Jump to content

Damn Malware has taken over - I cant load MWB


Recommended Posts

Hi all

I am getting some damn redirection going on so I thought i would start with MWB but after installing it would not load/run.

Same deal with alot of other software like Combofix too.

Here is the Hijack this log below for some clues.

I appreciate any help you can offer me.

Thanks!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:18:55 PM, on 28/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\TAMSvr.exe

C:\WINDOWS\system32\FpLogonServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\WINDOWS\system32\TPSMain.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\WINDOWS\system32\lxdxcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Dean\Desktop\HijackThis.exe

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"

O4 - HKLM\..\Run: [usbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"

O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"

O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\WINDOWS\system32\TAMSvr.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe

O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--

End of file - 9434 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After that:

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After that:

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Hi Screen!

Thanks for your fast response...I really appreciate it:

See below the logs:

CHEEERS! :P :P :)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dean at 23:10:41.00 on Sat 28/08/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1028 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\TAMSvr.exe

C:\WINDOWS\system32\FpLogonServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\WINDOWS\system32\TPSMain.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

svchost.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\lxdxcoms.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Dean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

uRun: [<NO NAME>]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"

mRun: [usbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"

mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"

mRun: [TPSMain] TPSMain.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [NPSStartup]

mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"

mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dean\applic~1\mozilla\firefox\profiles\siw9lfmw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - component: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\dean\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dean\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\dean\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2010-2-27 42608]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-28 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2010-2-27 49152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2010-2-27 131072]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-10 233472]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]

R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-10 36608]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-6-26 5888]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-18 114688]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-18 105856]

S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-8-26 94208]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\intchdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?]

=============== Created Last 30 ================

2010-08-28 16:29:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 15:49:13 0 d-----w- c:\program files\CCleaner

2010-08-28 08:54:48 0 d-----w- c:\program files\SUPERAntiSpyware

2010-08-28 08:47:37 1024 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-08-28 08:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-08-28 00:18:31 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 23:33:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 23:32:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 23:32:29 0 d-----w- c:\program files\Lavasoft

2010-08-26 23:51:17 194048 ----a-w- c:\windows\Ccugia.exe

2010-08-26 07:43:04 0 d-----w- c:\documents and settings\all users\Lx_cats

2010-08-26 07:42:32 40960 ----a-w- c:\windows\system32\lxdxvs.dll

2010-08-26 07:42:30 409600 ----a-w- c:\windows\system32\lxdxcoin.dll

2010-08-26 07:42:28 60996 ----a-w- c:\windows\system32\lxdxprpr.chm

2010-08-26 07:42:13 81920 ----a-w- c:\windows\system32\lxdxcaps.dll

2010-08-26 07:42:13 782336 ----a-w- c:\windows\system32\lxdxdrs.dll

2010-08-26 07:42:13 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll

2010-08-26 07:41:32 0 d-----w- c:\program files\Lexmark 3600-4600 Series

2010-08-26 07:30:38 0 d-----w- c:\docume~1\dean\applic~1\Lexmark Productivity Studio

2010-08-25 14:00:29 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-25 14:00:29 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2010-08-25 14:00:03 0 d-----w- c:\program files\Lexmark Toolbar

2010-08-25 13:58:29 0 d-----w- C:\drivers

2010-08-22 19:00:10 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-22 18:53:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11

2010-08-22 18:50:56 0 d-----w- c:\windows\Intuit

2010-08-22 15:50:59 66082 -c--a-w- c:\windows\system32\dllcache\c_21027.nls

2010-08-22 15:49:53 0 d-----w- c:\documents and settings\dean\LocalLow

2010-08-22 15:49:53 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks

2010-08-22 15:48:31 0 d-----w- c:\windows\system32\TVUAx

2010-08-22 14:41:02 1060864 ----a-w- c:\windows\system32\cdintf210.dll

2010-08-22 14:40:52 0 d-----w- c:\program files\Sage EBanking

2010-08-22 14:40:18 0 d-----w- c:\program files\common files\Sage Shared

2010-08-22 14:40:10 0 d-----w- c:\program files\common files\Sage Line50

2010-08-22 14:39:54 0 d-----w- c:\program files\common files\Sage SBD

2010-08-22 14:39:41 0 d-----w- c:\program files\Sage

2010-08-18 11:26:43 0 d-----w- c:\docume~1\dean\applic~1\FLEXnet

2010-08-18 11:13:53 114688 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys

2010-08-18 11:13:50 105856 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-08-18 11:13:46 105856 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys

2010-08-18 11:13:42 105856 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-08-18 11:13:38 105856 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-08-18 11:12:57 0 d-----w- c:\docume~1\dean\applic~1\Vodafone

