Jump to content

Possible virus... help needed


Recommended Posts

Right,

Basically I have this recurring popup every couple of minutes from MalwareBytes saying MalwareBytes has protected you from a potentially malicious website. Then it says the IP address, it's outgoing and that it was because of svchost.exe. Is this a virus? or is there a way to get rid of it without damaging my computer? I have used MalwareBytes and Avast to scan my computer, 1 infected file was found on Malware bytes and it was removed and there was no infected files on Avast. Thanks for any help posted.

Here is the protection log for MalwareBytes:

18:39:45 Stephanie MESSAGE Protection started successfully

18:39:51 Stephanie MESSAGE IP Protection started successfully

18:40:45 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53702, Process: svchost.exe)

18:41:09 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62086, Process: svchost.exe)

18:47:30 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 49618, Process: svchost.exe)

18:48:19 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53843, Process: svchost.exe)

18:51:33 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 49245, Process: svchost.exe)

18:59:40 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50848, Process: svchost.exe)

19:01:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64061, Process: svchost.exe)

19:01:33 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 55949, Process: svchost.exe)

19:03:27 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50503, Process: svchost.exe)

19:05:28 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52553, Process: svchost.exe)

19:10:28 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 49940, Process: svchost.exe)

19:13:35 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50729, Process: svchost.exe)

19:13:43 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 51400, Process: svchost.exe)

19:14:07 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59010, Process: svchost.exe)

19:18:51 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 63170, Process: svchost.exe)

19:26:02 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54825, Process: svchost.exe)

19:33:51 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64551, Process: svchost.exe)

19:34:48 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62129, Process: svchost.exe)

19:39:15 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59251, Process: svchost.exe)

19:42:21 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54315, Process: svchost.exe)

19:42:29 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62249, Process: svchost.exe)

19:42:38 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62249, Process: svchost.exe)

19:42:38 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62249, Process: svchost.exe)

19:49:39 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62085, Process: svchost.exe)

19:56:24 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 55486, Process: svchost.exe)

19:57:13 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53297, Process: svchost.exe)

20:04:38 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 63421, Process: svchost.exe)

20:12:20 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52776, Process: svchost.exe)

20:12:20 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52776, Process: svchost.exe)

20:18:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 58785, Process: svchost.exe)

20:20:27 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54360, Process: svchost.exe)

20:20:43 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53719, Process: svchost.exe)

20:24:46 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 53335, Process: svchost.exe)

20:44:11 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59951, Process: svchost.exe)

20:57:08 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52590, Process: svchost.exe)

20:57:49 (null) IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62254, Process: svchost.exe)

20:57:49 (null) IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62254, Process: svchost.exe)

23:08:01 Stephanie MESSAGE Protection started successfully

23:08:06 Stephanie MESSAGE IP Protection started successfully

23:08:20 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59036, Process: svchost.exe)

23:08:31 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52122, Process: svchost.exe)

23:08:39 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 51486, Process: svchost.exe)

23:09:04 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62999, Process: svchost.exe)

23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57189, Process: svchost.exe)

23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 59931, Process: svchost.exe)

23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 65180, Process: svchost.exe)

23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 55279, Process: svchost.exe)

23:09:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57423, Process: svchost.exe)

23:16:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64106, Process: svchost.exe)

23:24:17 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 50494, Process: svchost.exe)

23:40:10 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62232, Process: svchost.exe)

23:40:58 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 62276, Process: svchost.exe)

23:42:59 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 52873, Process: svchost.exe)

23:53:12 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 63585, Process: svchost.exe)

23:54:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 58563, Process: svchost.exe)

23:54:25 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 51648, Process: svchost.exe)

23:54:49 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57362, Process: svchost.exe)

23:54:49 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 64790, Process: svchost.exe)

23:54:49 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54321, Process: svchost.exe)

23:58:43 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 57071, Process: svchost.exe)

23:58:52 Stephanie IP-BLOCK 219.139.81.6 (Type: outgoing, Port: 54584, Process: svchost.exe)

Hopefully someone can help :) I'll keep an eye out for the next one and screen shot it if possible.

