2011/07/02 01:16:48.0290 3208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/07/02 01:16:48.0381 3208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/02 01:16:48.0436 3208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/07/02 01:16:48.0498 3208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/07/02 01:16:48.0829 3208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/07/02 01:16:48.0908 3208 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 2011/07/02 01:16:48.0998 3208 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 2011/07/02 01:16:49.0069 3208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/07/02 01:16:49.0148 3208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/07/02 01:16:49.0213 3208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/07/02 01:16:49.0342 3208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/07/02 01:16:49.0418 3208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/07/02 01:16:49.0514 3208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/07/02 01:16:49.0657 3208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/02 01:16:49.0691 3208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/02 01:16:49.0861 3208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/07/02 01:16:49.0974 3208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/02 01:16:50.0134 3208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/07/02 01:16:50.0165 3208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/07/02 01:16:50.0352 3208 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/07/02 01:16:50.0538 3208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/07/02 01:16:50.0678 3208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/02 01:16:50.0867 3208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/07/02 01:16:50.0960 3208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/02 01:16:51.0279 3208 ZTEusbmdm6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2011/07/02 01:16:51.0373 3208 ZTEusbnmea (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2011/07/02 01:16:51.0576 3208 ZTEusbser6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2011/07/02 01:16:51.0704 3208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/07/02 01:16:51.0773 3208 Boot (0x1200) (6148cf05feaceb127a71c368ab8dad9f) \Device\Harddisk0\DR0\Partition0 2011/07/02 01:16:51.0840 3208 Boot (0x1200) (5077814fe4d6fead372a8b7e8b7024a0) \Device\Harddisk0\DR0\Partition1 2011/07/02 01:16:51.0869 3208 ================================================================================ 2011/07/02 01:16:51.0869 3208 Scan finished 2011/07/02 01:16:51.0869 3208 ================================================================================ 2011/07/02 01:16:51.0903 0656 Detected object count: 0 2011/07/02 01:16:51.0903 0656 Actual detected object count: 0 DDS log: . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Stephanie at 1:22:53 on 2011-07-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4026.2657 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Windows\Explorer.EXE c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&affID=17159 uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&affID=17159 uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [<NO NAME>] mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - C:\Users\Stephanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 TCP: Interfaces\{9916C7CD-F913-4A59-A47B-C1C17CBE9975} : DhcpNameServer = 219.139.81.6 168.95.1.1 TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD} : DhcpNameServer = 219.139.81.6 168.95.1.1 TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\24450264573796F6E6D243136303 : DhcpNameServer = 192.168.178.254 TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\244584F6D65684572623D233255305 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\3427169676E45647 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\5534F6E6E6563647 : DhcpNameServer = 193.60.160.250 193.60.160.84 193.60.160.137 TCP: Interfaces\{EFB484CE-37BC-4555-AA18-A36FF0CE020C} : NameServer = 10.36.40.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun-x64: [(Default)] mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&instlRef=sst&affID=17159&q= FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-25 42184] R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-10-22 1737464] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-3-25 271408] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-29 366640] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?] S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-07-01 23:33:01 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{820BD05A-1D0B-4146-B04C-6175DB914BC9}\mpengine.dll 2011-06-29 18:27:04 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-06-29 18:27:03 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-06-29 18:27:02 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-06-29 18:27:02 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-06-29 18:27:01 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-06-29 18:27:01 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-06-29 18:27:00 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-06-29 18:27:00 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-06-29 17:35:52 -------- d-----w- C:\Users\Stephanie\AppData\Roaming\Malwarebytes 2011-06-29 17:35:44 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-29 17:35:42 -------- d-----w- C:\ProgramData\Malwarebytes 2011-06-29 17:35:38 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-29 17:35:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-06-29 17:14:20 -------- d-----w- C:\Users\Stephanie\AppData\Local\{8E5EF0A7-204E-4997-B8F2-22658834699D} 2011-06-27 17:38:43 -------- d-----w- C:\Users\Stephanie\AppData\Local\{9161734D-980C-4ECA-A38D-7F9B45ADB718} 2011-06-26 21:06:11 -------- d-----w- C:\Users\Stephanie\AppData\Local\Origin 2011-06-26 20:59:34 -------- d-----w- C:\ProgramData\Origin 2011-06-26 20:59:33 -------- d-----w- C:\Program Files (x86)\Origin Games 2011-06-26 20:58:50 -------- d-----w- C:\Program Files (x86)\Origin 2011-06-26 20:39:24 -------- d-----w- C:\ProgramData\Electronic Arts 2011-06-26 20:27:57 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-06-26 20:27:02 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll 2011-06-26 20:27:02 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll 2011-06-26 19:03:08 -------- d-----w- C:\Users\Stephanie\AppData\Local\{FDF15329-384D-4B6B-AF05-6B60A029CD91} 2011-06-25 01:48:10 -------- d-----w- C:\Windows\System32\SPReview 2011-06-25 01:47:00 -------- d-----w- C:\Windows\System32\EventProviders 2011-06-23 22:59:52 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 22:59:52 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-06-23 19:40:14 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-06-23 19:40:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-06-23 19:38:59 3957760 ----a-w- C:\Windows\System32\WinSAT.exe 2011-06-23 19:37:59 571904 ----a-w- C:\Windows\System32\mspbda.dll 2011-06-23 19:36:59 828928 ----a-w- C:\Windows\SysWow64\fontext.dll 2011-06-23 19:35:59 48640 ----a-w- C:\Windows\System32\luainstall.dll 2011-06-23 19:34:48 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll 2011-06-23 19:34:48 257024 ----a-w- C:\Windows\SysWow64\dpx.dll 2011-06-23 19:34:42 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-06-23 19:34:42 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-06-23 19:31:09 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-23 19:31:09 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-06-23 19:31:09 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-06-23 19:30:58 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-06-23 19:30:53 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-06-23 19:30:27 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-06-23 19:30:27 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-06-19 19:19:38 -------- d-----w- C:\Users\Stephanie\AppData\Local\{3F58F7D7-61D7-42E4-91DA-C635B1E5E4B8} 2011-06-19 08:04:28 7106560 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe 2011-06-18 18:50:06 -------- d-----w- C:\Program Files\iPod 2011-06-18 18:50:05 -------- d-----w- C:\Program Files\iTunes 2011-06-18 12:08:15 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-18 