Jump to content

mdharman

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by mdharman

  1. COMBOFIX LOG//////////////////////////////////////////// ComboFix 11-07-08.03 - harmanm 07/08/2011 21:42:39.3.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3951.2443 [GMT -5:00] Running from: c:\users\harmanm\Desktop\ComboFix.exe Command switches used :: c:\users\harmanm\Desktop\CFScript.txt AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe c:\programdata\dnsapi32.dll . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll --> c:\windows\SysWOW64\mfc40u.dll . ((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 ))))))))))))))))))))))))))))))) . . 2011-07-09 02:49 . 2011-07-09 02:49 257536 --sha-w- c:\programdata\api-ms-win-core-libraryloader-l1-1-032.dll 2011-07-09 02:47 . 2011-07-09 02:47 -------- d-----w- c:\users\printman\AppData\Local\temp 2011-07-09 02:47 . 2011-07-09 02:47 -------- d-----w- c:\users\printman.LISD\AppData\Local\temp 2011-07-09 02:47 . 2011-07-09 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-09 02:47 . 2011-07-09 02:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-07-02 01:18 . 2011-07-02 01:18 -------- d-----w- c:\users\harmanm\AppData\Local\Google 2011-07-01 03:08 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37F122CB-80BC-42B2-AB1C-389A67EBA21F}\mpengine.dll 2011-06-30 04:46 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2011-06-30 04:11 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2011-06-30 04:00 . 2011-06-30 04:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-29 00:18 . 2011-06-29 00:18 -------- d-----w- c:\users\harmanm\AppData\Roaming\Adobe Mini Bridge CS5 2011-06-27 21:39 . 2011-06-27 21:39 557568 ----a-w- c:\windows\SysWow64\mfc7032.exe 2011-06-27 19:41 . 2011-06-27 19:41 -------- d-----w- c:\users\harmanm\AppData\Local\TechSmith 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\windows\SysWow64\QuickTime 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\programdata\TechSmith 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\program files (x86)\TechSmith 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2011-06-19 00:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-06-19 00:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-06-19 00:28 . 2011-06-19 00:28 -------- d-----w- c:\program files (x86)\MSXML 4.0 2011-06-19 00:07 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-19 00:05 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-06-19 00:05 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-06-19 00:05 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2011-06-19 00:05 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll 2011-06-19 00:05 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll 2011-06-19 00:05 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2011-06-19 00:05 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2011-06-19 00:05 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2011-06-19 00:05 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-06-19 00:05 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-06-19 00:04 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-19 00:04 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-19 00:04 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll 2011-06-19 00:04 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax 2011-06-19 00:04 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax 2011-06-19 00:04 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-19 00:04 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-19 00:04 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-19 00:02 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll 2011-06-19 00:01 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-06-19 00:00 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-06-18 23:59 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-18 23:59 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-06-18 23:59 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-06-18 23:59 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe 2011-06-17 21:21 . 2011-06-30 04:27 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-30 03:46 . 2010-10-13 15:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-29 14:11 . 2010-10-13 15:30 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 14:11 . 2010-10-13 15:30 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 00:14 . 2010-10-12 20:49 270720 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-05_23.46.12 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-29 22:10 . 2011-07-09 02:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-10-29 22:10 . 2011-07-05 23:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2011-07-09 02:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-07-05 23:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-07-09 02:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-07-05 23:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-07-05 23:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-09 02:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-20 18:43 . 2011-07-07 19:55 62568 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-07-05 23:30 52528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-07-08 14:13 52528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-15 17:31 . 2011-07-08 14:13 11952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1262623933-2194470734-3508545182-7439_UserData.bin + 2010-10-04 16:23 . 2011-07-09 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-04 16:23 . 2011-07-05 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-04 16:23 . 2011-07-09 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-10-04 16:23 . 2011-07-05 23:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-07-05 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-07-09 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-10-13 15:07 . 2011-07-05 23:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-13 15:07 . 2011-07-09 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-13 15:07 . 2011-07-05 23:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-10-13 15:07 . 2011-07-09 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-04-22 01:40 . 2011-07-05 23:44 3698 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat + 2011-04-22 01:40 . 