2010-08-18 11:12:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Vodafone

2010-08-18 11:12:35 0 d-----w- c:\program files\Vodafone

2010-08-14 00:37:17 0 d-----w- c:\program files\common files\supportsoft

2010-08-14 00:37:04 3833856 ----a-w- c:\windows\system32\cdintf300.dll

2010-08-14 00:35:11 0 d-----w- c:\program files\Intuit

2010-08-14 00:35:11 0 d-----w- c:\program files\common files\Intuit

2010-08-14 00:35:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit

2010-08-14 00:33:12 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini

2010-08-14 00:33:12 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10

2010-08-14 00:33:11 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES

2010-08-04 22:32:19 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-08-26 10:10:45 27576 ----a-w- c:\windows\fonts\Helvetica_Condensed_Black_Se.ttf

2010-07-17 08:47:13 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 08:47:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 08:46:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2002-04-16 10:27:54 5 --sha-w- c:\windows\system32\CdI5T.drv

============= FINISH: 23:12:29.85 ===============

2010/08/28 23:12:10.0281 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42

2010/08/28 23:12:10.0281 ================================================================================

2010/08/28 23:12:10.0281 SystemInfo:

2010/08/28 23:12:10.0281

2010/08/28 23:12:10.0281 OS Version: 5.1.2600 ServicePack: 3.0

2010/08/28 23:12:10.0281 Product type: Workstation

2010/08/28 23:12:10.0281 ComputerName: DEAN_LAPTOP

2010/08/28 23:12:10.0281 UserName: Dean

2010/08/28 23:12:10.0281 Windows directory: C:\WINDOWS

2010/08/28 23:12:10.0281 System windows directory: C:\WINDOWS

2010/08/28 23:12:10.0281 Processor architecture: Intel x86

2010/08/28 23:12:10.0281 Number of processors: 2

2010/08/28 23:12:10.0281 Page size: 0x1000

2010/08/28 23:12:10.0281 Boot type: Normal boot

2010/08/28 23:12:10.0281 ================================================================================

2010/08/28 23:12:10.0671 Initialize success

2010/08/28 23:12:13.0078 ================================================================================

2010/08/28 23:12:13.0078 Scan started

2010/08/28 23:12:13.0078 Mode: Manual;

2010/08/28 23:12:13.0078 ================================================================================

2010/08/28 23:12:14.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/28 23:12:14.0062 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/08/28 23:12:14.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/08/28 23:12:14.0218 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/08/28 23:12:14.0468 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/08/28 23:12:14.0843 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\WINDOWS\system32\Drivers\AlfaFF.sys

2010/08/28 23:12:14.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/08/28 23:12:15.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/28 23:12:15.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/28 23:12:15.0515 ati2mtag (fed6e59c29cdb40904c5246335284184) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/08/28 23:12:15.0750 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/28 23:12:15.0812 ATSWPDRV (4e6833f9591dc6a37e70dc188793f5be) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

2010/08/28 23:12:16.0078 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/28 23:12:16.0156 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/08/28 23:12:16.0203 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/08/28 23:12:16.0375 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/08/28 23:12:16.0421 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/28 23:12:16.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/28 23:12:16.0718 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/08/28 23:12:16.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/28 23:12:16.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/28 23:12:16.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/28 23:12:17.0015 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/08/28 23:12:17.0093 Compbatt (0f629906694fcd1622a1db6dd6c157b9) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/08/28 23:12:17.0093 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 0f629906694fcd1622a1db6dd6c157b9, Fake md5: 6e4c9f21f0fae8940661144f41b13203

2010/08/28 23:12:17.0093 Compbatt - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/08/28 23:12:17.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/28 23:12:17.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/28 23:12:17.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/28 23:12:17.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/28 23:12:17.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/28 23:12:17.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/28 23:12:17.0609 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/28 23:12:17.0765 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/08/28 23:12:17.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/28 23:12:17.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/08/28 23:12:17.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/08/28 23:12:18.0078 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS

2010/08/28 23:12:18.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/28 23:12:18.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/28 23:12:18.0281 FwLnk (4d52c52101492c450518124c592d8925) C:\WINDOWS\system32\DRIVERS\FwLnk.sys

2010/08/28 23:12:18.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/28 23:12:18.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/08/28 23:12:18.0500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/28 23:12:18.0625 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/08/28 23:12:18.0656 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/08/28 23:12:18.0687 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/08/28 23:12:18.0750 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/28 23:12:18.0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/08/28 23:12:19.0078 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys

2010/08/28 23:12:19.0109 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/28 23:12:19.0578 IntcAzAudAddService (febb470bf0de4dbebbf72b79df993c5f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/08/28 23:12:20.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/28 23:12:20.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/08/28 23:12:20.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/28 23:12:20.0265 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/28 23:12:20.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/28 23:12:20.0359 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/28 23:12:20.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/28 23:12:20.0609 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/28 23:12:20.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/28 23:12:20.0718 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/28 23:12:20.0781 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/28 23:12:20.0953 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/28 23:12:21.0125 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/08/28 23:12:21.0187 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/08/28 23:12:21.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/28 23:12:21.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/28 23:12:21.0453 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/28 23:12:21.0546 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/08/28 23:12:21.0656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/28 23:12:21.0718 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/28 23:12:21.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/28 23:12:21.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/28 23:12:21.0953 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/28 23:12:21.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/28 23:12:22.0031 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/28 23:12:22.0062 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/28 23:12:22.0250 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/08/28 23:12:22.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/28 23:12:22.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/08/28 23:12:22.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/28 23:12:22.0390 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/08/28 23:12:22.0562 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/28 23:12:22.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/28 23:12:22.0625 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/28 23:12:22.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/28 23:12:22.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/28 23:12:22.0906 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/28 23:12:22.0953 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2010/08/28 23:12:23.0140 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