Link to post
Share on other sites

Hello JaneSmith and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please do the following:
  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller log
  • DDS log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

TDSKiller.log

2011/07/02 01:15:53.0706 1580 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/07/02 01:15:54.0763 1580 ================================================================================

2011/07/02 01:15:54.0763 1580 SystemInfo:

2011/07/02 01:15:54.0763 1580

2011/07/02 01:15:54.0763 1580 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/02 01:15:54.0763 1580 Product type: Workstation

2011/07/02 01:15:54.0763 1580 ComputerName: STEPHANIE-PC

2011/07/02 01:15:54.0763 1580 UserName: Stephanie

2011/07/02 01:15:54.0763 1580 Windows directory: C:\Windows

2011/07/02 01:15:54.0763 1580 System windows directory: C:\Windows

2011/07/02 01:15:54.0763 1580 Running under WOW64

2011/07/02 01:15:54.0764 1580 Processor architecture: Intel x64

2011/07/02 01:15:54.0764 1580 Number of processors: 2

2011/07/02 01:15:54.0764 1580 Page size: 0x1000

2011/07/02 01:15:54.0764 1580 Boot type: Normal boot

2011/07/02 01:15:54.0764 1580 ================================================================================

2011/07/02 01:15:56.0041 1580 Initialize success

2011/07/02 01:16:17.0649 3208 ================================================================================

2011/07/02 01:16:17.0649 3208 Scan started

2011/07/02 01:16:17.0649 3208 Mode: Manual;

2011/07/02 01:16:17.0649 3208 ================================================================================

2011/07/02 01:16:18.0415 3208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/07/02 01:16:18.0536 3208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/07/02 01:16:18.0613 3208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/07/02 01:16:18.0758 3208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/02 01:16:18.0877 3208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/02 01:16:18.0925 3208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/02 01:16:19.0081 3208 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/07/02 01:16:19.0206 3208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/07/02 01:16:19.0350 3208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/07/02 01:16:19.0498 3208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/07/02 01:16:19.0575 3208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/02 01:16:19.0940 3208 amdkmdag (437b35aab579ab7ce35203a9aa64383e) C:\Windows\system32\DRIVERS\atipmdag.sys

2011/07/02 01:16:20.0123 3208 amdkmdap (dc1ac1c07ca01bc976c528eb065e76a2) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/07/02 01:16:20.0196 3208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/02 01:16:20.0268 3208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/07/02 01:16:20.0376 3208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/02 01:16:20.0445 3208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/07/02 01:16:20.0528 3208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/07/02 01:16:20.0702 3208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/02 01:16:20.0742 3208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/02 01:16:20.0845 3208 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys

2011/07/02 01:16:20.0894 3208 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys

2011/07/02 01:16:20.0995 3208 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys

2011/07/02 01:16:21.0188 3208 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys

2011/07/02 01:16:21.0243 3208 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys

2011/07/02 01:16:21.0312 3208 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys

2011/07/02 01:16:21.0505 3208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/02 01:16:21.0574 3208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/07/02 01:16:21.0897 3208 atikmdag (437b35aab579ab7ce35203a9aa64383e) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/02 01:16:22.0160 3208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/02 01:16:22.0466 3208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/02 01:16:22.0618 3208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/02 01:16:22.0713 3208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/02 01:16:22.0865 3208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/02 01:16:22.0918 3208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/02 01:16:23.0001 3208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/02 01:16:23.0072 3208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/02 01:16:23.0161 3208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/02 01:16:23.0216 3208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/02 01:16:23.0278 3208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/02 01:16:23.0330 3208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/02 01:16:23.0469 3208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/02 01:16:23.0556 3208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/07/02 01:16:23.0695 3208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/02 01:16:23.0760 3208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/02 01:16:23.0946 3208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/02 01:16:24.0005 3208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/07/02 01:16:24.0142 3208 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/07/02 01:16:24.0299 3208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/02 01:16:24.0422 3208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/02 01:16:24.0525 3208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/02 01:16:24.0725 3208 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

2011/07/02 01:16:24.0921 3208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/07/02 01:16:25.0072 3208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/02 01:16:25.0166 3208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/02 01:16:25.0325 3208 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2011/07/02 01:16:25.0423 3208 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