2011-07-09 02:49 3698 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat + 2011-07-09 02:48 . 2011-07-09 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-07-05 23:43 . 2011-07-05 23:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-09 02:48 . 2011-07-09 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-07-05 23:43 . 2011-07-05 23:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-11-03 00:50 . 2011-07-09 01:48 242662 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-11-15 04:20 . 2011-07-08 16:54 253060 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-07-05 23:34 650792 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-07-08 17:33 650792 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-07-08 17:33 114906 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-07-05 23:34 114906 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-07-05 23:43 579544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-07-09 02:47 579544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-12-08 04:49 . 2011-07-09 02:47 3087382 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1262623933-2194470734-3508545182-7439-12288.dat - 2010-12-08 04:49 . 2011-07-05 23:25 3087382 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1262623933-2194470734-3508545182-7439-12288.dat - 2009-07-14 02:34 . 2011-07-05 20:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2011-07-08 18:32 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-02-05 1340720] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632] SketchBook Snapshot.lnk - c:\program files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-5-4 708608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600] R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-30 1436424] R4 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-04 92216] R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] R4 LISDPowerOff11;LISDPowerOff11;c:\srvany.exe [2003-04-19 8192] R4 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016] R4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016] R4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728] R4 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R4 TmPfw;OfficeScan NT Firewall;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-01-07 595960] R4 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-01-07 917768] R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x] S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952] S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128] S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-21 309840] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2010-10-21 42576] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-07-02 c:\windows\Tasks\HPCeeScheduleForharmanm.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="-HideWindow" [X] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.lisd.net/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: exemplars%20i Trusted Zone: exemplars%20ii Trusted Zone: explorelearning Trusted Zone: lisd.net Trusted Zone: lisd.net\trend Trusted Zone: magic Trusted Zone: scholastic.com\edproductsupport Trusted Zone: scholastic.com\samconnect Trusted Zone: start_here.html TCP: DhcpNameServer = 192.168.1.1 68.238.96.12 FF - ProfilePath - c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lisd.net/ FF - prefs.js: network.proxy.ftp - proxy_hs.lisd.net FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - proxy_hs.lisd.net FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - proxy_hs.lisd.net FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - proxy_hs.lisd.net FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - proxy_hs.lisd.net FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:5d,b7,5e,a2,6e,4a,f4,70,84,6b,79,1d,08,dc,88,73,9b,4d,b1,99,67, 12,44,a9,19,28,64,e9,89,c3,5d,db,69,b3,cd,49,e8,06,c9,0c,f0,ff,1c,46,bd,64,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:5d,b7,5e,a2,6e,4a,f4,70,84,6b,79,1d,08,dc,88,73,9b,4d,b1,99,67, 12,44,a9,19,28,64,e9,89,c3,5d,db,69,b3,cd,49,e8,06,c9,0c,f0,ff,1c,46,bd,64,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\mfc7032.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\windows\SysWOW64\CCM\CcmExec.exe c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2011-07-08 21:55:02 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-09 02:55 . Pre-Run: 359,934,316,544 bytes free Post-Run: 359,472,259,072 bytes free . - - End Of File - - 86CA23B956FC3771E1BDDB5567B913A0 ESET LOG///////////////////////////////////////////////////////////// ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=3131de7c1a05c04381062b32695dfd4f # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-09 04:08:23 # local_time=2011-07-08 11:08:23 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 23096269 23096269 0 0 # compatibility_mode=5893 16776573 100 94 0 61723976 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=325429 # found=11 # cleaned=11 # scan_time=3977 C:\Qoobox\Quarantine\C\Users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\harmanm\AppData\Local\Google\Chrome\User Data\Default\Default\jimimnakpbbopekohlpnapcnoibaaaio\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\harmanm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-4db2fe73 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C CHECKUP LOG /////////////////////////////////////////////////////////////// Results of screen317's Security Check version 0.99.17 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Trend Micro OfficeScan Client WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 26 Adobe Flash Player 10.3.181.34 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro OfficeScan Client pccntmon.exe ``````````End of Log```````````` I ran Defogger at the end. When I ran it, I got a defogger_disable.log. DEFOGGER////////////////////////////////////////////////////////////////////// defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:27 on 08/07/2011 (harmanm) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- I have searched about 10 phrases with Google without any redirect problems. I have Trend Micro but I am not sure it is running properly. I can't seem to manually run a scan anymore. Can you tell from the logs? Thanks for your help.