2010/08/28 23:12:23.0484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/08/28 23:12:23.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/28 23:12:23.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/28 23:12:23.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/28 23:12:23.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/28 23:12:23.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/28 23:12:23.0937 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/08/28 23:12:23.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/08/28 23:12:24.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/28 23:12:24.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/28 23:12:24.0218 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2010/08/28 23:12:24.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/28 23:12:24.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/28 23:12:24.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/28 23:12:24.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/28 23:12:24.0875 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/28 23:12:24.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/28 23:12:24.0984 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/08/28 23:12:25.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/28 23:12:25.0296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/28 23:12:25.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/28 23:12:25.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/28 23:12:25.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/28 23:12:25.0562 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/28 23:12:25.0625 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/08/28 23:12:25.0671 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/28 23:12:25.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/28 23:12:25.0875 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/08/28 23:12:25.0921 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/08/28 23:12:25.0937 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/08/28 23:12:25.0968 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/08/28 23:12:26.0031 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/08/28 23:12:26.0218 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/08/28 23:12:26.0250 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/08/28 23:12:26.0437 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/08/28 23:12:26.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/28 23:12:26.0593 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/08/28 23:12:26.0765 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/08/28 23:12:26.0781 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/08/28 23:12:26.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/28 23:12:26.0890 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/08/28 23:12:26.0937 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/08/28 23:12:27.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/28 23:12:27.0109 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/28 23:12:27.0296 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/28 23:12:27.0343 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/08/28 23:12:27.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/28 23:12:27.0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/28 23:12:27.0765 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/08/28 23:12:27.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/28 23:12:28.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/28 23:12:28.0265 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

2010/08/28 23:12:28.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/28 23:12:28.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/28 23:12:28.0390 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys

2010/08/28 23:12:28.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/28 23:12:28.0687 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2010/08/28 23:12:28.0765 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys

2010/08/28 23:12:28.0968 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2010/08/28 23:12:29.0031 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2010/08/28 23:12:29.0062 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2010/08/28 23:12:29.0156 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2010/08/28 23:12:29.0312 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2010/08/28 23:12:29.0359 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys

2010/08/28 23:12:29.0406 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys

2010/08/28 23:12:29.0468 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys

2010/08/28 23:12:29.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/28 23:12:29.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/28 23:12:29.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/28 23:12:29.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/28 23:12:29.0859 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/28 23:12:29.0937 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/08/28 23:12:30.0265 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/08/28 23:12:30.0562 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/28 23:12:30.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/28 23:12:30.0796 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/08/28 23:12:30.0921 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS

2010/08/28 23:12:31.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/08/28 23:12:31.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/28 23:12:31.0171 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/28 23:12:31.0375 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/28 23:12:31.0437 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/08/28 23:12:31.0515 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/08/28 23:12:31.0578 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/08/28 23:12:31.0718 ZTEusbmdm6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

2010/08/28 23:12:31.0781 ZTEusbnet (7df32dc0267c91bacf7e2b4e38ac5df1) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys

2010/08/28 23:12:31.0859 ZTEusbnmea (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

2010/08/28 23:12:31.0984 ZTEusbser6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

2010/08/28 23:12:32.0109 ZTEusbvoice (2a6f72d2b6a549b1fc6a6522bc204159) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys

2010/08/28 23:12:32.0156 ================================================================================

2010/08/28 23:12:32.0156 Scan finished

2010/08/28 23:12:32.0156 ================================================================================

2010/08/28 23:12:32.0171 Detected object count: 1

2010/08/28 23:14:09.0812 Compbatt (0f629906694fcd1622a1db6dd6c157b9) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/08/28 23:14:09.0812 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 0f629906694fcd1622a1db6dd6c157b9, Fake md5: 6e4c9f21f0fae8940661144f41b13203

2010/08/28 23:14:10.0109 Backup copy found, using it..

2010/08/28 23:14:10.0187 C:\WINDOWS\system32\DRIVERS\compbatt.sys - will be cured after reboot

2010/08/28 23:14:10.0187 Rootkit.Win32.TDSS.tdl3(Compbatt) - User select action: Cure

Link to post
Share on other sites

Hi there

I had a small issue when running Combofix. I went through all the steps and the process ran fine after many minutes and a message came up saying something like scan complete but then I got the dreaded blue screen thing and I had to reboot.

Here is some more info on that:

BAD_POOL_HEADER

Technical Info:

*** STOP: 0x00000019 (0x00000020, 0x8333E8E0, 0x8333ECF8, 0x1A830014)

Begining dump of physical memory

In addition I was unable to get a log for Combofix.

But below I have included below the DDS log but I am unsure if that is helpful without the CFix log.