2011/07/02 01:16:25.0502 3208 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/07/02 01:16:25.0583 3208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/02 01:16:25.0832 3208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/02 01:16:26.0186 3208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/02 01:16:26.0431 3208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/02 01:16:26.0620 3208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/07/02 01:16:26.0866 3208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/02 01:16:26.0941 3208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/02 01:16:27.0032 3208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/02 01:16:27.0110 3208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/02 01:16:27.0177 3208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/02 01:16:27.0312 3208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/02 01:16:27.0397 3208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/07/02 01:16:27.0528 3208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/02 01:16:27.0826 3208 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/07/02 01:16:27.0981 3208 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/02 01:16:28.0151 3208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/02 01:16:28.0285 3208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/02 01:16:28.0413 3208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/02 01:16:28.0472 3208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/02 01:16:28.0642 3208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/07/02 01:16:28.0783 3208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/02 01:16:28.0893 3208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/02 01:16:28.0944 3208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/02 01:16:28.0992 3208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/02 01:16:29.0099 3208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

2011/07/02 01:16:29.0265 3208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/02 01:16:29.0457 3208 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys

2011/07/02 01:16:29.0612 3208 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/07/02 01:16:29.0753 3208 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys

2011/07/02 01:16:29.0842 3208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/07/02 01:16:29.0973 3208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/02 01:16:30.0051 3208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/07/02 01:16:30.0158 3208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/07/02 01:16:30.0473 3208 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/02 01:16:30.0713 3208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/02 01:16:30.0797 3208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/07/02 01:16:31.0117 3208 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys

2011/07/02 01:16:31.0357 3208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/02 01:16:31.0453 3208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/02 01:16:31.0552 3208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/02 01:16:31.0649 3208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/02 01:16:31.0788 3208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/02 01:16:31.0850 3208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/07/02 01:16:31.0922 3208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/07/02 01:16:32.0034 3208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/07/02 01:16:32.0109 3208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/07/02 01:16:32.0242 3208 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/02 01:16:32.0301 3208 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/02 01:16:32.0409 3208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/02 01:16:32.0483 3208 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys

2011/07/02 01:16:32.0635 3208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/02 01:16:32.0943 3208 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

2011/07/02 01:16:33.0170 3208 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

2011/07/02 01:16:33.0384 3208 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

2011/07/02 01:16:33.0527 3208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/02 01:16:33.0602 3208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/02 01:16:33.0641 3208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/02 01:16:33.0737 3208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/02 01:16:33.0794 3208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/02 01:16:33.0920 3208 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys

2011/07/02 01:16:34.0066 3208 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys

2011/07/02 01:16:34.0360 3208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/02 01:16:34.0461 3208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/02 01:16:34.0631 3208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/02 01:16:34.0694 3208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/02 01:16:34.0782 3208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

2011/07/02 01:16:34.0884 3208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/02 01:16:34.0968 3208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/07/02 01:16:35.0065 3208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/07/02 01:16:35.0159 3208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/02 01:16:35.0403 3208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/07/02 01:16:35.0467 3208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/02 01:16:35.0546 3208 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/02 01:16:35.0646 3208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/02 01:16:35.0765 3208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/07/02 01:16:35.0853 3208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/07/02 01:16:35.0982 3208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/02 01:16:36.0077 3208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/02 01:16:36.0146 3208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/07/02 01:16:36.0275 3208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/02 01:16:36.0309 3208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/02 01:16:36.0452 3208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/02 01:16:36.0707 3208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/07/02 01:16:37.0032 3208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/07/02 01:16:37.0301 3208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/02 01:16:37.0361 3208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/02 01:16:37.0420 3208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/02 01:16:37.0506 3208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/02 01:16:37.0646 3208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/07/02 01:16:37.0719 3208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/02 01:16:37.0804 3208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/02 01:16:37.0867 3208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/02 01:16:37.0923 3208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/02 01:16:38.0027 3208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/07/02 01:16:38.0248 3208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/02 01:16:38.0330 3208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/02 01:16:38.0738 3208 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/07/02 01:16:38.0934 3208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/02 01:16:39.0085 3208 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