12:08:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-06-18 12:08:14 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2011-06-18 12:08:11 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 12:08:11 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-18 12:08:10 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-06-18 12:08:10 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-06-18 12:08:10 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-06-18 12:08:07 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-06-18 12:06:01 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-06-18 12:06:01 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-06-18 12:05:58 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-06-18 12:05:58 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-06-07 11:35:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 11:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2011-06-06 11:50:36 -------- d-----w- C:\Windows\pss 2011-06-03 23:31:32 -------- d-----w- C:\Users\Stephanie\AppData\Local\{3B43898E-62F8-425C-BB2C-302A4D3D55C5} 2011-06-02 14:01:27 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-06-25 02:01:11 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-25 02:01:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr 2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-05-10 07:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2011-05-10 07:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll 2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll 2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe 2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe . ============= FINISH: 1:25:07.22 =============== security check: Results of screen317's Security Check version 0.99.17 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.3.181.26 ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe windows defender MpCmdRun.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe ``````````End of Log```````````` The problem was still occurring but thank you for your reply and help so far. Attach.txt
  5. Right, Basically I have this recurring popup every couple of minutes from MalwareBytes saying MalwareBytes has protected you from a potentially malicious website. Then it says the IP address, it's outgoing and that it was because of svchost.exe. Is this a virus? or is there a way to get rid of it without damaging my computer? I have used MalwareBytes and Avast to scan my computer, 1 infected file was found on Malware bytes and it was removed and there was no infected files on Avast. Thanks for any help posted. Here is the protection log for MalwareBytes: 18:39:45 Stephanie MESSAGE Protection started successfully 18:39:51 Stephanie MESSAGE IP Protection started successfully 18:40:45 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53702, Process: svchost.exe) 18:41:09 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62086, Process: svchost.exe) 18:47:30 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 49618, Process: svchost.exe) 18:48:19 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53843, Process: svchost.exe) 18:51:33 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 49245, Process: svchost.exe) 18:59:40 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50848, Process: svchost.exe) 19:01:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64061, Process: svchost.exe) 19:01:33 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 55949, Process: svchost.exe) 19:03:27 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50503, Process: svchost.exe) 19:05:28 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52553, Process: svchost.exe) 19:10:28 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 49940, Process: svchost.exe) 19:13:35 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50729, Process: svchost.exe) 19:13:43 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 51400, Process: svchost.exe) 19:14:07 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59010, Process: svchost.exe) 19:18:51 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 63170, Process: svchost.exe) 19:26:02 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54825, Process: svchost.exe) 19:33:51 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64551, Process: svchost.exe) 19:34:48 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62129, Process: svchost.exe) 19:39:15 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59251, Process: svchost.exe) 19:42:21 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54315, Process: svchost.exe) 19:42:29 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62249, Process: svchost.exe) 19:42:38 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62249, Process: svchost.exe) 19:42:38 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62249, Process: svchost.exe) 19:49:39 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62085, Process: svchost.exe) 19:56:24 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 55486, Process: svchost.exe) 19:57:13 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53297, Process: svchost.exe) 20:04:38 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 63421, Process: svchost.exe) 20:12:20 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52776, Process: svchost.exe) 20:12:20 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52776, Process: svchost.exe) 20:18:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 58785, Process: svchost.exe) 20:20:27 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54360, Process: svchost.exe) 20:20:43 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53719, Process: svchost.exe) 20:24:46 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53335, Process: svchost.exe) 20:44:11 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59951, Process: svchost.exe) 20:57:08 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52590, Process: svchost.exe) 20:57:49 (null) IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62254, Process: svchost.exe) 20:57:49 (null) IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62254, Process: svchost.exe) 23:08:01 Stephanie MESSAGE Protection started successfully 23:08:06 Stephanie MESSAGE IP Protection started successfully 23:08:20 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59036, Process: svchost.exe) 23:08:31 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52122, Process: svchost.exe) 23:08:39 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 51486, Process: svchost.exe) 23:09:04 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62999, Process: svchost.exe) 23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57189, Process: svchost.exe) 23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59931, Process: svchost.exe) 23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 65180, Process: svchost.exe) 23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 55279, Process: svchost.exe) 23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57423, Process: svchost.exe) 23:16:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64106, Process: svchost.exe) 23:24:17 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50494, Process: svchost.exe) 23:40:10 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62232, Process: svchost.exe) 23:40:58 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62276, Process: svchost.exe) 23:42:59 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52873, Process: svchost.exe) 23:53:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 63585, Process: svchost.exe) 23:54:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 58563, Process: svchost.exe) 23:54:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 51648, Process: svchost.exe) 23:54:49 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57362, Process: svchost.exe) 23:54:49 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64790, Process: svchost.exe) 23:54:49 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54321, Process: svchost.exe) 23:58:43 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57071, Process: svchost.exe) 23:58:52 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54584, Process: svchost.exe) Hopefully someone can help I'll keep an eye out for the next one and screen shot it if possible.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.