Jump to content

Webcam was turned on suddenly!

jukieat

By jukieat
in Resolved Malware Removal Logs

 Share

Recommended Posts

jukieat

jukieat

Posted
Posted

Merged post

We look for post with 0 replies, so when you reply to your own topic, we assume you were being helped.

Hi,

I'm afraid of being infected. My laptop's webcam was turned on suddenly. After that, I opened Yahoo Messenger and turn on and off my webcam manually. I think it is OK. But now I lose settings that started my VPN software with administrator rights. Without that, I'm not protected against secret surveillance. And I can't access to Intel Graphics Properties via right click on Intel Graphics tray icon.

So I decide to put my HijackThis log here. I hope you guys can help me identify any threat in my laptop. Thanks.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:05:53 AM, on 4/27/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\IDriveWindows\idwbg_501.exe

C:\Program Files (x86)\IDriveWindows\idwmonitor.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe"

O4 - HKLM\..\Run: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [GoTiengViet] "D:\Setup\Office\GoTiengViet1\GoTiengViet64.exe" /RunAtLogin

O4 - HKCU\..\Run: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe"

O4 - HKCU\..\Run: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}: NameServer = 198.153.192.50,198.153.194.50

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IDriveService - Unknown owner - C:\Program Files (x86)\IDriveWindows\idwservice_501.exe

O23 - Service: IDWAdmin - Unknown owner - C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: tuEagles Service (tuEaglesService) - Unknown owner - C:\Program Files (x86)\tuEagles\eglsrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WinMagic SecureDoc Service - WinMagic Inc. - C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14401 bytes

Here is the DDS log. I am very appreciated that anyone here can help me :)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1

Run by Martin at 0:25:06 on 2012-04-27

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.914 [GMT 7:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\tuEagles\eglsrv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\CISVC.EXE

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Program Files (x86)\IDriveWindows\idwservice_501.exe

C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe

C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\tuEagles\eaglesvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\tuEagles\EaglePrx.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\BatteryCare\BatteryCare.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Setup\Office\GoTiengViet1\GoTiengViet64.exe

C:\Program Files (x86)\IDriveWindows\idwbg_501.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\IDriveWindows\idw_web.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\IDriveWindows\idwmonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = about:blank

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [GoTiengViet] "D:\Setup\Office\GoTiengViet1\GoTiengViet64.exe" /RunAtLogin

uRun: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe"

uRun: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

mRun: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe"

mRun: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min

dRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

TCP: DhcpNameServer = 208.67.222.123 208.67.220.123

TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29} : NameServer = 198.153.192.50,198.153.194.50

TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29} : DhcpNameServer = 208.67.222.123 208.67.220.123

TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\05564727F6C696D656870264C6F6F6270213 : NameServer = 198.153.192.50,198.153.194.50

TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\05564727F6C696D656870264C6F6F6270213 : DhcpNameServer = 10.59.254.1 10.0.0.203 10.0.0.201

TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\13038302855716E60244965657 : NameServer = 198.153.192.50,198.153.194.50

TCP: Interfaces\{691760D7-40D1-4D8B-AAB5-FE5350CB9C29}\13038302855716E60244965657 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A8481C7C-56FC-4F49-B0D0-495788FD45EC} : DhcpNameServer = 204.152.204.10 204.152.204.100

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: N/A: {a5be62ca-de0f-4764-a0cb-4044816db174} - C:\PROGRA~2\tuEagles\EagleObj.dll

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

BHO-X64: Babylon IE plugin - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

BHO-X64: link filter bho - No File

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

mRun-x64: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe"

mRun-x64: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min

mRunOnce-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRunOnce-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRunOnce-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRunOnce-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRunOnce-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRunOnce-x64: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

mRunOnce-x64: [iDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_501.exe"

mRunOnce-x64: [iDrive Monitor] "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

SEH-X64: : {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\PROGRA~2\tuEagles\EagleObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2im1zf05.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\system32\npdeployJava1.dll

FF - plugin: C:\Windows\system32\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PinFile;PinFile;C:\Windows\system32\DRIVERS\PinFile.sys --> C:\Windows\system32\DRIVERS\PinFile.sys [?]

R0 SDDisk2K;SDDisk2K;C:\Windows\system32\DRIVERS\SDDisk2K.sys --> C:\Windows\system32\DRIVERS\SDDisk2K.sys [?]

