Jump to content

Many infections (win.ini, autorun + ntldr.exe, erase_me.exe)


Recommended Posts

Hey,

Before I found this forum I deleted the win.ini from the windows directory, and some of the autorun, ntldr and erase me bugs but I couldnt get them all.

I'm very frustrated that spyboy sd and eset smart security have been completely useless in this regard.

My logs are below:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4344

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/24/2010 12:52:39 PM

mbam-log-2010-07-24 (12-52-39).txt

Scan type: Quick scan

Objects scanned: 127347

Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ssqyvjb4-160s-o62x-owx6-ddvcje4772k4} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y9h8ilx4-rjm6-eqlg-lui4-uobzcpbqpjfl} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall test3 (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall test3 (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Nelson D. Spence\AppData\Roaming\winlog\winlogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\Users\Nelson D. Spence\AppData\Local\Temp\xzt8l.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\Users\Nelson D. Spence\AppData\Local\Temp\restbot (Backdoor.Bot) -> Delete on reboot.

C:\Users\Nelson D. Spence\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\Nelson D. Spence\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Nelson D. Spence\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Nelson D. Spence at 12:53:36.96 on Sat 07/24/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1600 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Users\NELSON~1.SPE\AppData\Local\Temp\restbot

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Nelson D. Spence\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\GROOVEEX.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [fezd9ai] c:\users\nelson~1.spe\appdata\local\temp\xzt8l.exe

uRun: [HKCU] c:\users\nelson d. spence\appdata\roaming\winlog\winlogon.exe

mRun: [<NO NAME>]

mRun: [5ufZCmMTm] c:\users\nelson~1.spe\appdata\local\temp\xzt8l.exe

mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [HKLM] c:\users\nelson d. spence\appdata\roaming\winlog\winlogon.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent

uExplorerRun: [Policies] c:\users\nelson d. spence\appdata\roaming\winlog\winlogon.exe

mExplorerRun: [Policies] c:\users\nelson d. spence\appdata\roaming\winlog\winlogon.exe

StartupFolder: c:\users\nelson d. spence\appdata\roaming\microsoft\windows\start menu\programs\startup\Logitech . Product Registration.lnk.disabled

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: acaptuser32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office14\GROOVEEX.DLL

mASetup: {SSQYVJB4-160S-O62X-OWX6-DDVCJE4772K4} - c:\users\nelson d. spence\appdata\roaming\winlog\winlogon.exe

uASetup: {Y9H8ILX4-RJM6-EQLG-LUI4-UOBZCPBQPJFL} - c:\users\nelson~1.spe\appdata\local\temp\xzt8l.exe

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun-x64: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe"

mRun-x64: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc64.dll,nvsvcStart

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

AppInit_DLLs-X64: acaptuser64.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\nelson~1.spe\appdata\roaming\mozilla\firefox\profiles\cvhwk16m.default\

FF - component: c:\program files (x86)\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll

FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\nelson d. spence\appdata\roaming\mozilla\firefox\profiles\cvhwk16m.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-7-18 55280]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 166984]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\x86\ekrn.exe [2010-6-24 810144]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-4-28 50600]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2010-1-27 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-16 72216]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-16 1153368]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 74320]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 13392]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2010-5-18 14944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-07-24 17:50:16 0 ----a-w- c:\users\nelson d. spence\defogger_reenable

2010-07-24 17:48:33 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\Malwarebytes

2010-07-24 17:48:26 0 d-----w- c:\programdata\Malwarebytes

2010-07-24 17:48:25 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-24 17:48:24 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-07-24 17:22:47 0 d-----w- c:\program files\iPod

2010-07-24 17:22:46 0 d-----w- c:\program files\iTunes

2010-07-24 17:22:46 0 d-----w- c:\program files (x86)\iTunes

2010-07-23 17:15:25 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\com.watermelonexpress.mcatphysicsconnect.8127B739E182C5789D2CAE8B027AAEF164

1F45C0.1

2010-07-23 17:14:35 0 d-----w- c:\program files (x86)\MCATPhysicsConnect

2010-07-23 17:12:55 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\com.watermelonexpress.mcatbioconnect.8127B739E182C5789D2CAE8B027AAEF1641F45

C0.1

2010-07-23 17:12:28 0 d-----w- c:\program files (x86)\MCATBioConnect

2010-07-23 17:08:31 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\com.watermelonexpress.mcatchemconnect.8127B739E182C5789D2CAE8B027AAEF1641F4

5C0.1

2010-07-23 17:07:37 0 d-----w- c:\program files (x86)\MCATChemConnect

2010-07-22 17:03:03 386923 ----a-w- c:\windows\KMSAct.exe

2010-07-22 04:36:34 0 d-----w- c:\users\nelson d. spence\.shsh

2010-07-22 04:19:50 0 d-----w- c:\programdata\Sun

2010-07-22 04:19:32 423656 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-07-22 04:19:32 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-07-22 04:19:32 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-07-22 04:19:32 145184 ----a-w- c:\windows\syswow64\java.exe