Cheers

Dean

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dean at 9:45:47.53 on Sun 29/08/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1149 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\TAMSvr.exe

C:\WINDOWS\system32\FpLogonServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\WINDOWS\system32\TPSMain.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe

C:\WINDOWS\system32\TPSBattM.exe

svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\lxdxcoms.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Dean\Desktop\Anti-Spyware\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

uRun: [<NO NAME>]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"

mRun: [usbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"

mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"

mRun: [TPSMain] TPSMain.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [NPSStartup]

mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"

mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dean\applic~1\mozilla\firefox\profiles\siw9lfmw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - component: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\dean\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dean\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\dean\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2010-2-27 42608]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-28 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2010-2-27 49152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2010-2-27 131072]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-10 233472]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]

R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-10 36608]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-6-26 5888]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-18 114688]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-18 105856]

S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-8-26 94208]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\intchdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

=============== Created Last 30 ================

2010-08-29 08:15:47 0 d-s---w- C:\ComboFix

2010-08-29 08:06:11 0 d-sha-r- C:\cmdcons

2010-08-28 22:44:04 98816 ----a-w- c:\windows\sed.exe

2010-08-28 22:44:04 77312 ----a-w- c:\windows\MBR.exe

2010-08-28 22:44:04 256512 ----a-w- c:\windows\PEV.exe

2010-08-28 22:44:04 161792 ----a-w- c:\windows\SWREG.exe

2010-08-28 22:30:39 0 d--h--w- C:\$AVG

2010-08-28 22:27:47 0 d-----w- c:\docume~1\dean\applic~1\SUPERAntiSpyware.com

2010-08-28 22:27:47 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-28 22:25:58 0 d-----w- c:\docume~1\dean\applic~1\Malwarebytes

2010-08-28 22:25:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 22:25:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-28 22:25:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-28 16:29:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 15:49:13 0 d-----w- c:\program files\CCleaner

2010-08-28 08:54:48 0 d-----w- c:\program files\SUPERAntiSpyware

2010-08-28 08:47:37 1024 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-08-28 08:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-08-28 00:18:31 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 23:33:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 23:32:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 23:32:29 0 d-----w- c:\program files\Lavasoft

2010-08-26 07:43:04 0 d-----w- c:\documents and settings\all users\Lx_cats

2010-08-26 07:42:32 40960 ----a-w- c:\windows\system32\lxdxvs.dll

2010-08-26 07:42:30 409600 ----a-w- c:\windows\system32\lxdxcoin.dll

2010-08-26 07:42:28 60996 ----a-w- c:\windows\system32\lxdxprpr.chm

2010-08-26 07:42:13 81920 ----a-w- c:\windows\system32\lxdxcaps.dll

2010-08-26 07:42:13 782336 ----a-w- c:\windows\system32\lxdxdrs.dll

2010-08-26 07:42:13 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll

2010-08-26 07:41:32 0 d-----w- c:\program files\Lexmark 3600-4600 Series

2010-08-26 07:30:38 0 d-----w- c:\docume~1\dean\applic~1\Lexmark Productivity Studio

2010-08-25 14:00:29 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-25 14:00:29 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2010-08-25 14:00:03 0 d-----w- c:\program files\Lexmark Toolbar

2010-08-25 13:58:29 0 d-----w- C:\drivers

2010-08-22 19:00:10 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-22 18:53:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11

2010-08-22 18:50:56 0 d-----w- c:\windows\Intuit

2010-08-22 15:50:59 66082 -c--a-w- c:\windows\system32\dllcache\c_21027.nls

2010-08-22 15:49:53 0 d-----w- c:\documents and settings\dean\LocalLow

2010-08-22 15:49:53 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks

2010-08-22 15:48:31 0 d-----w- c:\windows\system32\TVUAx

2010-08-22 14:41:02 1060864 ----a-w- c:\windows\system32\cdintf210.dll

2010-08-22 14:40:52 0 d-----w- c:\program files\Sage EBanking

2010-08-22 14:40:18 0 d-----w- c:\program files\common files\Sage Shared

2010-08-22 14:40:10 0 d-----w- c:\program files\common files\Sage Line50

2010-08-22 14:39:54 0 d-----w- c:\program files\common files\Sage SBD

2010-08-22 14:39:41 0 d-----w- c:\program files\Sage

2010-08-18 11:26:43 0 d-----w- c:\docume~1\dean\applic~1\FLEXnet

2010-08-18 11:13:53 114688 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys

2010-08-18 11:13:50 105856 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-08-18 11:13:46 105856 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys

2010-08-18 11:13:42 105856 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-08-18 11:13:38 105856 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-08-18 11:12:57 0 d-----w- c:\docume~1\dean\applic~1\Vodafone