R0 SDDToki;SDDToki;C:\Windows\system32\DRIVERS\SDDToki.sys --> C:\Windows\system32\DRIVERS\SDDToki.sys [?]

R0 SDDVD;SDDVD;C:\Windows\system32\DRIVERS\SDDVD.sys --> C:\Windows\system32\DRIVERS\SDDVD.sys [?]

R0 SDUPC;SDUPC;C:\Windows\system32\DRIVERS\SDUPC.sys --> C:\Windows\system32\DRIVERS\SDUPC.sys [?]

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-4-13 409232]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-30 13592]

R2 IDriveService;IDriveService;C:\Program Files (x86)\IDriveWindows\idwservice_501.exe [2012-4-10 181728]

R2 IDWAdmin;IDWAdmin;C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe [2012-4-10 124384]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-3-25 204304]

R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2012-3-29 227896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2012-4-5 14544]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 egldrv;egldrv;C:\Program Files (x86)\tuEagles\egldrv.sys [2012-4-23 67480]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\system32\DRIVERS\cmnsusbser.sys --> C:\Windows\system32\DRIVERS\cmnsusbser.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

.

=============== Created Last 30 ================

.

2012-04-26 17:00:29 388096 ----a-r- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-26 17:00:29 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-04-26 06:12:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63951FE7-97A2-48F4-B710-8D85909728AD}\offreg.dll

2012-04-25 16:43:21 -------- d-----w- C:\Windows\System32\appmgmt

2012-04-25 02:25:39 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63951FE7-97A2-48F4-B710-8D85909728AD}\mpengine.dll

2012-04-23 05:52:03 122760 ----a-w- C:\Windows\NFCHS.exe

2012-04-23 05:51:55 -------- d-sh--r- C:\Program Files (x86)\tuEagles

2012-04-21 16:56:39 -------- d-----w- C:\Users\Martin\AppData\Roaming\TeamViewer

2012-04-18 03:20:56 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-04-16 16:45:24 -------- d-----w- C:\IBWINTEMP

2012-04-16 14:41:21 -------- d-----w- C:\IBCOMMON

2012-04-16 12:43:22 -------- d-----w- C:\Program Files\COMODO

2012-04-15 01:50:41 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-11 01:03:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-11 01:03:29 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-11 01:03:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-11 00:59:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 00:59:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 00:59:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 00:59:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 00:59:24 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 00:59:24 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 00:59:24 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-10 05:55:39 -------- d-----w- C:\IDrive

2012-04-10 05:15:30 -------- d-----w- C:\Program Files (x86)\cygdrive

2012-04-10 05:14:50 -------- d-----w- C:\Windows\SysWow64\IBCOMMON

2012-04-10 05:14:10 -------- d-----w- C:\Users\Martin\AppData\Local\IDrive

2012-04-10 05:13:02 644400 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-04-10 05:13:02 533776 ----a-w- C:\Windows\SysWow64\msxml.dll

2012-04-10 05:13:02 24064 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-04-10 05:13:02 140288 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX

2012-04-10 05:13:02 108336 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX

2012-04-10 05:13:01 94208 ----a-w- C:\Windows\SysWow64\IBColIml.ocx

2012-04-10 05:13:01 40960 ----a-w- C:\Windows\SysWow64\IBSSubTmr.dll

2012-04-10 05:13:01 103184 ----a-w- C:\Windows\SysWow64\asctrls.ocx

2012-04-10 05:13:01 -------- d-----w- C:\Program Files (x86)\IDriveWindows

2012-04-09 17:24:47 -------- d-----w- C:\Users\Martin\AppData\Roaming\ElephantDrive

2012-04-09 16:56:18 -------- d-----w- C:\Users\Martin\AppData\Roaming\Wuala

2012-04-09 16:55:45 -------- d-----w- C:\Users\Martin\AppData\Local\Wuala

2012-04-07 12:54:38 -------- d-----w- C:\Users\Martin\AppData\Roaming\Synaptics

2012-04-07 08:37:41 -------- d-----w- C:\VideoOutput

2012-04-07 07:34:47 -------- d-----w- C:\ProgramData\PDFC

2012-04-07 06:52:11 -------- d-----w- C:\Users\Martin\AppData\Local\PDFC

2012-04-07 05:03:59 -------- d-----w- C:\ProgramData\Synaptics

2012-04-07 05:03:29 274728 ----a-w- C:\Windows\System32\SynCtrl.dll

2012-04-07 05:03:29 225576 ----a-w- C:\Windows\System32\SynTPAPI.dll

2012-04-07 05:03:29 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll

2012-04-07 05:03:29 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll

2012-04-07 05:03:29 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll

2012-04-07 05:03:28 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll

2012-04-07 05:03:28 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2012-04-07 05:03:27 1424944 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2012-04-06 12:14:47 -------- d-----w- C:\Program Files\WinMagic

