Jump to content

Recommended Posts

Received this when I got a chat msg from my daughter via FB - said "do you want to see something funny?" and a link, took me to a youtube site that prompted me to download Acrobat Flash updater, then Defender scanned something bad and rebooted.

Since then my "Microsoft Security Essentials" shows a "Enhanced Protection Mode" red dialog, MSE is disabled, my DNS keeps getting redirected (I use OpenDNS) somewhere strange, and now it's completely disabled my network devices (I cant go online at all), video keeps dimming, and it reboots in safemode no matter WHAT I select during an "F8" boot. I also cannot access System Restore without errors.

Since then, called Microsoft to no avail :< Three phonecalls, and they all said they NEVER heard of Koobface, or "Enhanced Protection Mode", what a joke! Only reason I suspect its a koobface is the EPM...

Downloaded to flash drive and installed Malwarebytes, Avira, ran scans, and all the below as per.

Help! (DDS pasted below, attached in zip file is attach.txt, ark.txt, and mbam-log.

/r

Chip

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Chip at 13:58:27 on 2011-08-23

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {B80F591E-FE9A-46CF-A13E-180377240586} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [tray_ico]

mRun: [tray_ico1]

mRun: [tray_ico2]

mRun: [tray_ico3]

mRun: [tray_ico4]

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: atperspective.com\www

Trusted Zone: fusionmls.com\fmls

Trusted Zone: rexplorer.net

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://www.fultoncourtrecords.com:7778/forms/jinitiator/jinit.exe

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.254.254

TCP: Interfaces\{46B19DA3-1F2A-4FA0-854B-6B2B2EF9ACEB} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D} : DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.254.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\140707C65602E4564777F627B602230393331353 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\2375942554036363 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\45548433F5E6564723 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\6457277656471626F657479647 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B63797370245548433 : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B63797370245548433 : DhcpNameServer = 192.168.254.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {B80F591E-FE9A-46CF-A13E-180377240586} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [tray_ico]

mRun-x64: [tray_ico1]

mRun-x64: [tray_ico2]

mRun-x64: [tray_ico3]

mRun-x64: [tray_ico4]

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chip\AppData\Roaming\Mozilla\Firefox\Profiles\v9a7p8oe.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13122.dll

FF - plugin: C:\Program Files (x86)\Opera\program\plugins\NPJinit13122.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-08-23 17:15:29 -------- d-----w- C:\Users\Chip\AppData\Roaming\Avira

2011-08-23 17:14:12 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-08-23 17:14:12 -------- d-----w- C:\ProgramData\Avira

2011-08-23 17:14:12 -------- d-----w- C:\Program Files (x86)\Avira

2011-08-23 17:11:14 -------- d-----w- C:\AV stuff

2011-08-23 15:24:45 -------- d-----w- C:\Users\Chip\AppData\Roaming\Malwarebytes

2011-08-23 15:24:41 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-23 15:24:41 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-23 15:24:38 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-23 15:24:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-23 14:39:56 -------- dc----w- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2011-08-23 13:57:38 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-08-23 13:09:06 -------- d-----w- C:\6d5a56376009c3288d22a66d6c69

2011-08-23 02:20:27 -------- d-----w- C:\Program Files (x86)\Microsoft Easy Assist

2011-08-23 02:20:18 -------- d-----w- C:\ProgramData\Applications

2011-08-23 01:08:35 -------- d-----we C:\Windows\system64

2011-08-23 01:05:29 7752528 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-08-23 01:05:25 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5B9D1AF-8429-4E4F-AF6C-E2B538B775FD}\mpengine.dll

2011-08-23 01:03:49 -------- d-----w- C:\Windows\ufa

2011-08-23 01:03:49 -------- d-----w- C:\Windows\rpcminer

2011-08-23 01:03:49 -------- d-----w- C:\Windows\phoenix

2011-08-23 01:01:37 -------- d--h--w- C:\Windows\update.7.1

2011-08-23 00:58:45 -------- d--h--w- C:\Windows\update.2

2011-08-23 00:54:28 246272 ----a-w- C:\Windows\unrar.exe

2011-08-23 00:54:04 -------- d--h--w- C:\Windows\update.5.0

2011-08-23 00:51:26 -------- d-----w- C:\Windows\av_ico

2011-08-23 00:49:08 -------- d--h--w- C:\Windows\update.1

2011-08-23 00:48:53 -------- d--h--w- C:\Windows\update.tray-14-0-lnk

2011-08-23 00:48:53 -------- d--h--w- C:\Windows\update.tray-14-0

2011-08-17 17:42:03 -------- d-----w- C:\Users\Chip\AppData\Roaming\OpenOffice.org

2011-08-17 17:40:55 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2011-08-16 15:38:14 17200 ----a-w- C:\Windows\System32\nitrolocalui2.dll