2011/07/02 01:16:39.0133 3208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/02 01:16:39.0243 3208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/02 01:16:39.0366 3208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/07/02 01:16:39.0471 3208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/02 01:16:39.0545 3208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/07/02 01:16:39.0669 3208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/07/02 01:16:39.0743 3208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/07/02 01:16:39.0864 3208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/07/02 01:16:40.0057 3208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/02 01:16:40.0121 3208 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/07/02 01:16:40.0300 3208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/07/02 01:16:40.0349 3208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/07/02 01:16:40.0426 3208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/02 01:16:40.0472 3208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/02 01:16:40.0624 3208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/02 01:16:40.0934 3208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/02 01:16:41.0000 3208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/02 01:16:41.0167 3208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/02 01:16:41.0295 3208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/02 01:16:41.0399 3208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/02 01:16:41.0469 3208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/02 01:16:41.0554 3208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/02 01:16:41.0619 3208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/02 01:16:41.0743 3208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/02 01:16:41.0823 3208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/02 01:16:41.0914 3208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/02 01:16:41.0983 3208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/02 01:16:42.0069 3208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/02 01:16:42.0106 3208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/02 01:16:42.0285 3208 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

2011/07/02 01:16:42.0351 3208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/02 01:16:42.0444 3208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/02 01:16:42.0496 3208 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/07/02 01:16:42.0650 3208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/07/02 01:16:42.0833 3208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/02 01:16:42.0907 3208 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

2011/07/02 01:16:43.0005 3208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/02 01:16:43.0074 3208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/02 01:16:43.0466 3208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/02 01:16:43.0544 3208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/02 01:16:43.0591 3208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/02 01:16:43.0696 3208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/02 01:16:43.0810 3208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/07/02 01:16:43.0848 3208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/02 01:16:43.0944 3208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/02 01:16:44.0053 3208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/02 01:16:44.0198 3208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/02 01:16:44.0257 3208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/02 01:16:44.0320 3208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/02 01:16:44.0447 3208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/02 01:16:44.0789 3208 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys

2011/07/02 01:16:44.0916 3208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/07/02 01:16:45.0088 3208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/02 01:16:45.0182 3208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/02 01:16:45.0395 3208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/02 01:16:45.0475 3208 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/02 01:16:45.0578 3208 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

2011/07/02 01:16:45.0630 3208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/07/02 01:16:45.0749 3208 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

2011/07/02 01:16:45.0870 3208 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/07/02 01:16:46.0037 3208 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/02 01:16:46.0158 3208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/02 01:16:46.0233 3208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/02 01:16:46.0308 3208 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/02 01:16:46.0389 3208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/02 01:16:46.0511 3208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/07/02 01:16:46.0632 3208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/02 01:16:46.0759 3208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/02 01:16:46.0844 3208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/02 01:16:46.0912 3208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/02 01:16:47.0034 3208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/02 01:16:47.0130 3208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/02 01:16:47.0246 3208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/07/02 01:16:47.0286 3208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/02 01:16:47.0421 3208 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

2011/07/02 01:16:47.0476 3208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/02 01:16:47.0550 3208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/07/02 01:16:47.0631 3208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/02 01:16:47.0721 3208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/02 01:16:47.0807 3208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/07/02 01:16:47.0880 3208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/02 01:16:47.0962 3208 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/02 01:16:48.0032 3208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/02 01:16:48.0082 3208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/02 01:16:48.0188 3208 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/02 01:16:48.0290 3208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/02 01:16:48.0381 3208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/02 01:16:48.0436 3208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/02 01:16:48.0498 3208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/07/02 01:16:48.0829 3208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/07/02 01:16:48.0908 3208 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

2011/07/02 01:16:48.0998 3208 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/02 01:16:49.0069 3208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/07/02 01:16:49.0148 3208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/07/02 01:16:49.0213 3208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/07/02 01:16:49.0342 3208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/02 01:16:49.0418 3208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/07/02 01:16:49.0514 3208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/02 01:16:49.0657 3208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/02 01:16:49.0691 3208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/02 01:16:49.0861 3208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/02 01:16:49.0974 3208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/02 01:16:50.0134 3208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/02 01:16:50.0165 3208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/02 01:16:50.0352 3208 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/02 01:16:50.0538 3208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/02 01:16:50.0678 3208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/02 01:16:50.0867 3208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/07/02 01:16:50.0960 3208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/02 01:16:51.0279 3208 ZTEusbmdm6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

2011/07/02 01:16:51.0373 3208 ZTEusbnmea (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

2011/07/02 01:16:51.0576 3208 ZTEusbser6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

2011/07/02 01:16:51.0704 3208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/02 01:16:51.0773 3208 Boot (0x1200) (6148cf05feaceb127a71c368ab8dad9f) \Device\Harddisk0\DR0\Partition0

2011/07/02 01:16:51.0840 3208 Boot (0x1200) (5077814fe4d6fead372a8b7e8b7024a0) \Device\Harddisk0\DR0\Partition1