2010-08-18 11:12:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Vodafone

2010-08-18 11:12:35 0 d-----w- c:\program files\Vodafone

2010-08-14 00:37:17 0 d-----w- c:\program files\common files\supportsoft

2010-08-14 00:37:04 3833856 ----a-w- c:\windows\system32\cdintf300.dll

2010-08-14 00:35:11 0 d-----w- c:\program files\Intuit

2010-08-14 00:35:11 0 d-----w- c:\program files\common files\Intuit

2010-08-14 00:35:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit

2010-08-14 00:33:12 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini

2010-08-14 00:33:12 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10

2010-08-14 00:33:11 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES

2010-08-04 22:32:19 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-08-28 22:20:56 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-08-26 10:10:45 27576 ----a-w- c:\windows\fonts\Helvetica_Condensed_Black_Se.ttf

2010-07-17 08:47:13 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 08:47:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 08:46:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2002-04-16 10:27:54 5 --sha-w- c:\windows\system32\CdI5T.drv

============= FINISH: 9:46:21.20 ===============

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix, grab a fresh copy, and save it to your Desktop. Do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Pick your usual account, and run ComboFix from Safe Mode. See if it produces a log now.

Link to post
Share on other sites

Hi mate!

Thanks for that it worked and I now have the logs.

ComboFix 10-08-28.02 - Dean 30/08/2010 7:59.3.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1714 [GMT 1:00]

Running from: c:\documents and settings\Dean\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\system32\install.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))

.

2010-08-29 08:47 . 2010-08-29 08:47 -------- d-----w- c:\documents and settings\Dean\Application Data\ABIG

2010-08-28 22:30 . 2010-08-28 22:30 -------- d-----w- C:\$AVG

2010-08-28 22:28 . 2010-08-29 10:39 63488 ----a-w- c:\documents and settings\Dean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-28 22:28 . 2010-08-28 22:28 52224 ----a-w- c:\documents and settings\Dean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-28 22:27 . 2010-08-29 10:38 117760 ----a-w- c:\documents and settings\Dean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-28 22:27 . 2010-08-28 22:27 -------- d-----w- c:\documents and settings\Dean\Application Data\SUPERAntiSpyware.com

2010-08-28 22:27 . 2010-08-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-28 22:25 . 2010-08-28 22:25 -------- d-----w- c:\documents and settings\Dean\Application Data\Malwarebytes

2010-08-28 22:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 22:25 . 2010-08-28 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 22:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-28 16:29 . 2010-08-28 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 15:49 . 2010-08-28 15:49 -------- d-----w- c:\program files\CCleaner

2010-08-28 08:54 . 2010-08-28 08:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-28 08:35 . 2010-08-28 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-08-28 00:18 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 23:33 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 23:32 . 2010-08-27 23:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 23:32 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-27 23:32 . 2010-08-27 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-08-27 23:32 . 2010-08-27 23:32 -------- d-----w- c:\program files\Lavasoft

2010-08-26 07:43 . 2010-08-26 10:46 -------- d-----w- c:\documents and settings\All Users\Lx_cats

2010-08-26 07:42 . 2009-10-16 12:12 40960 ----a-w- c:\windows\system32\lxdxvs.dll

2010-08-26 07:42 . 2009-10-16 12:12 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdxdrpp.dll

2010-08-26 07:42 . 2009-10-16 09:27 409600 ----a-w- c:\windows\system32\lxdxcoin.dll

2010-08-26 07:42 . 2009-08-19 08:06 81920 ----a-w- c:\windows\system32\lxdxcaps.dll

2010-08-26 07:42 . 2009-08-19 08:06 782336 ----a-w- c:\windows\system32\lxdxdrs.dll

2010-08-26 07:42 . 2009-08-19 08:00 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll

2010-08-26 07:30 . 2010-08-26 07:30 -------- d-----w- c:\documents and settings\Dean\Application Data\Lexmark Productivity Studio

2010-08-25 14:00 . 2001-08-17 21:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-25 14:00 . 2001-08-17 21:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2010-08-25 14:00 . 2010-08-25 14:00 -------- d-----w- c:\program files\Lexmark Toolbar

2010-08-25 13:58 . 2010-08-25 13:58 -------- d-----w- C:\drivers

2010-08-22 23:12 . 2010-08-26 19:57 286448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-22 19:00 . 2009-06-22 08:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-22 18:53 . 2010-08-22 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11

2010-08-22 18:50 . 2010-08-26 17:59 -------- d-----w- c:\windows\Intuit

2010-08-22 15:50 . 2008-04-14 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll

2010-08-22 15:49 . 2010-08-22 15:49 -------- d-----w- c:\documents and settings\Dean\LocalLow

2010-08-22 15:49 . 2010-08-22 15:49 -------- d-----w- c:\documents and settings\Dean\Local Settings\Application Data\TVU Networks

2010-08-22 15:49 . 2010-08-22 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks

2010-08-22 15:48 . 2010-08-22 15:48 -------- d-----w- c:\windows\system32\TVUAx

2010-08-22 14:41 . 2004-06-09 09:57 1060864 ----a-w- c:\windows\system32\cdintf210.dll

2010-08-22 14:39 . 2010-08-22 14:39 -------- d-----w- c:\program files\Sage

2010-08-18 11:26 . 2010-08-18 11:26 -------- d-----w- c:\documents and settings\Dean\Application Data\FLEXnet