2012-04-05 01:46:30 -------- d-----w- C:\Users\Martin\AppData\Roaming\BatteryCare

2012-04-05 01:45:56 -------- d-----w- C:\Program Files (x86)\BatteryCare

2012-04-04 02:07:23 -------- d-----w- C:\Users\Martin\AppData\Roaming\uTorrent

2012-04-03 08:00:47 -------- d-----w- C:\Users\Martin\AppData\Roaming\.purple

2012-04-02 17:58:01 -------- d-----w- C:\Program Files (x86)\pidgin-otr

2012-04-02 17:53:33 -------- d-----w- C:\Program Files (x86)\Pidgin

2012-03-31 14:21:53 -------- d-----w- C:\Program Files (x86)\Garena Classic

2012-03-31 03:26:10 -------- d-----w- C:\Users\Martin\AppData\Local\Comodo

2012-03-31 03:26:00 -------- d-----w- C:\Program Files (x86)\Comodo

2012-03-31 03:25:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-03-31 03:25:34 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-03-30 18:01:19 -------- d-----w- C:\ProgramData\TrueCrypt

2012-03-30 17:20:25 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2012-03-30 16:51:51 -------- d-----w- C:\Windows\pss

2012-03-30 13:21:16 -------- d-----w- C:\Users\Martin\AppData\Local\Apps

2012-03-30 12:46:09 -------- d-----w- C:\Program Files (x86)\Oracle

2012-03-30 12:45:27 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-03-30 11:27:41 -------- d-----w- C:\Program Files (x86)\NextUp-ScanSoft

2012-03-30 11:24:37 -------- d-----w- C:\Program Files (x86)\NeoSpeech

2012-03-30 11:11:40 -------- d-----w- C:\Users\Martin\AppData\Local\Babylon

2012-03-30 11:11:30 142336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\BabyFox.dll

2012-03-30 11:11:23 -------- d-----w- C:\Program Files (x86)\Babylon

2012-03-30 11:11:08 -------- d-----w- C:\Users\Martin\AppData\Roaming\Babylon

2012-03-30 11:11:08 -------- d-----w- C:\ProgramData\Babylon

2012-03-30 11:08:36 -------- d-----w- C:\Users\Martin\AppData\Local\{BC3D31C5-181C-4856-A140-6E2A58C46ADF}

2012-03-30 11:07:50 -------- d-----w- C:\Program Files (x86)\Mobipocket.com

2012-03-30 10:01:08 -------- d-----w- C:\Users\Martin\AppData\Roaming\JonDo

2012-03-30 09:52:44 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-30 09:49:37 -------- d-----w- C:\Program Files (x86)\JonDo

2012-03-30 09:14:54 -------- d-----w- C:\Program Files (x86)\OpenVPN

2012-03-30 09:10:04 -------- d-----w- C:\Program Files (x86)\OpenVPN Technologies

2012-03-30 04:16:16 117888 ----a-w- C:\Windows\System32\drivers\cmnsusbser.sys

2012-03-30 04:15:16 -------- d-----w- C:\Program Files (x86)\HSPA MODEM

2012-03-30 04:13:42 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-03-30 04:13:41 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-03-30 04:13:40 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-03-30 04:13:40 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-03-30 04:13:40 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-03-30 04:13:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-03-30 04:13:37 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-03-30 04:13:15 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-03-30 04:13:05 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-03-30 03:30:22 41136 ----a-w- C:\Windows\System32\drivers\sncduvc.sys

2012-03-30 03:30:22 312368 ----a-w- C:\Windows\System32\csnp2uvc.dll

2012-03-30 03:30:22 27184 ----a-w- C:\Windows\snuvcdsm.exe

2012-03-30 03:30:22 186928 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll

2012-03-30 03:30:22 1848496 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys

2012-03-30 03:30:22 183856 ----a-w- C:\Windows\System32\rsnp2uvc.dll

2012-03-30 03:30:21 -------- d-----w- C:\Program Files (x86)\Common Files\SNP2UVC