2010-07-20 05:05:50 0 d-----w- c:\programdata\Rosetta Stone

2010-07-20 05:05:50 0 d-----w- c:\program files (x86)\Rosetta Stone

2010-07-20 03:12:17 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-07-20 03:10:41 112056 ----a-w- c:\windows\syswow64\acaptuser32.dll

2010-07-19 03:00:15 52568 ----a-w- c:\windows\system32\AdobePDF.dll

2010-07-19 02:56:52 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys

2010-07-19 02:42:33 0 d-----w- c:\program files (x86)\common files\Macrovision Shared

2010-07-19 02:15:49 0 d-----w- c:\programdata\FLEXnet

2010-07-19 00:43:41 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-07-19 00:40:18 0 d-----w- c:\programdata\regid.1986-12.com.adobe

2010-07-19 00:33:03 0 d-----w- c:\programdata\ALM

2010-07-19 00:24:56 0 d-----w- c:\users\nelson d. spence\Adobe Flash Builder 4

2010-07-18 23:21:03 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2010-07-18 23:21:03 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-07-18 23:21:03 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-07-18 23:21:03 0 d-----w- c:\program files (x86)\My Company Name

2010-07-18 23:21:03 0 d-----w- c:\program files (x86)\common files\Sonic Shared

2010-07-18 23:21:03 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-07-18 23:12:27 0 d-----w- c:\program files\common files\Adobe

2010-07-18 23:12:14 0 d-----w- c:\program files\Adobe

2010-07-18 23:06:11 0 d-----w- c:\programdata\Adobe

2010-07-18 19:01:43 0 d-----w- c:\program files (x86)\LSoft Technologies

2010-07-18 18:59:41 0 d-----w- c:\windows\system32\appmgmt

2010-07-18 17:40:56 0 d-----w- c:\program files\WinRAR

2010-07-17 17:25:05 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-07-17 17:25:05 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2010-07-17 17:25:05 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll

2010-07-17 17:24:08 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2010-07-17 17:23:17 0 d-----w- c:\programdata\Apple Computer

2010-07-17 17:22:47 0 d-----w- c:\program files\common files\Apple

2010-07-17 17:22:39 0 d-----w- c:\program files\Bonjour

2010-07-17 17:22:39 0 d-----w- c:\program files (x86)\Bonjour

2010-07-17 17:22:32 0 d-----w- c:\programdata\Apple

2010-07-17 17:19:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-07-17 04:48:29 410656 ----a-w- c:\windows\system32\nvcpl.cpl

2010-07-17 04:48:29 2113568 ----a-w- c:\windows\system32\nvcplui.exe

2010-07-17 04:48:29 1097248 ----a-w- c:\windows\system32\nvcpluir.dll

2010-07-17 04:46:13 502304 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-07-17 04:21:48 0 d-----w- c:\programdata\Media Center Programs

2010-07-17 04:21:46 0 d-----w- c:\program files (x86)\Guild Wars

2010-07-17 01:59:01 0 d-----w- c:\program files (x86)\CCleaner

2010-07-17 01:57:46 0 d---a-w- c:\programdata\TEMP

2010-07-17 01:57:43 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL

2010-07-17 01:57:43 1071088 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX

2010-07-17 01:57:38 0 d-----w- c:\program files (x86)\SpywareBlaster

2010-07-17 01:56:14 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-07-17 01:56:14 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-07-16 23:03:32 0 d-----w- c:\program files (x86)\Microsoft

2010-07-16 23:02:55 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-07-16 23:02:55 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll

2010-07-16 23:02:47 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2010-07-16 22:59:23 0 d-----w- c:\program files (x86)\common files\Windows Live

2010-07-16 20:09:43 0 d-----w- c:\program files\Microsoft Synchronization Services

2010-07-16 20:09:42 0 d-----w- c:\program files\common files\DESIGNER

2010-07-16 20:09:18 0 d-----w- c:\windows\PCHEALTH

2010-07-16 20:09:18 0 d-----w- c:\program files\Microsoft Sync Framework

2010-07-16 20:09:18 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-07-16 20:08:03 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2010-07-16 20:07:28 0 d-----w- c:\program files\Microsoft Analysis Services

2010-07-16 20:07:28 0 d-----w- c:\program files (x86)\Microsoft Analysis Services