  2. Haven't heard anything for over 48 hours. Did I get forgotten?
  3. Thanks for your help. Here are the logs: MALWARE BYTES////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7030 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/5/2011 6:24:55 PM mbam-log-2011-07-05 (18-24-48).txt Scan type: Quick scan Objects scanned: 212592 Time elapsed: 1 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\programdata\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken. c:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{06653922-BA8A-4FD7-98B4-E1225DB84DA5} (Trojan.Tracur.Gen) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06653922-BA8A-4FD7-98B4-E1225DB84DA5} (Trojan.Tracur.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{06653922-BA8A-4FD7-98B4-E1225DB84DA5} (Trojan.Tracur.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06653922-BA8A-4FD7-98B4-E1225DB84DA5} (Trojan.Tracur.Gen) -> No action taken. HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\programdata\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken. c:\Windows\System32\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken. c:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken. COMBOFIX////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ComboFix 11-07-05.03 - harmanm 07/05/2011 18:37:52.2.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3951.2500 [GMT -5:00] Running from: c:\users\harmanm\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\api-ms-win-core-libraryloader-l1-1-032.dll c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b} c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome.manifest c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome\xulcache.jar c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\defaults\preferences\xulcache.js c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\install.rdf c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8} c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome.manifest c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome\xulcache.jar c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\defaults\preferences\xulcache.js c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\install.rdf c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e} c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome.manifest c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome\xulcache.jar c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\defaults\preferences\xulcache.js c:\users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\install.rdf c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b} c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome.manifest c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome\xulcache.jar c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\defaults\preferences\xulcache.js c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\install.rdf c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8} c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome.manifest c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome\xulcache.jar c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\defaults\preferences\xulcache.js c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\install.rdf c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e} c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome.manifest c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome\xulcache.jar c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\defaults\preferences\xulcache.js c:\users\printman.LISD\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\install.rdf c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b} c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome.manifest c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\chrome\xulcache.jar c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\defaults\preferences\xulcache.js c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{5afeb2fb-9a30-42b8-83d1-b4e589d49a5b}\install.rdf c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8} c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome.manifest c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\chrome\xulcache.jar c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\defaults\preferences\xulcache.js c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{76d8f701-c24a-434c-859e-d135e64149d8}\install.rdf c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e} c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome.manifest c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\chrome\xulcache.jar c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\defaults\preferences\xulcache.js c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\extensions\{f81acbe1-75bd-49f2-939a-c44c142e0a8e}\install.rdf . . ((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 ))))))))))))))))))))))))))))))) . . 2011-07-05 23:43 . 2011-07-05 23:43 -------- d-----w- c:\users\printman\AppData\Local\temp 2011-07-05 23:43 . 2011-07-05 23:43 -------- d-----w- c:\users\printman.LISD\AppData\Local\temp 2011-07-05 23:43 . 2011-07-05 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-05 23:43 . 2011-07-05 23:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-07-02 01:18 . 2011-07-02 01:18 -------- d-----w- c:\users\harmanm\AppData\Local\Google 2011-07-01 03:08 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37F122CB-80BC-42B2-AB1C-389A67EBA21F}\mpengine.dll 2011-06-30 04:46 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2011-06-30 04:11 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2011-06-30 04:00 . 