Jump to content

SAGA Contiunes MBAM Freeze Computer/Mozilla Hijacked


kp4cel

Recommended Posts

Hello again, I have the paid version of MBAM it won't run and freeze comptuer. Also when performing searches on mozilla the result of the searches will redirect to a different site see HJT and attached file.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Administrator at 5:19:02.98 on Sun 12/27/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2059 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091226-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\FortiSslvpnDaemon.exe

C:\Program Files\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\bin\SanaSafeConnect.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ProWin09\32bit\TaskSch.exe

C:\Program Files\TrueCrypt\TrueCrypt.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\bin\SanaMonitor.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Logitech\Logitech Vid\vid.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Logitech\Z Cinema\Z Cinema.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TaskScheduler] c:\prowin09\32bit\TaskSch.exe

uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences

uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [setRefresh] "c:\program files\compaq\setrefresh\SetRefresh.exe"

mRun: [Recguard] "c:\windows\sminst\Recguard.exe"

mRun: [scheduler] "c:\windows\sminst\Scheduler.exe"

mRun: [hpbdfawep] "c:\program files\hp\dfawep\bin\hpbdfawep.exe" 1

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"

mRun: [iSUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [sanaSafeConnect] "c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnect.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [PfuSsSct.exe] c:\program files\pfu\scansnap\PfuSsSct.exe /Station

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder v3.1\CardLauncher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zcinem~1.lnk - c:\windows\installer\{ee885042-228a-446f-a30d-64ecbdc93859}\StartupShortcut_EE885042228A446FA30D64ECBDC93859.exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261274835859

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259192416484

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224112386268&h=3f9ddb50c5ec02c03b68e5db69c997ed/&filename=jinstall-6u7-windows-i586-jc.cab

DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://24.173.141.242:10443/sslvpn.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: ?????SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\gfc11asd.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/

FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\gfc11asd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll

FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {18971506-0728-4656-9122-98FBA44A8C38} - c:\documents and settings\administrator\local settings\application data\{18971506-0728-4656-9122-98FBA44A8C38}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-16 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-16 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-16 138680]

R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2009-3-9 510496]

R2 HRD RemoteSvr;Ham Radio Deluxe Remote Server;c:\program files\amateur radio\ham radio deluxe\HRDRemoteSvr.exe [2009-5-22 196608]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-29 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-25 276816]

R2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\trustedid\identity theft protection\agent\bin\SanaAgent.exe [2008-3-21 4937240]

R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnectWatcher.exe [2008-3-21 539160]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-16 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-16 352920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-25 19160]

R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2007-12-11 36384]

R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectDriver.sys [2008-3-21 161304]

R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectFilter.sys [2008-3-21 29720]

R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectShim.sys [2008-3-21 27376]

R3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2009-5-6 21392]

S3 aswArKrn;aswArKrn;\??\c:\docume~1\admini~1\locals~1\temp\aswarkrn.sys --> c:\docume~1\admini~1\locals~1\temp\aswArKrn.sys [?]

S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\common files\intuit\fuse\service\Intuit Fuse Service.exe [2008-11-15 72704]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-12-27 10:17:58 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2009-12-26 14:18:59 0 d-----w- c:\program files\Spybot - Search & Destroy

2009-12-26 14:18:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-12-25 17:32:05 0 d-----w- c:\program files\ESET

2009-12-25 16:20:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-25 16:20:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-25 16:20:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-20 02:35:21 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2009-12-18 21:50:37 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-12-18 21:50:37 0 d-----w- c:\documents and settings\administrator\log

2009-12-16 12:43:37 0 ----a-w- c:\windows\Xdihuliwoluwaru.bin

2009-12-16 12:43:36 120 ----a-w- c:\windows\Htiqi.dat

2009-12-16 12:34:53 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2009-12-16 12:34:53 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2009-12-16 12:34:39 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2009-12-16 12:34:39 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys

2009-12-16 12:34:35 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2009-12-16 12:34:35 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2009-12-16 12:34:07 8 ----a-w- c:\docume~1\admini~1\applic~1\avdrn.dat

2009-12-07 00:37:44 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2009-12-07 00:34:01 0 d-----w- C:\ProWin09

2009-11-30 05:08:52 244 ---ha-w- C:\sqmnoopt10.sqm

2009-11-30 05:08:52 232 ---ha-w- C:\sqmdata10.sqm

2009-11-28 18:29:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion

==================== Find3M ====================

2009-12-27 00:42:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-12-27 00:42:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-11-27 17:18:15 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2009-11-07 15:11:35 163738 ----a-w- c:\windows\fonts\AdobeFnt08.lst

2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-10-01 22:03:09 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2009-10-01 22:03:08 87352 ----a-w- c:\windows\system32\LMIinit.dll