2011/07/02 01:16:51.0869 3208 ================================================================================

2011/07/02 01:16:51.0869 3208 Scan finished

2011/07/02 01:16:51.0869 3208 ================================================================================

2011/07/02 01:16:51.0903 0656 Detected object count: 0

2011/07/02 01:16:51.0903 0656 Actual detected object count: 0

DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Stephanie at 1:22:53 on 2011-07-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4026.2657 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Windows\Explorer.EXE

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&affID=17159

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&affID=17159

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [<NO NAME>]

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - C:\Users\Stephanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 219.139.81.6 168.95.1.1

TCP: Interfaces\{9916C7CD-F913-4A59-A47B-C1C17CBE9975} : DhcpNameServer = 219.139.81.6 168.95.1.1

TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD} : DhcpNameServer = 219.139.81.6 168.95.1.1

TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\24450264573796F6E6D243136303 : DhcpNameServer = 192.168.178.254

TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\244584F6D65684572623D233255305 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\3427169676E45647 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A8459837-8A5F-4EB5-9FBA-E84D578FBADD}\5534F6E6E6563647 : DhcpNameServer = 193.60.160.250 193.60.160.84 193.60.160.137

TCP: Interfaces\{EFB484CE-37BC-4555-AA18-A36FF0CE020C} : NameServer = 10.36.40.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [(Default)]

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&instlRef=sst&affID=17159&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll

FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-25 42184]

R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-10-22 1737464]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-3-25 271408]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-29 366640]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-07-01 23:33:01 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{820BD05A-1D0B-4146-B04C-6175DB914BC9}\mpengine.dll

2011-06-29 18:27:04 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-06-29 18:27:03 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-06-29 18:27:02 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-06-29 18:27:02 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-06-29 18:27:01 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-06-29 18:27:01 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-06-29 18:27:00 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-06-29 18:27:00 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-06-29 17:35:52 -------- d-----w- C:\Users\Stephanie\AppData\Roaming\Malwarebytes

2011-06-29 17:35:44 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-29 17:35:42 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-29 17:35:38 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-29 17:35:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-29 17:14:20 -------- d-----w- C:\Users\Stephanie\AppData\Local\{8E5EF0A7-204E-4997-B8F2-22658834699D}

2011-06-27 17:38:43 -------- d-----w- C:\Users\Stephanie\AppData\Local\{9161734D-980C-4ECA-A38D-7F9B45ADB718}

2011-06-26 21:06:11 -------- d-----w- C:\Users\Stephanie\AppData\Local\Origin

2011-06-26 20:59:34 -------- d-----w- C:\ProgramData\Origin

2011-06-26 20:59:33 -------- d-----w- C:\Program Files (x86)\Origin Games

2011-06-26 20:58:50 -------- d-----w- C:\Program Files (x86)\Origin

2011-06-26 20:39:24 -------- d-----w- C:\ProgramData\Electronic Arts

2011-06-26 20:27:57 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-06-26 20:27:02 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll

2011-06-26 20:27:02 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2011-06-26 19:03:08 -------- d-----w- C:\Users\Stephanie\AppData\Local\{FDF15329-384D-4B6B-AF05-6B60A029CD91}

2011-06-25 01:48:10 -------- d-----w- C:\Windows\System32\SPReview

2011-06-25 01:47:00 -------- d-----w- C:\Windows\System32\EventProviders

2011-06-23 22:59:52 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-23 22:59:52 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-23 19:40:14 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-06-23 19:40:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-06-23 19:38:59 3957760 ----a-w- C:\Windows\System32\WinSAT.exe

2011-06-23 19:37:59 571904 ----a-w- C:\Windows\System32\mspbda.dll

2011-06-23 19:36:59 828928 ----a-w- C:\Windows\SysWow64\fontext.dll

2011-06-23 19:35:59 48640 ----a-w- C:\Windows\System32\luainstall.dll

2011-06-23 19:34:48 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-06-23 19:34:48 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-06-23 19:34:42 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-06-23 19:34:42 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-06-23 19:31:09 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-23 19:31:09 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-06-23 19:31:09 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-06-23 19:30:58 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-06-23 19:30:53 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-06-23 19:30:27 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-06-23 19:30:27 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-06-19 19:19:38 -------- d-----w- C:\Users\Stephanie\AppData\Local\{3F58F7D7-61D7-42E4-91DA-C635B1E5E4B8}