2011-06-30 04:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-29 00:18 . 2011-06-29 00:18 -------- d-----w- c:\users\harmanm\AppData\Roaming\Adobe Mini Bridge CS5 2011-06-27 21:39 . 2011-06-27 21:39 557568 ----a-w- c:\windows\SysWow64\mfc7032.exe 2011-06-27 19:41 . 2011-06-27 19:41 -------- d-----w- c:\users\harmanm\AppData\Local\TechSmith 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\windows\SysWow64\QuickTime 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\programdata\TechSmith 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\program files (x86)\TechSmith 2011-06-27 19:40 . 2011-06-27 19:40 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2011-06-19 00:35 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-06-19 00:35 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-06-19 00:28 . 2011-06-19 00:28 -------- d-----w- c:\program files (x86)\MSXML 4.0 2011-06-19 00:07 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-19 00:05 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-06-19 00:05 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-06-19 00:05 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2011-06-19 00:05 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll 2011-06-19 00:05 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll 2011-06-19 00:05 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2011-06-19 00:05 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2011-06-19 00:05 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2011-06-19 00:05 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-06-19 00:05 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-06-19 00:04 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-19 00:04 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-19 00:04 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll 2011-06-19 00:04 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax 2011-06-19 00:04 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax 2011-06-19 00:04 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-19 00:04 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-19 00:04 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-19 00:02 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll 2011-06-19 00:01 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-06-19 00:00 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-06-18 23:59 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-18 23:59 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-06-18 23:59 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-06-18 23:59 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe 2011-06-17 21:21 . 2011-06-30 04:27 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-07 19:59 . 2011-06-07 22:18 -------- d-----w- c:\programdata\Alias . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-30 03:46 . 2010-10-13 15:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-29 14:11 . 2010-10-13 15:30 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 14:11 . 2010-10-13 15:30 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 00:14 . 2010-10-12 20:49 270720 ------w- c:\windows\system32\MpSigStub.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-08-31 04:32 . 3CF668E5BD74153D3B556D3D11DDD8C0 . 954288 . . [------] .. c:\windows\SysWOW64\mfc40u.dll [-] 2010-08-31 04:32 . 3CF668E5BD74153D3B556D3D11DDD8C0 . 954288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll [-] 2010-08-31 04:25 . 3CF668E5BD74153D3B556D3D11DDD8C0 . 954288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll [7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-02-05 1340720] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632] SketchBook Snapshot.lnk - c:\program files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-5-4 708608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600] R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-30 1436424] R4 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-04 92216] R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] R4 LISDPowerOff11;LISDPowerOff11;c:\srvany.exe [2003-04-19 8192] R4 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016] R4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016] R4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728] R4 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R4 TmPfw;OfficeScan NT Firewall;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-01-07 595960] R4 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-01-07 917768] R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x] S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952] S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128] S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-21 309840] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2010-10-21 42576] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-07-02 c:\windows\Tasks\HPCeeScheduleForharmanm.