Jump to content

virus / browser redirect help


Recommended Posts

Hello experts,

I've discovered several viruses/trojans (dropper.generic3, sheur3, php/remoteadmin, etc...)

which I have removed using AVG, MBAM, ESET

I'm still experiencing a browser redirection problem, and would love your help!

Here's the logs:

(note- the GMER util has been running for about 5 hours now. I finally had to just save what it processed so far)

THANKS!

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Pete at 11:13:50.75 on Thu 04/14/2011

Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.561 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Common Files\Silver Bullet Technology\Logging\Logging Service\SBTLogService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Fighters\SPAMfighter\sfus.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\vmnat.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fighters\SPAMfighter\sfagent.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Microsoft Office 2007\Office14\MSOSYNC.EXE

C:\Program Files\Windows Live\Mesh\WLSync.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\FreeWheel\FreeWheel.exe

C:\Program Files\Microsoft Office 2007\Office14\ONENOTEM.EXE

C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe

C:\Program Files\TimeSnapper\TimeSnapper.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Mesh\MOE.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Pete\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = *.local

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll

uRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

uRun: [OfficeSyncProcess] "c:\program files\microsoft office 2007\office14\MSOSYNC.EXE"

uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TortoiseHgOverlayIconServer] c:\program files\tortoisehg\TortoiseHgOverlayServer.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [bCSSync] "c:\program files\microsoft office 2007\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sfagent] c:\program files\fighters\spamfighter\sfagent.exe

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\pete\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\freewh~1.lnk - c:\program files\freewheel\FreeWheel.exe

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\getdbb~1.lnk - c:\projects\support\getdb.bat

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office 2007\office14\ONENOTEM.EXE

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\shellf~1.lnk - c:\program files\shellfolderfix\ShellFolderFixUI.exe

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\timesn~1.lnk - c:\program files\timesnapper\TimeSnapper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-

10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2007\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2007\office14\ONBttnIELinkedNotes.dll

LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

Trusted Zone: paypal.com\manager

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: PCANotify - PCANotify.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\pete\appdata\roaming\mozilla\firefox\profiles\bgqit4xb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\users\pete\appdata\roaming\mozilla\firefox\profiles\bgqit4xb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\users\pete\appdata\roaming\mozilla\firefox\profiles\bgqit4xb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

FF - Ext: Firesizer: {04426594-bce6-4705-b811-bcdba2fd9c7b} - %profile%\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook

FF - Ext: XULRunner: {4052054A-F5A3-4780-99AB-B1C1E1B8C12E} - c:\users\pete\appdata\local\{4052054A-F5A3-4780-99AB-B1C1E1B8C12E}

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]

R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2009-4-14 33624]

R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-9-17 75048]

R2 CloudBerry Backup Service;CloudBerry Backup Service;c:\program files\cloudberrylab\cloudberry online backup\CloudBerry.Backup.Scheduler.exe [2010-8-25 25088]

R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]

R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]

R2 SBT Log;SBT Log;c:\program files\common files\silver bullet technology\logging\logging service\SBTLogService.exe [2008-2-6 53248]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\spamfighter\sfus.exe [2010-11-12 214664]

R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-11-12 1145992]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 44776]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [2010-11-9 79360]

S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [2010-11-9 174592]

S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [2010-11-9 64512]

S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [2005-12-6 40960]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office 2007\office14\GROOVE.EXE [2010-3-25 30969208]

S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-2-4 63304]

S3 MTSTDUSB;MagTek Standard Driver - USB;c:\windows\system32\drivers\MTSTDUSB.sys [2010-1-19 26240]

S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [2010-11-9 13824]

S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2010-1-6 131968]

S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2010-1-6 18304]

S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2010-1-6 39168]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-10-8 31888]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== File Associations ===============

.

.txt=UEStudio.txt

.

=============== Created Last 30 ================

.