2009-10-01 22:03:08 28984 ----a-w- c:\windows\system32\LMIport.dll

============= FINISH: 5:19:39.17 ===============

Link to post
Share on other sites

Attachement

Hello again, I have the paid version of MBAM it won't run and freeze comptuer. Also when performing searches on mozilla the result of the searches will redirect to a different site see HJT and attached file.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Administrator at 5:19:02.98 on Sun 12/27/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2059 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091226-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\FortiSslvpnDaemon.exe

C:\Program Files\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\bin\SanaSafeConnect.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ProWin09\32bit\TaskSch.exe

C:\Program Files\TrueCrypt\TrueCrypt.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\bin\SanaMonitor.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Logitech\Logitech Vid\vid.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Logitech\Z Cinema\Z Cinema.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TaskScheduler] c:\prowin09\32bit\TaskSch.exe

uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences

uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [setRefresh] "c:\program files\compaq\setrefresh\SetRefresh.exe"

mRun: [Recguard] "c:\windows\sminst\Recguard.exe"

mRun: [scheduler] "c:\windows\sminst\Scheduler.exe"

mRun: [hpbdfawep] "c:\program files\hp\dfawep\bin\hpbdfawep.exe" 1

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"

mRun: [iSUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [sanaSafeConnect] "c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnect.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [PfuSsSct.exe] c:\program files\pfu\scansnap\PfuSsSct.exe /Station

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder v3.1\CardLauncher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zcinem~1.lnk - c:\windows\installer\{ee885042-228a-446f-a30d-64ecbdc93859}\StartupShortcut_EE885042228A446FA30D64ECBDC93859.exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261274835859

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259192416484

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224112386268&h=3f9ddb50c5ec02c03b68e5db69c997ed/&filename=jinstall-6u7-windows-i586-jc.cab

DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://24.173.141.242:10443/sslvpn.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: ?????SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\gfc11asd.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/

FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\gfc11asd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll

FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {18971506-0728-4656-9122-98FBA44A8C38} - c:\documents and settings\administrator\local settings\application data\{18971506-0728-4656-9122-98FBA44A8C38}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-16 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-16 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-16 138680]

R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2009-3-9 510496]

R2 HRD RemoteSvr;Ham Radio Deluxe Remote Server;c:\program files\amateur radio\ham radio deluxe\HRDRemoteSvr.exe [2009-5-22 196608]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-29 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-25 276816]

R2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\trustedid\identity theft protection\agent\bin\SanaAgent.exe [2008-3-21 4937240]

R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnectWatcher.exe [2008-3-21 539160]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-16 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-16 352920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-25 19160]

R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2007-12-11 36384]

R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectDriver.sys [2008-3-21 161304]

R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectFilter.sys [2008-3-21 29720]

R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectShim.sys [2008-3-21 27376]

R3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2009-5-6 21392]

S3 aswArKrn;aswArKrn;\??\c:\docume~1\admini~1\locals~1\temp\aswarkrn.sys --> c:\docume~1\admini~1\locals~1\temp\aswArKrn.sys [?]

S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\common files\intuit\fuse\service\Intuit Fuse Service.exe [2008-11-15 72704]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-12-27 10:17:58 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2009-12-26 14:18:59 0 d-----w- c:\program files\Spybot - Search & Destroy

2009-12-26 14:18:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-12-25 17:32:05 0 d-----w- c:\program files\ESET

2009-12-25 16:20:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-25 16:20:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-25 16:20:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-20 02:35:21 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2009-12-18 21:50:37 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-12-18 21:50:37 0 d-----w- c:\documents and settings\administrator\log

2009-12-16 12:43:37 0 ----a-w- c:\windows\Xdihuliwoluwaru.bin

2009-12-16 12:43:36 120 ----a-w- c:\windows\Htiqi.dat

2009-12-16 12:34:53 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2009-12-16 12:34:53 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2009-12-16 12:34:39 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2009-12-16 12:34:39 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys

2009-12-16 12:34:35 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2009-12-16 12:34:35 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2009-12-16 12:34:07 8 ----a-w- c:\docume~1\admini~1\applic~1\avdrn.dat

2009-12-07 00:37:44 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2009-12-07 00:34:01 0 d-----w- C:\ProWin09

2009-11-30 05:08:52 244 ---ha-w- C:\sqmnoopt10.sqm

2009-11-30 05:08:52 232 ---ha-w- C:\sqmdata10.sqm

2009-11-28 18:29:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion

==================== Find3M ====================

2009-12-27 00:42:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-12-27 00:42:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-11-27 17:18:15 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2009-11-07 15:11:35 163738 ----a-w- c:\windows\fonts\AdobeFnt08.lst

2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-10-01 22:03:09 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2009-10-01 22:03:08 87352 ----a-w- c:\windows\system32\LMIinit.dll

2009-10-01 22:03:08 28984 ----a-w- c:\windows\system32\LMIport.dll

============= FINISH: 5:19:39.17 ===============

Attach.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.