2010-08-18 11:13 . 2010-03-25 17:09 114688 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys

2010-08-18 11:13 . 2010-04-19 14:42 105856 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-08-18 11:13 . 2010-04-19 14:42 105856 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys

2010-08-18 11:13 . 2010-04-19 14:42 105856 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-08-18 11:13 . 2010-04-19 14:42 105856 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-08-18 11:12 . 2010-08-18 11:12 -------- d-----w- c:\documents and settings\Dean\Application Data\Vodafone

2010-08-18 11:12 . 2010-08-18 11:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone

2010-08-18 11:12 . 2010-08-18 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone

2010-08-18 11:12 . 2010-08-18 11:12 -------- d-----w- c:\program files\Vodafone

2010-08-18 11:12 . 2010-08-18 11:12 -------- d-----w- c:\documents and settings\Dean\Local Settings\Application Data\{FA6F1E64-A6BD-4822-A094-03171A37E8C6}

2010-08-15 10:25 . 2010-08-15 10:25 869720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB19\Patch\qbpatch.exe

2010-08-15 10:25 . 2010-08-15 10:25 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB19\Patch\msvcp71.dll

2010-08-15 10:25 . 2010-08-15 10:25 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB19\Patch\msvcr71.dll

2010-08-14 09:23 . 2010-08-14 09:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit

2010-08-14 00:43 . 2010-08-26 23:32 3083 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys

2010-08-14 00:37 . 2010-08-14 00:37 -------- d-----w- c:\documents and settings\Dean\Local Settings\Application Data\Intuit

2010-08-14 00:37 . 2010-08-14 00:37 -------- d-----w- c:\program files\Common Files\supportsoft

2010-08-14 00:37 . 2010-01-11 16:47 3833856 ----a-w- c:\windows\system32\cdintf300.dll

2010-08-14 00:35 . 2010-08-28 16:22 -------- d-----w- c:\program files\Common Files\Intuit

2010-08-14 00:35 . 2010-08-26 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit

2010-08-14 00:35 . 2010-08-14 00:35 -------- d-----w- c:\program files\Intuit

2010-08-14 00:33 . 2010-08-14 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10

2010-08-14 00:33 . 2010-08-14 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES

2010-08-07 10:59 . 2010-08-27 17:55 -------- d-----w- c:\documents and settings\Dean\Local Settings\Application Data\Temp

2010-08-07 10:59 . 2010-08-27 17:55 -------- d-----w- c:\documents and settings\Dean\Local Settings\Application Data\Google

2010-08-04 22:32 . 2010-08-04 22:32 -------- d-----w- c:\program files\MSECache

2010-08-03 19:39 . 2010-08-03 19:39 503808 ----a-w- c:\documents and settings\Dean\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32f64ad3-n\msvcp71.dll

2010-08-03 19:39 . 2010-08-03 19:39 499712 ----a-w- c:\documents and settings\Dean\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32f64ad3-n\jmc.dll

2010-08-03 19:39 . 2010-08-03 19:39 348160 ----a-w- c:\documents and settings\Dean\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32f64ad3-n\msvcr71.dll

2010-08-03 19:39 . 2010-08-03 19:39 61440 ----a-w- c:\documents and settings\Dean\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-411d569a-n\decora-sse.dll

2010-08-03 19:39 . 2010-08-03 19:39 12800 ----a-w- c:\documents and settings\Dean\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-411d569a-n\decora-d3d.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-28 22:20 . 2008-06-25 19:07 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-08-28 17:59 . 2010-03-14 11:10 -------- d-----w- c:\program files\PokerStars

2010-08-28 16:51 . 2010-04-09 08:41 56952 ----a-w- c:\documents and settings\Dean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-28 16:24 . 2010-04-09 08:41 -------- d-----w- c:\documents and settings\Dean\Application Data\Azureus

2010-08-28 16:18 . 2010-06-02 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2010-08-28 09:11 . 2010-03-22 07:33 -------- d-----w- c:\documents and settings\Dean\Application Data\Skype

2010-08-28 08:49 . 2010-03-22 07:34 -------- d-----w- c:\documents and settings\Dean\Application Data\skypePM

2010-08-28 08:48 . 2010-08-28 08:47 1024 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-08-26 07:46 . 2010-08-26 07:41 -------- d-----w- c:\program files\Lexmark 3600-4600 Series

2010-08-22 14:41 . 2008-06-26 03:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-22 14:40 . 2010-08-22 14:40 -------- d-----w- c:\program files\Sage EBanking

2010-08-22 14:40 . 2010-08-22 14:40 -------- d-----w- c:\program files\Common Files\Sage Shared

2010-08-22 14:40 . 2010-08-22 14:40 -------- d-----w- c:\program files\Common Files\Sage Line50

2010-08-22 14:40 . 2010-08-22 14:39 -------- d-----w- c:\program files\Common Files\Sage SBD

2010-08-22 14:39 . 2008-06-26 03:14 -------- d-----w- c:\program files\Common Files\InstallShield