2011-06-19 08:04:28 7106560 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe

2011-06-18 18:50:06 -------- d-----w- C:\Program Files\iPod

2011-06-18 18:50:05 -------- d-----w- C:\Program Files\iTunes

2011-06-18 12:08:15 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-18 12:08:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-06-18 12:08:14 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2011-06-18 12:08:11 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-18 12:08:11 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-18 12:08:10 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-18 12:08:10 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-06-18 12:08:10 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-06-18 12:08:07 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-06-18 12:06:01 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-18 12:06:01 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-18 12:05:58 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-18 12:05:58 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-07 11:35:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 11:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-06-06 11:50:36 -------- d-----w- C:\Windows\pss

2011-06-03 23:31:32 -------- d-----w- C:\Users\Stephanie\AppData\Local\{3B43898E-62F8-425C-BB2C-302A4D3D55C5}

2011-06-02 14:01:27 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-06-25 02:01:11 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-25 02:01:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr

2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-05-10 07:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2011-05-10 07:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll

2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

.

============= FINISH: 1:25:07.22 ===============

security check:

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.3.181.26

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

windows defender MpCmdRun.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

``````````End of Log````````````

The problem was still occurring :(

but thank you for your reply and help so far. :)

Attach.txt

Link to post
Share on other sites

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

Link to post
Share on other sites

Here is the ComboFix log...

ComboFix 11-07-03.01 - Stephanie 04/07/2011 0:58.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4026.2527 [GMT 1:00]

Running from: c:\users\Stephanie\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll

c:\users\Stephanie\AppData\Roaming\cacaoweb

c:\users\Stephanie\AppData\Roaming\cacaoweb\npdfile.dat

c:\users\Stephanie\AppData\Roaming\cacaoweb\storage.db

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\html

c:\windows\SysWow64\html\calendar.html

c:\windows\SysWow64\html\calendarbottom.html

c:\windows\SysWow64\html\calendartop.html

c:\windows\SysWow64\html\crystalexportdialog.htm

c:\windows\SysWow64\html\crystalprinthost.html

c:\windows\SysWow64\images

c:\windows\SysWow64\images\toolbar\calendar.gif

c:\windows\SysWow64\images\toolbar\crlogo.gif

c:\windows\SysWow64\images\toolbar\export.gif

c:\windows\SysWow64\images\toolbar\export_over.gif

c:\windows\SysWow64\images\toolbar\exportd.gif

c:\windows\SysWow64\images\toolbar\First.gif

c:\windows\SysWow64\images\toolbar\first_over.gif

c:\windows\SysWow64\images\toolbar\Firstd.gif

c:\windows\SysWow64\images\toolbar\gotopage.gif

c:\windows\SysWow64\images\toolbar\gotopage_over.gif

c:\windows\SysWow64\images\toolbar\gotopaged.gif

c:\windows\SysWow64\images\toolbar\grouptree.gif

c:\windows\SysWow64\images\toolbar\grouptree_over.gif

c:\windows\SysWow64\images\toolbar\grouptreed.gif

c:\windows\SysWow64\images\toolbar\grouptreepressed.gif

c:\windows\SysWow64\images\toolbar\Last.gif

c:\windows\SysWow64\images\toolbar\last_over.gif

c:\windows\SysWow64\images\toolbar\Lastd.gif

c:\windows\SysWow64\images\toolbar\Next.gif

c:\windows\SysWow64\images\toolbar\next_over.gif

c:\windows\SysWow64\images\toolbar\Nextd.gif

c:\windows\SysWow64\images\toolbar\Prev.gif

c:\windows\SysWow64\images\toolbar\prev_over.gif

c:\windows\SysWow64\images\toolbar\Prevd.gif

c:\windows\SysWow64\images\toolbar\print.gif

c:\windows\SysWow64\images\toolbar\print_over.gif

c:\windows\SysWow64\images\toolbar\printd.gif

c:\windows\SysWow64\images\toolbar\Refresh.gif

c:\windows\SysWow64\images\toolbar\refresh_over.gif

c:\windows\SysWow64\images\toolbar\refreshd.gif

c:\windows\SysWow64\images\toolbar\Search.gif

c:\windows\SysWow64\images\toolbar\search_over.gif

c:\windows\SysWow64\images\toolbar\searchd.gif

c:\windows\SysWow64\images\toolbar\up.gif

c:\windows\SysWow64\images\toolbar\up_over.gif

c:\windows\SysWow64\images\toolbar\upd.gif

c:\windows\SysWow64\images\tree\begindots.gif

c:\windows\SysWow64\images\tree\beginminus.gif

c:\windows\SysWow64\images\tree\beginplus.gif

c:\windows\SysWow64\images\tree\blank.gif

c:\windows\SysWow64\images\tree\blankdots.gif

c:\windows\SysWow64\images\tree\dots.gif

c:\windows\SysWow64\images\tree\lastdots.gif

c:\windows\SysWow64\images\tree\lastminus.gif

c:\windows\SysWow64\images\tree\lastplus.gif

c:\windows\SysWow64\images\tree\Magnify.gif