2012-03-30 03:27:42 -------- d-----w- C:\Users\Martin\AppData\Local\Broadcom

2012-03-30 03:26:46 -------- d-----w- C:\Program Files (x86)\HP Webcam Application

2012-03-30 03:26:37 61440 ------w- C:\Windows\SysWow64\agrsmdel.exe

2012-03-30 03:26:37 14848 ------w- C:\Windows\SysWow64\agrsco64.dll

2012-03-30 03:26:37 13824 ------w- C:\Windows\SysWow64\agrscoin.dll

2012-03-30 03:26:28 -------- d-----w- C:\Program Files\LSI SoftModem

2012-03-30 03:25:16 -------- d-----w- C:\Windows\Options

2012-03-30 03:25:04 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys

2012-03-30 03:25:04 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys

2012-03-30 03:25:04 21160 ----a-w- C:\Windows\System32\drivers\btwrchid.sys

2012-03-30 03:25:04 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys

2012-03-30 03:22:59 -------- d-----w- C:\Program Files (x86)\Marvell

2012-03-30 03:22:24 -------- d-----w- C:\Program Files\WIDCOMM

2012-03-30 03:20:44 -------- d-----w- C:\system.sav

2012-03-30 03:19:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2012-03-30 03:19:07 -------- d-----w- C:\Users\Martin\AppData\Roaming\Intel Corporation

2012-03-30 03:01:14 559384 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-03-30 02:59:01 -------- d-----w- C:\Program Files (x86)\SCM Microsystems

2012-03-30 02:58:24 -------- d-----w- C:\Windows\Downloaded Installations

2012-03-30 02:42:27 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2012-03-30 00:12:04 -------- d-----w- C:\Windows\Panther

2012-03-30 00:11:49 -------- d-sh--w- C:\Boot

2012-03-29 14:24:43 -------- d-----w- C:\Users\Martin\AppData\Local\Apple Computer

2012-03-29 14:22:41 -------- dc----w- C:\Users\Martin\AppData\Local\MigWiz

2012-03-29 14:15:54 32768 ----a-w- C:\Windows\SysWow64\adidrm.dll

2012-03-29 14:15:53 60928 ----a-w- C:\Windows\SysWow64\SFFXComm.dll

2012-03-29 14:15:15 -------- d-----w- C:\ProgramData\SonicFocus

2012-03-29 14:07:54 -------- d-----w- C:\SwSetup

2012-03-29 14:07:25 -------- d-----w- C:\ProgramData\NortonInstaller

2012-03-29 14:04:45 -------- d-----w- C:\ProgramData\Norton

2012-03-29 13:56:53 -------- d-----w- C:\Windows\en

2012-03-29 13:51:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-03-29 13:51:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-03-29 13:51:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-03-29 13:51:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-03-29 13:51:06 -------- d-----w- C:\Windows\AutoKMS

2012-03-29 13:50:13 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-03-29 13:50:13 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-03-29 13:49:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c782e9c71cd0db207\DSETUP.dll

2012-03-29 13:49:38 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c782e9c71cd0db207\DXSETUP.exe

2012-03-29 13:49:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c782e9c71cd0db207\dsetup32.dll

2012-03-29 13:49:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c308c28f1cd0db206\DXSETUP.exe

2012-03-29 13:49:31 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c308c28f1cd0db206\DSETUP.dll

2012-03-29 13:49:31 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c308c28f1cd0db206\dsetup32.dll

2012-03-29 13:47:01 -------- d-----w- C:\Users\Martin\AppData\Local\Windows Live

2012-03-29 13:46:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-03-29 13:46:46 -------- d-----w- C:\Users\Martin\AppData\Local\Google

2012-03-29 13:24:19 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-03-29 12:45:24 -------- d-----r- C:\Program Files (x86)\Skype

2012-03-29 12:43:32 -------- d-----w- C:\Users\Martin\AppData\Roaming\hpqLog

2012-03-29 12:42:59 -------- d-----w- C:\Program Files\CCleaner

2012-03-29 12:40:56 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2012-03-29 12:37:15 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2012-03-29 12:37:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-03-29 12:37:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-03-29 12:37:12 180224 ----a-w- C:\Windows\SysWow64\QTCF.dll

2012-03-29 12:37:10 -------- d-----w- C:\Program Files (x86)\QT Lite

2012-03-29 12:35:59 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-29 12:35:59 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-29 12:34:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-03-29 12:34:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-03-29 12:34:51 -------- d-----w- C:\Program Files (x86)\Real Alternative