2010-08-21 08:52 . 2010-03-18 05:52 -------- d-----w- c:\documents and settings\Dean\Application Data\FileZilla

2010-08-18 11:12 . 2010-03-18 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-07-17 08:47 . 2010-02-26 06:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 08:47 . 2010-07-17 08:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 08:46 . 2010-02-26 06:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-05 22:43 . 2010-04-09 08:40 -------- d-----w- c:\program files\Vuze

2010-06-30 12:31 . 2008-06-26 02:01 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:10 . 2008-06-26 02:01 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2008-06-26 02:01 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2008-06-26 02:01 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-06-26 02:01 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 20:39 . 2010-06-17 20:39 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-17 14:03 . 2008-06-26 02:01 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-06-26 02:13 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2008-06-26 02:01 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\documents and settings\Dean\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\documents and settings\Dean\Application Data\Mozilla\plugins\npgoogletalk.dll

2010-06-10 19:31 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2010-06-10 19:31 . 2010-06-10 18:47 89280248 ----a-w- c:\documents and settings\Dean\Application Data\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe

2010-06-03 08:01 . 2010-02-26 06:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2002-04-16 10:27 . 2002-04-16 10:27 5 --sha-w- c:\windows\system32\CdI5T.drv

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-06-23 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-06-23 05:00 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-06-23 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-06-23 2515552]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]

@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"

[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]

2008-07-25 04:41 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-04-17 360448]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-03 712704]

"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]

"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]

"TPSMain"="TPSMain.exe" [2007-10-08 262144]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]

"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-04 16040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2008-09-03 02:48 208896 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 08:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-10 13:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-21 15:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-06-10 19:31 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-08-07 10:59 136176 ----atw- c:\documents and settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]

2010-02-05 02:45 385856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\WINDOWS\\system32\\lxdxcoms.exe"=

"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

"c:\\Documents and Settings\\Dean\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [27/02/2010 12:38 AM 42608]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/08/2010 12:33 AM 64288]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/02/2010 7:35 AM 243024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 1:15 PM 1355416]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [26/06/2008 6:52 PM 5888]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [18/08/2010 12:13 PM 114688]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/02/2010 7:35 AM 216400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 7:25 PM 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 7:41 PM 67656]

S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [27/02/2010 12:38 AM 49152]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/07/2010 9:46 AM 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 9:47 AM 308136]

S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [27/02/2010 12:38 AM 131072]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/06/2010 7:45 PM 233472]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [26/08/2010 8:42 AM 94208]

S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 8:22 PM 105856]

S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 8:15 PM 134016]

S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [28/04/2010 8:26 PM 9216]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/06/2010 7:45 PM 36608]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 1:15 PM 15008]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [18/08/2010 12:13 PM 105856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578900601-4021583383-1530443032-1005Core.job

- c:\documents and settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-07 10:59]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578900601-4021583383-1530443032-1005UA.job

- c:\documents and settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-07 10:59]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\siw9lfmw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - component: c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\siw9lfmw.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\Dean\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Dean\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Dean\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NPSStartup - (no file)

SafeBoot-klmdb.sys

MSConfigStartUp-CTFMON - (no file)

MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-30 08:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\FpWinLogonNp.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-08-30 08:05:58

ComboFix-quarantined-files.txt 2010-08-30 07:05

Pre-Run: 275,176,992,768 bytes free

Post-Run: 275,209,134,080 bytes free

- - End Of File - - D2B76BAF339D628D7D2ED17DFBB36E6D

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by Dean at 8:06:33.12 on Mon 30/08/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1650 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dean\Desktop\Anti-Spyware\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"

mRun: [usbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"

mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"

mRun: [TPSMain] TPSMain.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"

mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dean\applic~1\mozilla\firefox\profiles\siw9lfmw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - component: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\dean\application data\mozilla\firefox\profiles\siw9lfmw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2010-2-27 42608]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-28 64288]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-6-26 5888]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-18 114688]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2010-2-27 49152]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]

S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2010-2-27 131072]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-10 233472]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-8-26 94208]

S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]

S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]

S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-10 36608]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\intchdmi.sys --> c:\windows\system32\drivers\IntcHdmi.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-18 105856]

=============== Created Last 30 ================

2010-08-29 08:47:48 0 d-----w- c:\docume~1\dean\applic~1\ABIG

2010-08-29 08:06:11 0 d-sha-r- C:\cmdcons

2010-08-28 22:44:04 98816 ----a-w- c:\windows\sed.exe

2010-08-28 22:44:04 77312 ----a-w- c:\windows\MBR.exe

2010-08-28 22:44:04 256512 ----a-w- c:\windows\PEV.exe

2010-08-28 22:44:04 161792 ----a-w- c:\windows\SWREG.exe

2010-08-28 22:30:39 0 d-----w- C:\$AVG

2010-08-28 22:27:47 0 d-----w- c:\docume~1\dean\applic~1\SUPERAntiSpyware.com

2010-08-28 22:27:47 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-28 22:25:58 0 d-----w- c:\docume~1\dean\applic~1\Malwarebytes