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="-HideWindow" [X] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.lisd.net/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: exemplars%20i Trusted Zone: exemplars%20ii Trusted Zone: explorelearning Trusted Zone: lisd.net Trusted Zone: lisd.net\trend Trusted Zone: magic Trusted Zone: scholastic.com\edproductsupport Trusted Zone: scholastic.com\samconnect Trusted Zone: start_here.html TCP: DhcpNameServer = 192.168.1.1 68.238.96.12 FF - ProfilePath - c:\users\printman\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lisd.net/ FF - prefs.js: network.proxy.ftp - proxy_hs.lisd.net FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - proxy_hs.lisd.net FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - proxy_hs.lisd.net FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - proxy_hs.lisd.net FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - proxy_hs.lisd.net FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:5d,b7,5e,a2,6e,4a,f4,70,84,6b,79,1d,08,dc,88,73,9b,4d,b1,99,67, 12,44,a9,19,28,64,e9,89,c3,5d,db,69,b3,cd,49,e8,06,c9,0c,f0,ff,1c,46,bd,64,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:5d,b7,5e,a2,6e,4a,f4,70,84,6b,79,1d,08,dc,88,73,9b,4d,b1,99,67, 12,44,a9,19,28,64,e9,89,c3,5d,db,69,b3,cd,49,e8,06,c9,0c,f0,ff,1c,46,bd,64,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\mfc7032.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\windows\SysWOW64\CCM\CcmExec.exe c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe . ************************************************************************** . Completion time: 2011-07-05 18:50:08 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-05 23:50 . Pre-Run: 362,246,893,568 bytes free Post-Run: 362,157,867,008 bytes free . - - End Of File - - F598FAA9743A73906BC511C8EEFA738C DDS ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by harmanm at 19:32:32 on 2011-07-05 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3951.2375 [GMT -5:00] . AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\SysWOW64\mfc7032.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\Wacom_Tablet.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\SysWOW64\CCM\CcmExec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\WUDFHost.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\sysWOW64\wbem\wmiprvse.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\sysWOW64\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\system32\WTablet\Wacom_TabletUser.exe C:\windows\system32\Wacom_Tablet.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\notepad.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.lisd.net/ uInternet Settings,ProxyOverride = <local> BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 3 (0x3) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: exemplars%20i Trusted Zone: exemplars%20ii Trusted Zone: explorelearning Trusted Zone: lisd.net Trusted Zone: lisd.net\trend Trusted Zone: magic Trusted Zone: scholastic.com\edproductsupport Trusted Zone: scholastic.com\samconnect Trusted Zone: start_here.html DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 68.238.96.12 TCP: Interfaces\{35080FEC-ADD5-469C-80FC-FEC65566995E} : DhcpNameServer = 74.169.48.181 TCP: Interfaces\{55376DD5-C4F6-4D88-AF81-C6F88C5FF36F} : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{55376DD5-C4F6-4D88-AF81-C6F88C5FF36F}\C4233544 : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E} : DhcpNameServer = 192.168.1.1 68.238.96.12 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\4584257657563747 : DhcpNameServer = 151.164.1.8 151.164.11.201 4.2.2.3 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\84F6C6964616970294E6E60254870727563737 : DhcpNameServer = 63.251.149.27 4.2.2.1 4.2.2.2 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\84F6C6964616970294E6E60254870727563737022427164656E647F6E60233 : DhcpNameServer = 10.61.32.1 1.1.1.1 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\C4233544 : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\C4333544 : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\C696E6B6379737 : DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lisd.net/ FF - prefs.js: network.proxy.http - proxy_hs.lisd.net FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 COMSysApp32;COM+ System Application ;C:\Windows\System32\mfc7032.exe [2011-6-27 557568] R2 Sentinel64;Sentinel64;C:\windows\system32\Drivers\Sentinel64.sys --> C:\windows\system32\Drivers\Sentinel64.sys [?] R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952] R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128] R2 TabletServiceWacom;TabletServiceWacom;C:\windows\system32\Wacom_Tablet.exe --> C:\windows\system32\Wacom_Tablet.exe [?] R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2009-9-30 309840] R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-9-30 42576] R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys --> C:\windows\system32\DRIVERS\e1k62x64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?] R3 rismcx64;RICOH Smart Card Reader;C:\windows\system32\DRIVERS\rismcx64.sys --> C:\windows\system32\DRIVERS\rismcx64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?] S2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?] S2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?] S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\windows\system32\DRIVERS\SNTUSB64.SYS --> C:\windows\system32\DRIVERS\SNTUSB64.SYS [?] S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2010-10-4 89600] S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-9-20 227896] S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-29 1436424] S4 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984] S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-4 92216] S4 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?] S4 LISDPowerOff11;LISDPowerOff11;C:\srvany.exe [2010-10-29 8192] S4 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016] S4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016] S4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728] S4 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2010-10-4 379904] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S4 TmPfw;OfficeScan NT Firewall;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-10-15 595960] S4 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-2-23 917768] S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-4 2320920] S4 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 1664304] . =============== Created Last 30 ================ . 