2011-04-14 14:52:57 -------- d-----w- c:\program files\ESET

2011-04-14 14:47:09 -------- d-----w- c:\users\pete\appdata\roaming\Malwarebytes

2011-04-14 14:47:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-14 14:47:05 -------- d-----w- c:\progra~2\Malwarebytes

2011-04-14 14:47:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-14 14:47:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-14 13:57:20 -------- d-----w- c:\users\pete\appdata\local\{F6900AA3-1FA2-4BAE-9EB8-D4781DA4C8EC}

2011-04-14 02:25:19 -------- d--h--w- C:\$AVG

2011-04-14 02:03:03 -------- d-----w- c:\users\pete\appdata\roaming\AVG10

2011-04-14 02:02:31 -------- d--h--w- c:\progra~2\Common Files

2011-04-14 02:02:06 -------- d-----w- c:\windows\system32\drivers\AVG

2011-04-14 02:02:06 -------- d-----w- c:\progra~2\AVG10

2011-04-14 02:01:45 -------- d-----w- c:\program files\AVG

2011-04-14 01:58:07 -------- d-----w- c:\progra~2\MFAData

2011-04-14 01:56:54 -------- d-----w- c:\users\pete\appdata\local\{258AF091-C4DD-451E-ABDE-B16710A614D1}

2011-04-14 01:56:15 -------- d-----w- c:\program files\LogMeIn Hamachi

2011-04-10 11:26:39 -------- d-----w- C:\Windows Home Server Drivers for Restore

2011-04-08 13:20:48 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ff38e3fa-ea6c-436d-a714-a6fe8f8eece1}\mpengine.dll

2011-04-07 14:41:42 -------- d-----w- c:\users\pete\appdata\local\{3CD1309E-66A7-432A-998B-0471CAF68065}

2011-04-06 23:27:08 0 ----a-w- c:\users\pete\appdata\local\Izusof.bin

2011-04-06 23:27:07 -------- d-----w- c:\users\pete\appdata\local\{4052054A-F5A3-4780-99AB-B1C1E1B8C12E}

2011-04-05 13:18:00 -------- d-----w- c:\users\pete\appdata\local\{4EE6C346-A64F-48B5-A402-AC0DB630F628}

2011-03-30 22:17:06 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-03-22 18:38:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll

2011-03-18 04:51:14 -------- d-----w- c:\users\pete\appdata\local\{1F446825-9636-471A-AC8C-EED5472E286F}

2011-03-17 20:46:47 -------- d-----w- c:\program files\IIS Express

2011-03-17 20:32:46 -------- d-----w- c:\progra~2\PreEmptive Solutions

2011-03-17 20:14:52 -------- d-----w- c:\progra~2\VS

.

==================== Find3M ====================

.

2011-02-20 07:01:14 743760 ----a-w- c:\windows\system32\msvcp100d.dll

2011-02-20 07:01:14 1505104 ----a-w- c:\windows\system32\msvcr100d.dll

2011-02-20 06:56:00 7124304 ----a-w- c:\windows\system32\mfc100ud.dll

2011-02-20 06:56:00 7055696 ----a-w- c:\windows\system32\mfc100d.dll

2011-02-20 06:56:00 105296 ----a-w- c:\windows\system32\mfcm100ud.dll

2011-02-20 06:56:00 103760 ----a-w- c:\windows\system32\mfcm100d.dll

2011-02-20 06:49:46 87888 ----a-w- c:\windows\system32\vcomp100d.dll

2011-02-19 05:56:52 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:56:27 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:56:14 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:40:50 773968 ----a-w- c:\windows\system32\msvcr100.dll

2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-18 15:45:50 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-01-18 15:45:50 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll

.

============= FINISH: 11:14:19.16 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6362

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

4/14/2011 9:51:47 AM

mbam-log-2011-04-14 (09-51-47).txt

Scan type: Quick scan

Objects scanned: 194166

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.