2012-03-29 12:26:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2012-03-29 12:26:00 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2012-03-29 12:26:00 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2012-03-29 12:26:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2012-03-29 12:26:00 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2012-03-29 12:26:00 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2012-03-29 12:26:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2012-03-29 12:13:14 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll

2012-03-29 12:13:14 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll

2012-03-29 12:12:56 -------- d-----w- C:\Program Files\Common Files\Nitro PDF

2012-03-29 12:12:55 -------- d-----w- C:\Program Files (x86)\Nitro PDF

2012-03-29 12:12:55 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF

2012-03-29 12:12:09 -------- d-----w- C:\Users\Martin\AppData\Roaming\SUPERAntiSpyware.com

2012-03-29 12:11:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-29 12:11:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-29 12:11:26 -------- d-----w- C:\Users\Martin\AppData\Roaming\Downloaded Installations

2012-03-29 11:48:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2012-03-29 11:48:20 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2012-03-29 11:40:29 -------- d-----w- C:\Users\Martin\AppData\Roaming\abelhadigital.com

2012-03-29 11:40:29 -------- d-----w- C:\ProgramData\abelhadigital.com

2012-03-29 11:37:47 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-03-29 11:37:32 -------- d-----w- C:\Windows\PCHEALTH

2012-03-29 11:37:32 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-03-29 11:34:24 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-03-29 11:33:47 -------- d-----w- C:\Users\Martin\AppData\Local\Microsoft Help

2012-03-29 11:19:12 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-03-29 11:19:12 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-03-29 11:08:01 -------- d-----w- C:\Users\Martin\AppData\Local\Mozilla

2012-03-29 10:43:58 -------- d-----w- C:\Windows\SysWow64\Wat

2012-03-29 10:43:58 -------- d-----w- C:\Windows\System32\Wat

2012-03-29 10:36:57 -------- d-----w- C:\Program Files (x86)\Analog Devices

2012-03-29 10:34:34 -------- d-----w- C:\Intel

2012-03-29 10:29:33 -------- d-----w- C:\ProgramData\TrueSuite

2012-03-29 10:29:31 -------- d-----w- C:\Windows\System32\wocaffe

2012-03-29 10:29:31 -------- d-----w- C:\Program Files\TrueSuite

2012-03-29 10:29:28 -------- d-----w- C:\ProgramData\Downloaded Installations

2012-03-29 10:22:42 -------- d-----w- C:\Program Files\Synaptics

2012-03-29 10:13:38 -------- d-sh--w- C:\Windows\Installer

2012-03-29 10:13:09 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll

2012-03-29 10:13:09 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys

2012-03-29 10:13:09 11264 ----a-w- C:\Windows\System32\drivers\CPQBttn64.sys

2012-03-29 10:13:08 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll

2012-03-29 10:13:08 1885488 ----a-r- C:\Windows\SysWow64\BttnCmn.dll

2012-03-29 10:13:02 -------- d-----w- C:\Windows\QLB

2012-03-29 10:04:34 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-29 10:04:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-29 10:04:34 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-03-29 09:57:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-03-29 09:56:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-03-29 09:56:58 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2012-03-29 09:56:58 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2012-03-29 09:56:58 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2012-03-29 09:56:56 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-03-29 09:56:19 642944 ----a-w- C:\Windows\System32\winload.efi

2012-03-29 09:56:19 605552 ----a-w- C:\Windows\System32\winload.exe

2012-03-29 09:56:19 566208 ----a-w- C:\Windows\System32\winresume.efi

2012-03-29 09:56:19 518672 ----a-w- C:\Windows\System32\winresume.exe

2012-03-29 09:56:19 20352 ----a-w- C:\Windows\System32\kdusb.dll

2012-03-29 09:56:19 19328 ----a-w- C:\Windows\System32\kd1394.dll

2012-03-29 09:56:19 17792 ----a-w- C:\Windows\System32\kdcom.dll

2012-03-29 09:54:38 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-29 09:54:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-29 09:51:11 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-29 09:45:39 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-29 09:45:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-29 09:45:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-29 09:45:34 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-29 09:45:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-29 09:45:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-29 09:45:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

.

==================== Find3M ====================

.

2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2012-03-08 11:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 03:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-14 05:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 0:31:14.85 ===============

Link to post
Share on other sites
  • 2 weeks later...
Elise

Elise

Posted
Posted

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.