2011-07-05 23:44:39 174592 --sha-w- C:\ProgramData\dnsapi32.dll 2011-07-05 23:36:26 98816 ----a-w- C:\windows\sed.exe 2011-07-05 23:36:26 518144 ----a-w- C:\windows\SWREG.exe 2011-07-05 23:36:26 256000 ----a-w- C:\windows\PEV.exe 2011-07-05 23:36:26 208896 ----a-w- C:\windows\MBR.exe 2011-07-02 01:18:26 -------- d-----w- C:\Users\harmanm\AppData\Local\Google 2011-07-01 03:08:28 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F122CB-80BC-42B2-AB1C-389A67EBA21F}\mpengine.dll 2011-06-30 04:46:01 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys 2011-06-30 04:11:29 189520 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys 2011-06-29 00:18:06 -------- d-----w- C:\Users\harmanm\AppData\Roaming\Adobe Mini Bridge CS5 2011-06-27 21:39:04 557568 ----a-w- C:\windows\SysWow64\mfc7032.exe 2011-06-27 19:41:45 -------- d-----w- C:\Users\harmanm\AppData\Local\TechSmith 2011-06-27 19:40:56 -------- d-----w- C:\windows\SysWow64\QuickTime 2011-06-27 19:40:32 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2011-06-19 00:35:50 367104 ----a-w- C:\windows\System32\wcncsvc.dll 2011-06-19 00:35:50 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll 2011-06-19 00:28:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2011-06-19 00:27:07 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-19 00:07:28 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe 2011-06-19 00:05:59 1739176 ----a-w- C:\windows\System32\ntdll.dll 2011-06-19 00:05:58 1293120 ----a-w- C:\windows\SysWow64\ntdll.dll 2011-06-19 00:05:22 961024 ----a-w- C:\windows\System32\CPFilters.dll 2011-06-19 00:05:22 723968 ----a-w- C:\windows\System32\EncDec.dll 2011-06-19 00:05:21 850432 ----a-w- C:\windows\SysWow64\sbe.dll 2011-06-19 00:05:21 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll 2011-06-19 00:05:21 534528 ----a-w- C:\windows\SysWow64\EncDec.dll 2011-06-19 00:05:21 259072 ----a-w- C:\windows\System32\mpg2splt.ax 2011-06-19 00:05:21 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax 2011-06-19 00:05:21 1118720 ----a-w- C:\windows\System32\sbe.dll 2011-06-19 00:04:46 499712 ----a-w- C:\windows\System32\drivers\afd.sys 2011-06-19 00:04:46 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-06-19 00:04:08 552960 ----a-w- C:\windows\System32\msdri.dll 2011-06-19 00:04:07 288256 ----a-w- C:\windows\System32\MSNP.ax 2011-06-19 00:04:07 204288 ----a-w- C:\windows\SysWow64\MSNP.ax 2011-06-19 00:04:04 461312 ----a-w- C:\windows\System32\drivers\srv.sys 2011-06-19 00:04:04 399872 ----a-w- C:\windows\System32\drivers\srv2.sys 2011-06-19 00:04:03 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys 2011-06-19 00:02:56 264192 ----a-w- C:\windows\System32\upnp.dll 2011-06-19 00:01:58 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2011-06-19 00:00:35 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-06-18 23:59:51 976896 ----a-w- C:\windows\System32\inetcomm.dll 2011-06-18 23:59:51 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll 2011-06-18 23:59:36 90624 ----a-w- C:\windows\System32\drivers\bowser.sys 2011-06-18 23:59:04 112000 ----a-w- C:\windows\System32\consent.exe 2011-06-17 21:21:08 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-07 19:59:53 -------- d-----w- C:\ProgramData\Alias . ==================== Find3M ==================== . 2011-06-30 03:46:15 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2011-05-29 14:11:30 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 14:11:20 25912 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-05-28 03:07:01 3133952 ----a-w- C:\windows\System32\win32k.sys 2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-05-25 00:14:10 270720 ------w- C:\windows\System32\MpSigStub.exe 2011-05-04 02:51:08 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys 2011-05-04 02:51:08 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys 2011-05-04 02:51:05 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys 2011-04-27 02:57:40 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys 2011-04-22 20:18:47 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys 2011-04-22 20:18:28 1197056 ----a-w- C:\windows\System32\wininet.dll 2011-04-22 20:14:08 57856 ----a-w- C:\windows\System32\licmgr10.dll 2011-04-22 19:31:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2011-04-22 19:31:26 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll 2011-04-22 18:49:57 482816 ----a-w- C:\windows\System32\html.iec 2011-04-22 18:23:59 386048 ----a-w- C:\windows\SysWow64\html.iec 2011-04-09 06:13:06 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe . ============= FINISH: 19:32:45.31 ===============