2010-08-28 22:25:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 22:25:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-28 22:25:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-28 16:29:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 15:49:13 0 d-----w- c:\program files\CCleaner

2010-08-28 08:54:48 0 d-----w- c:\program files\SUPERAntiSpyware

2010-08-28 08:47:37 1024 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-08-28 08:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-08-28 00:18:31 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 23:33:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 23:32:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 23:32:29 0 d-----w- c:\program files\Lavasoft

2010-08-26 07:43:04 0 d-----w- c:\documents and settings\all users\Lx_cats

2010-08-26 07:42:32 40960 ----a-w- c:\windows\system32\lxdxvs.dll

2010-08-26 07:42:30 409600 ----a-w- c:\windows\system32\lxdxcoin.dll

2010-08-26 07:42:28 60996 ----a-w- c:\windows\system32\lxdxprpr.chm

2010-08-26 07:42:13 81920 ----a-w- c:\windows\system32\lxdxcaps.dll

2010-08-26 07:42:13 782336 ----a-w- c:\windows\system32\lxdxdrs.dll

2010-08-26 07:42:13 69632 ----a-w- c:\windows\system32\lxdxcnv4.dll

2010-08-26 07:41:32 0 d-----w- c:\program files\Lexmark 3600-4600 Series

2010-08-26 07:30:38 0 d-----w- c:\docume~1\dean\applic~1\Lexmark Productivity Studio

2010-08-25 14:00:29 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-08-25 14:00:29 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2010-08-25 14:00:03 0 d-----w- c:\program files\Lexmark Toolbar

2010-08-25 13:58:29 0 d-----w- C:\drivers

2010-08-22 19:00:10 4194304 ----a-w- c:\windows\system32\cdintf400.dll

2010-08-22 18:53:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11

2010-08-22 18:50:56 0 d-----w- c:\windows\Intuit

2010-08-22 15:50:59 66082 -c--a-w- c:\windows\system32\dllcache\c_21027.nls

2010-08-22 15:49:53 0 d-----w- c:\documents and settings\dean\LocalLow

2010-08-22 15:49:53 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks

2010-08-22 15:48:31 0 d-----w- c:\windows\system32\TVUAx

2010-08-22 14:41:02 1060864 ----a-w- c:\windows\system32\cdintf210.dll

2010-08-22 14:40:52 0 d-----w- c:\program files\Sage EBanking

2010-08-22 14:40:18 0 d-----w- c:\program files\common files\Sage Shared

2010-08-22 14:40:10 0 d-----w- c:\program files\common files\Sage Line50

2010-08-22 14:39:54 0 d-----w- c:\program files\common files\Sage SBD

2010-08-22 14:39:41 0 d-----w- c:\program files\Sage

2010-08-18 11:26:43 0 d-----w- c:\docume~1\dean\applic~1\FLEXnet

2010-08-18 11:13:53 114688 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys

2010-08-18 11:13:50 105856 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-08-18 11:13:46 105856 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys

2010-08-18 11:13:42 105856 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-08-18 11:13:38 105856 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-08-18 11:12:57 0 d-----w- c:\docume~1\dean\applic~1\Vodafone

2010-08-18 11:12:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Vodafone

2010-08-18 11:12:35 0 d-----w- c:\program files\Vodafone

2010-08-14 00:37:17 0 d-----w- c:\program files\common files\supportsoft

2010-08-14 00:37:04 3833856 ----a-w- c:\windows\system32\cdintf300.dll

2010-08-14 00:35:11 0 d-----w- c:\program files\Intuit

2010-08-14 00:35:11 0 d-----w- c:\program files\common files\Intuit

2010-08-14 00:35:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit

2010-08-14 00:33:12 90 ----a-w- c:\windows\QBChanUtil_Trigger.ini

2010-08-14 00:33:12 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10

2010-08-14 00:33:11 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES

2010-08-04 22:32:19 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2010-08-28 22:20:56 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys

2010-08-26 10:10:45 27576 ----a-w- c:\windows\fonts\Helvetica_Condensed_Black_Se.ttf

2010-07-17 08:47:13 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 08:47:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 08:46:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2002-04-16 10:27:54 5 --sha-w- c:\windows\system32\CdI5T.drv

============= FINISH: 8:06:40.78 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi there

Thanks again here are the logs below:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=66e366a06f822e46b5a667dc816ef35f

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-08-30 04:51:51

# local_time=2010-08-30 05:51:51 (+0000, GMT Daylight Time)

# country="Australia"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777175 100 0 16021075 16021075 0 0

# compatibility_mode=8192 67108863 100 0 306 306 0 0

# scanned=111829

# found=2

# cleaned=2

# scan_time=3528

C:\System Volume Information\_restore{7D57171D-674D-4395-8FDF-1E5928F14B34}\RP155\A0042364.dll a variant of Win32/Olmarik.ADC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\spool\prtprocs\w32x86\i93qG93.dll a variant of Win32/Olmarik.ADC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

IN ADDITION:

I was unable to run your SecurityCheck software as it sais it was a trojan.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.