c:\windows\SysWow64\images\tree\minus.gif

c:\windows\SysWow64\images\tree\minusbox.gif

c:\windows\SysWow64\images\tree\plus.gif

c:\windows\SysWow64\images\tree\plusbox.gif

c:\windows\SysWow64\images\tree\singleminus.gif

c:\windows\SysWow64\images\tree\singleplus.gif

.

.

((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))

.

.

2011-07-04 00:19 . 2011-07-04 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-01 23:33 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{820BD05A-1D0B-4146-B04C-6175DB914BC9}\mpengine.dll

2011-06-29 18:27 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 18:27 . 2011-05-04 05:22 2223616 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 18:27 . 2011-05-04 05:19 591872 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 18:27 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll

2011-06-29 18:27 . 2011-05-04 05:19 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 18:27 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\SysWow64\tquery.dll

2011-06-29 18:27 . 2011-05-04 04:28 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe

2011-06-29 18:27 . 2011-05-04 04:28 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe

2011-06-29 17:35 . 2011-06-29 17:35 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes

2011-06-29 17:35 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-29 17:35 . 2011-06-29 17:35 -------- d-----w- c:\programdata\Malwarebytes

2011-06-29 17:35 . 2011-06-29 17:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-29 17:35 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 17:14 . 2011-06-29 17:14 -------- d-----w- c:\users\Stephanie\AppData\Local\{8E5EF0A7-204E-4997-B8F2-22658834699D}

2011-06-27 17:38 . 2011-06-27 17:38 -------- d-----w- c:\users\Stephanie\AppData\Local\{9161734D-980C-4ECA-A38D-7F9B45ADB718}

2011-06-26 21:06 . 2011-06-26 21:06 -------- d-----w- c:\users\Stephanie\AppData\Local\Origin

2011-06-26 20:59 . 2011-06-26 21:07 -------- d-----w- c:\programdata\Origin

2011-06-26 20:59 . 2011-06-26 20:59 -------- d-----w- c:\program files (x86)\Origin Games

2011-06-26 20:58 . 2011-06-26 20:59 -------- d-----w- c:\program files (x86)\Origin

2011-06-26 20:39 . 2011-06-26 20:59 -------- d-----w- c:\programdata\Electronic Arts

2011-06-26 20:27 . 2011-06-26 20:27 -------- d-----w- c:\program files (x86)\Microsoft WSE

2011-06-26 20:27 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll

2011-06-26 20:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll

2011-06-26 19:54 . 2011-06-27 12:55 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-06-26 19:03 . 2011-06-26 19:03 -------- d-----w- c:\users\Stephanie\AppData\Local\{FDF15329-384D-4B6B-AF05-6B60A029CD91}

2011-06-25 01:48 . 2011-06-25 01:48 -------- d-----w- c:\windows\system32\SPReview

2011-06-25 01:47 . 2011-06-25 01:47 -------- d-----w- c:\windows\system32\EventProviders

2011-06-23 22:59 . 2011-06-23 22:59 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-23 22:59 . 2011-06-23 22:59 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-23 19:40 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-06-23 19:40 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-06-23 19:38 . 2010-11-20 13:25 1975296 ----a-w- c:\windows\system32\CertEnroll.dll

2011-06-23 19:37 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll

2011-06-23 19:36 . 2010-11-20 13:27 769536 ----a-w- c:\windows\system32\sud.dll

2011-06-23 19:35 . 2010-11-20 13:27 145920 ----a-w- c:\windows\system32\sppc.dll

2011-06-23 19:34 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-06-23 19:34 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-06-23 19:34 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-06-23 19:34 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-06-23 19:31 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-06-23 19:31 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-23 19:31 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-06-23 19:30 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-06-23 19:30 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-06-23 19:30 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-06-23 19:30 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-06-19 19:19 . 2011-06-19 19:19 -------- d-----w- c:\users\Stephanie\AppData\Local\{3F58F7D7-61D7-42E4-91DA-C635B1E5E4B8}

2011-06-19 08:04 . 2003-09-02 20:39 7106560 ----a-w- c:\program files (x86)\Microsoft Games\Age of Mythology\aomx.exe

2011-06-18 18:50 . 2011-06-18 18:50 -------- d-----w- c:\program files\iPod

2011-06-18 18:50 . 2011-06-18 18:50 -------- d-----w- c:\program files\iTunes

2011-06-18 12:08 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-18 12:08 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-18 12:08 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2011-06-18 12:08 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-18 12:08 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-18 12:08 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-18 12:08 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-18 12:08 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-18 12:08 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys

2011-06-18 12:06 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-18 12:06 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-18 12:05 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-18 12:05 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-07 11:35 . 2011-06-07 11:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 11:35 . 2011-06-07 11:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-25 02:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-25 02:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 09:54 . 2011-04-14 22:54 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-06-24 09:54 . 2011-04-14 22:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-06-23 13:08 . 2011-06-02 14:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-21 20:27 . 2011-04-29 11:41 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-06-21 20:26 . 2011-04-29 11:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-05-24 18:14 . 2010-08-24 14:24 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-11 20:35 . 2011-04-29 11:41 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-05-10 12:10 . 2010-08-24 20:41 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2010-08-24 20:41 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-05-10 12:10 . 2011-05-25 20:53 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:04 . 2011-05-25 20:53 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:04 . 2010-08-24 20:42 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2010-08-24 20:42 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2010-08-24 20:42 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2010-08-24 20:42 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2010-08-24 20:42 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-10 07:06 . 2011-05-10 07:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2011-05-10 07:06 . 2011-05-10 07:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-04 16:37 . 2011-04-14 22:53 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-04-22 22:15 . 2011-05-24 18:43 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 07:02 . 2011-05-11 16:37 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-24 18:43 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 16:37 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 16:37 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-24 18:43 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 15:26 . 2011-04-06 15:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 15:26 . 2011-04-06 15:26 237856 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-04-27 09:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-04 98304]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-03-01 373640]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2010-09-22 19:19 284208 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-04 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-04 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-04 365592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&affID=17159

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Stephanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 219.139.81.6 168.95.1.1

TCP: Interfaces\{EFB484CE-37BC-4555-AA18-A36FF0CE020C}: NameServer = 10.36.40.1

FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\0ihsu2vi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1e56df0600000000000000ffefb484ce&tlver=1.4.19.19&instlRef=sst&affID=17159&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

AddRemove-AsUninst.exe - c:\windows\system32\AsUninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Mozilla Firefox\firefox.exe

c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe

c:\program files (x86)\Mozilla Firefox\plugin-container.exe

.

**************************************************************************

.

Completion time: 2011-07-04 01:52:14 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-04 00:51

.

Pre-Run: 198,557,712,384 bytes free

Post-Run: 200,194,273,280 bytes free

.

- - End Of File - - AEA14A597582359938EB7CC9D389D0CB

And the problem still remains :(

Link to post
Share on other sites

Let's try the following ;)

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

Link to post
Share on other sites

here's the kaspersky report....

Autoscan: malfunction (events: 1, objects: 0, time: Unknown)

05/07/2011 20:58:08 Task started

Autoscan: completed 2 hours ago (events: 2, objects: 2058321, time: 10:43:07)

05/07/2011 23:56:17 Task started

06/07/2011 10:39:25 Task completed

it never found anything...

and the problem's still there :L

Link to post
Share on other sites

Let's try the following ;):

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from here.
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.

At the boot option please press the number 1 on your keyboard to 1 Boot AntiVir Rescue System (default) and press Enter or just wait.

You will then see the graphical interface of Rescue CD loading modules and mounting devices. The default language is German, but you can change it to English anytime by clicking on the English flag on the lower-left side of the screen.

2cnti8i.gif

Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.

Then please go back to Virus scanner and click Start scanneren.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.