  4. I am running Windows 7 and have come up with a BHO trojan called fsharproj. I have gone into the registry and remmed out the lines, but it still is around. I was going to try system restore but my restore points have vanished. I also get a misterious temp file that keeps popping up on my desktop. It is hidden but I have turned on view hidden files. It's name is kzmdjcwejx.tmp. If I delete it, it just reappears after a few minutes. I have tried MalwareBytes without any luck. This is very annoying and any help would be appreciated. MalwareBytes Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4811 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/2/2011 6:39:35 PM mbam-log-2011-07-02 (18-39-35).txt Scan type: Full scan (C:\|) Objects scanned: 488830 Time elapsed: 1 hour(s), 18 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------------------------------------------- DDS Log . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by harmanm at 18:47:49 on 2011-07-02 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3951.2541 [GMT -5:00] . AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\SysWOW64\mfc7032.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\Wacom_Tablet.exe C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\SysWOW64\CCM\CcmExec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\msiexec.exe C:\windows\sysWOW64\wbem\wmiprvse.exe C:\windows\sysWOW64\wbem\wmiprvse.exe C:\windows\system32\wbem\WmiApSrv.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\sysWOW64\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\system32\WTablet\Wacom_TabletUser.exe C:\windows\system32\Wacom_Tablet.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\windows\system32\sppsvc.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.lisd.net/ uInternet Settings,ProxyOverride = <local> BHO: {06653922-ba8a-4fd7-98b4-e1225db84da5} - C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-032.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 3 (0x3) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: exemplars%20i Trusted Zone: exemplars%20ii Trusted Zone: explorelearning Trusted Zone: lisd.net Trusted Zone: lisd.net\trend Trusted Zone: magic Trusted Zone: scholastic.com\edproductsupport Trusted Zone: scholastic.com\samconnect Trusted Zone: start_here.html DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 68.238.96.12 TCP: Interfaces\{35080FEC-ADD5-469C-80FC-FEC65566995E} : DhcpNameServer = 74.169.48.181 TCP: Interfaces\{55376DD5-C4F6-4D88-AF81-C6F88C5FF36F} : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{55376DD5-C4F6-4D88-AF81-C6F88C5FF36F}\C4233544 : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E} : DhcpNameServer = 192.168.1.1 68.238.96.12 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\4584257657563747 : DhcpNameServer = 151.164.1.8 151.164.11.201 4.2.2.3 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\84F6C6964616970294E6E60254870727563737 : DhcpNameServer = 63.251.149.27 4.2.2.1 4.2.2.2 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\84F6C6964616970294E6E60254870727563737022427164656E647F6E60233 : DhcpNameServer = 10.61.32.1 1.1.1.1 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\C4233544 : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\C4333544 : DhcpNameServer = 192.168.50.245 192.168.50.50 192.168.50.51 192.168.51.50 TCP: Interfaces\{6245F57F-3E69-4FA6-AF2B-6B76FE10A26E}\C696E6B6379737 : DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-032.dll BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\harmanm\AppData\Roaming\Mozilla\Firefox\Profiles\4xegg50z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lisd.net/ FF - prefs.js: network.proxy.http - proxy_hs.lisd.net FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 COMSysApp32;COM+ System Application ;C:\Windows\System32\mfc7032.exe [2011-6-27 557568] R2 Sentinel64;Sentinel64;C:\windows\system32\Drivers\Sentinel64.sys --> C:\windows\system32\Drivers\Sentinel64.sys [?] R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952] R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128] R2 TabletServiceWacom;TabletServiceWacom;C:\windows\system32\Wacom_Tablet.exe --> C:\windows\system32\Wacom_Tablet.exe [?] R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2009-9-30 309840] R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2009-9-30 42576] R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys --> C:\windows\system32\DRIVERS\e1k62x64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?] R3 rismcx64;RICOH Smart Card Reader;C:\windows\system32\DRIVERS\rismcx64.sys --> C:\windows\system32\DRIVERS\rismcx64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?] S2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?] S2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?] S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\windows\system32\DRIVERS\SNTUSB64.SYS --> C:\windows\system32\DRIVERS\SNTUSB64.SYS [?] S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2010-10-4 89600] S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-9-20 227896] S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-29 1436424] S4 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984] S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-4 92216] S4 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?] S4 LISDPowerOff11;LISDPowerOff11;C:\srvany.exe [2010-10-29 8192] S4 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016] S4 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016] S4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728] S4 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2010-10-4 379904] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S4 TmPfw;OfficeScan NT Firewall;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2010-10-15 595960] S4 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-2-23 917768] S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-4 2320920] S4 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 1664304] . =============== Created Last 30 ================ . 