2010-07-16 20:07:06 0 d-----w- c:\programdata\Microsoft Help

2010-07-16 20:07:06 0 d-----w- c:\program files\Microsoft Office

2010-07-16 20:05:08 0 d-----w- c:\program files\7-Zip

2010-07-16 19:50:51 0 d-----w- c:\programdata\LogMeIn

2010-07-16 19:50:48 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-07-16 19:50:48 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2010-07-16 19:50:48 33152 ----a-w- c:\windows\system32\LMIport.dll

2010-07-16 19:50:47 80768 ----a-w- c:\windows\system32\LMIinit.dll

2010-07-16 19:50:39 0 d-----w- c:\program files (x86)\LogMeIn

2010-07-16 18:15:03 0 d-----w- c:\program files (x86)\uTorrent

2010-07-16 18:14:47 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\uTorrent

2010-07-16 18:03:54 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\ESET

2010-07-16 18:03:23 0 d-----w- c:\programdata\ESET

2010-07-16 18:03:23 0 d-----w- c:\program files\ESET

2010-07-16 17:54:44 0 d-----w- c:\program files (x86)\PowerISO

2010-07-16 17:49:01 0 d-----w- c:\windows\tiinst

2010-07-16 17:34:16 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-07-16 17:34:03 0 d-----w- c:\programdata\Logishrd

2010-07-16 17:34:02 0 d-----w- c:\program files\Logitech

2010-07-16 17:33:48 0 d-----w- c:\program files\common files\LogiShrd

2010-07-16 17:33:44 0 d-----w- c:\users\nelson~1.spe\appdata\roaming\Logishrd

2010-07-16 16:34:20 0 d-----w- c:\windows\syswow64\Macromed

2010-07-16 01:39:14 0 d-----w- c:\programdata\NVIDIA

2010-07-16 01:34:30 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-07-16 01:34:30 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-07-16 01:31:55 0 d-----w- c:\program files\Motorola

2010-07-16 01:31:16 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-07-16 01:30:07 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll

2010-07-16 01:30:07 49472 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-07-16 01:30:07 48960 ----a-w- c:\windows\system32\netfxperf.dll

2010-07-16 01:30:07 444752 ----a-w- c:\windows\system32\mscoree.dll

2010-07-16 01:30:07 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2010-07-16 01:30:07 297808 ----a-w- c:\windows\syswow64\mscoree.dll

2010-07-16 01:30:07 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe

2010-07-16 01:30:07 1942856 ----a-w- c:\windows\system32\dfshim.dll

2010-07-16 01:30:07 1130824 ----a-w- c:\windows\syswow64\dfshim.dll

2010-07-16 01:30:07 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-07-16 01:25:54 0 d-sh--w- c:\windows\Installer

2010-07-16 01:25:46 0 d-----w- c:\programdata\NVIDIA Corporation

2010-07-16 01:25:41 0 d-----w- c:\program files\NVIDIA Corporation

2010-07-16 01:25:41 0 d-----w- c:\program files (x86)\NVIDIA Corporation

2010-07-16 01:22:01 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-07-16 01:22:01 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-07-16 01:22:01 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-07-16 01:22:01 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-07-16 01:22:00 613888 ----a-w- c:\windows\system32\psisdecd.dll

2010-07-16 01:22:00 552960 ----a-w- c:\windows\system32\msdri.dll

2010-07-16 01:22:00 465408 ----a-w- c:\windows\syswow64\psisdecd.dll

2010-07-16 01:22:00 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-07-16 01:22:00 258560 ----a-w- c:\windows\system32\mpg2splt.ax

2010-07-16 01:22:00 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-07-16 01:22:00 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-07-16 01:22:00 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax

2010-07-16 01:15:43 0 d-sh--w- C:\Recovery

2010-07-15 23:31:27 0 d-----w- c:\windows\Panther

2010-07-15 22:32:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-07-09 21:17:26 347350 ----a-w- c:\windows\system32\nvcoproc.bin

2010-07-09 21:17:18 918528 ----a-w- c:\windows\system32\nvsvcr.dll

2010-07-09 21:17:18 848928 ----a-w- c:\windows\system32\nvsvc64.dll

2010-07-09 21:17:18 762472 ----a-w- c:\windows\system32\nv3dappshext.dll

2010-07-09 21:17:18 624744 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2010-07-09 21:17:18 61032 ----a-w- c:\windows\system32\nvshext.dll

2010-07-09 21:17:18 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll

==================== Find3M ====================

2010-06-24 14:04:14 166984 ----a-w- c:\windows\system32\drivers\eamonm.sys

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll

2010-05-18 21:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 21:55:18 69408 ----a-w- c:\windows\system32\jdns_sd.dll

2010-05-18 21:55:18 237856 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 21:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 21:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 21:35:16 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll

2010-05-18 21:35:16 197920 ----a-w- c:\windows\syswow64\dnssdX.dll

2010-05-18 21:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-28 22:27:32 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:54:09.64 ===============

Attach.zip

Link to post
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.