2011-07-02 01:18:26 -------- d-----w- C:\Users\harmanm\AppData\Local\Google 2011-07-01 18:58:13 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-01 18:53:08 557568 ----a-w- C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.exe 2011-07-01 04:43:45 162304 --sha-w- C:\ProgramData\api-ms-win-core-libraryloader-l1-1-032.dll 2011-07-01 04:36:54 98816 ----a-w- C:\windows\sed.exe 2011-07-01 04:36:54 518144 ----a-w- C:\windows\SWREG.exe 2011-07-01 04:36:54 256000 ----a-w- C:\windows\PEV.exe 2011-07-01 04:36:54 208896 ----a-w- C:\windows\MBR.exe 2011-07-01 04:36:50 -------- d-----w- C:\ComboFix 2011-07-01 03:08:28 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F122CB-80BC-42B2-AB1C-389A67EBA21F}\mpengine.dll 2011-06-30 04:46:01 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys 2011-06-30 04:11:29 189520 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys 2011-06-29 00:18:06 -------- d-----w- C:\Users\harmanm\AppData\Roaming\Adobe Mini Bridge CS5 2011-06-27 21:39:04 557568 ----a-w- C:\windows\SysWow64\mfc7032.exe 2011-06-27 21:39:04 359424 ----a-w- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-032.dll 2011-06-27 19:41:45 -------- d-----w- C:\Users\harmanm\AppData\Local\TechSmith 2011-06-27 19:40:56 -------- d-----w- C:\windows\SysWow64\QuickTime 2011-06-27 19:40:32 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2011-06-19 00:35:50 367104 ----a-w- C:\windows\System32\wcncsvc.dll 2011-06-19 00:35:50 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll 2011-06-19 00:28:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2011-06-19 00:27:07 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-19 00:07:28 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe 2011-06-19 00:05:59 1739176 ----a-w- C:\windows\System32\ntdll.dll 2011-06-19 00:05:58 1293120 ----a-w- C:\windows\SysWow64\ntdll.dll 2011-06-19 00:05:22 961024 ----a-w- C:\windows\System32\CPFilters.dll 2011-06-19 00:05:22 723968 ----a-w- C:\windows\System32\EncDec.dll 2011-06-19 00:05:21 850432 ----a-w- C:\windows\SysWow64\sbe.dll 2011-06-19 00:05:21 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll 2011-06-19 00:05:21 534528 ----a-w- C:\windows\SysWow64\EncDec.dll 2011-06-19 00:05:21 259072 ----a-w- C:\windows\System32\mpg2splt.ax 2011-06-19 00:05:21 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax 2011-06-19 00:05:21 1118720 ----a-w- C:\windows\System32\sbe.dll 2011-06-19 00:04:46 499712 ----a-w- C:\windows\System32\drivers\afd.sys 2011-06-19 00:04:46 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-06-19 00:04:08 552960 ----a-w- C:\windows\System32\msdri.dll 2011-06-19 00:04:07 288256 ----a-w- C:\windows\System32\MSNP.ax 2011-06-19 00:04:07 204288 ----a-w- C:\windows\SysWow64\MSNP.ax 2011-06-19 00:04:04 461312 ----a-w- C:\windows\System32\drivers\srv.sys 2011-06-19 00:04:04 399872 ----a-w- C:\windows\System32\drivers\srv2.sys 2011-06-19 00:04:03 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys 2011-06-19 00:02:56 264192 ----a-w- C:\windows\System32\upnp.dll 2011-06-19 00:01:58 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2011-06-19 00:00:35 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-06-18 23:59:51 976896 ----a-w- C:\windows\System32\inetcomm.dll 2011-06-18 23:59:51 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll 2011-06-18 23:59:36 90624 ----a-w- C:\windows\System32\drivers\bowser.sys 2011-06-18 23:59:04 112000 ----a-w- C:\windows\System32\consent.exe 2011-06-17 21:21:08 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-07 19:59:53 -------- d-----w- C:\ProgramData\Alias . ==================== Find3M ==================== . 2011-06-30 03:46:15 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-05-28 03:07:01 3133952 ----a-w- C:\windows\System32\win32k.sys 2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-05-25 00:14:10 270720 ------w- C:\windows\System32\MpSigStub.exe 2011-05-04 02:51:08 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys 2011-05-04 02:51:08 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys 2011-05-04 02:51:05 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys 2011-04-27 02:57:40 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys 2011-04-22 20:18:47 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys 2011-04-22 20:18:28 1197056 ----a-w- C:\windows\System32\wininet.dll 2011-04-22 20:14:08 57856 ----a-w- C:\windows\System32\licmgr10.dll 2011-04-22 19:31:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2011-04-22 19:31:26 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll 2011-04-22 18:49:57 482816 ----a-w- C:\windows\System32\html.iec 2011-04-22 18:23:59 386048 ----a-w- C:\windows\SysWow64\html.iec 2011-04-09 06:13:06 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe . ============= FINISH: 18:49:02.43 =============== attach.zip
  5. I see I did not post using the proper method. Ignore this and I will post again.
  6. I am running Windows 7 and have come up with a BHO trojan called fsharproj. I have gone into the registry and remmed out the lines, but it still is around. I was going to try system restore but my restore points have vanished. I also get a misterious temp file that keeps popping up on my desktop. It is hidden but I have turned on view hidden files. It's name is kzmdjcwejx.tmp. If I delete it, it just reappears after a few minutes. I have tried MalwareBytes and ComboFix without any luck. This is very annoying and any help would be appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.