2011-08-16 15:38:13 28976 ----a-w- C:\Windows\System32\nitrolocalmon2.dll

2011-08-16 15:35:48 -------- d-----w- C:\Users\Chip\AppData\Roaming\Downloaded Installations

2011-08-06 14:54:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-08-16 20:48:08 59 ----a-w- C:\Windows\wpd99.drv

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-11 15:49:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-20 18:42:16 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-20 18:42:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 13:59:33.18 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Don't alter your logs and turn off Word Wrap in Notepad.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Attach updated 08.27.2011.zipCombofix was run yesterday because I HAD to have my pc up and running, and that was the only thing that worked. Here's the ComboFix log, updated DDS and Attach.txt. I keep getting the TR/ATRAPS.Gen2 warnings from Avira. After running ComboFix alot of things were repaired, namely the ability to get back on the internet.

ComboFix follows then DDS. Attach.txt zipped and attached.

/r

ComboFix 11-08-24.06 - conns 08/25/2011 0:59.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2086 [GMT -4:00]

Running from: c:\users\conns\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Public\videos\HP MediaSmart Demo.exe

c:\windows\btc_client_iplist.txt

c:\windows\front_ip_list.txt

c:\windows\geoiplist

c:\windows\geoiplist.rar

c:\windows\iecheck_iplist.txt

c:\windows\info1

c:\windows\iplist.txt

c:\windows\loader2.exe_ok

c:\windows\phoenix

c:\windows\phoenix.rar

c:\windows\phoenix\kernels\phatk\__init__.py

c:\windows\phoenix\kernels\phatk\__init__.pyc

c:\windows\phoenix\kernels\phatk\BFIPatcher.py

c:\windows\phoenix\kernels\phatk\kernel.cl

c:\windows\phoenix\kernels\poclbm\__init__.py

c:\windows\phoenix\kernels\poclbm\__init__.pyc

c:\windows\phoenix\kernels\poclbm\BFIPatcher.py

c:\windows\phoenix\kernels\poclbm\kernel.cl

c:\windows\phoenix\phoenix.exe

c:\windows\proc_list1.log

c:\windows\rpcminer.rar

c:\windows\security\Database\tmp.edb

c:\windows\system32\consrv.dll

c:\windows\system32\drivers\etc\HSTS~1

c:\windows\System64

c:\windows\SysWow64\sqlite3.dll

c:\windows\ufa.rar

c:\windows\update.1

c:\windows\update.2

c:\windows\update.5.0

c:\windows\update.7.1

c:\windows\winlog-dirs.txt

c:\windows\winlog-ids.txt

c:\windows\winsetupapi.log

.

.

((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))

.

.

2011-08-25 05:05 . 2011-08-25 05:05 -------- d-----w- c:\users\Meggel.CHHP\AppData\Local\temp

2011-08-25 05:05 . 2011-08-25 05:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-25 05:05 . 2011-08-25 05:05 -------- d-----w- c:\users\Chip\AppData\Local\temp

2011-08-25 05:05 . 2011-08-25 05:05 -------- d-----w- c:\users\Meggel\AppData\Local\temp

2011-08-25 04:30 . 2011-08-25 04:30 -------- d-----w- c:\users\conns\AppData\Roaming\Avira

2011-08-25 04:24 . 2011-07-20 15:30 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-25 04:24 . 2011-07-20 15:30 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-25 04:24 . 2011-08-25 04:24 -------- d-----w- c:\programdata\Avira

2011-08-25 04:24 . 2011-08-25 04:24 -------- d-----w- c:\program files (x86)\Avira

2011-08-25 04:05 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-25 04:05 . 2011-08-25 04:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-25 04:03 . 2011-08-25 04:03 -------- d-----w- c:\programdata\McAfee

2011-08-25 04:01 . 2011-08-25 04:01 -------- d-s---w- c:\windows\SysWow64\Microsoft

2011-08-25 03:22 . 2011-08-25 03:22 -------- d-----w- c:\users\conns\AppData\Roaming\McAfee

2011-08-25 03:05 . 2011-08-25 03:05 -------- d-----w- c:\users\conns\AppData\Roaming\OpenDNS Updater

2011-08-25 01:25 . 2011-08-25 01:25 -------- d-----w- c:\users\Chip\AppData\Roaming\McAfee

2011-08-25 01:06 . 2011-08-25 01:06 -------- d-----w- c:\program files (x86)\Common Files\Motive

2011-08-25 01:06 . 2011-08-25 01:06 -------- d-----w- c:\program files\Common Files\Motive

2011-08-25 01:06 . 2011-08-25 01:06 -------- d-----w- c:\programdata\Motive

2011-08-25 01:04 . 2011-08-25 01:05 -------- d-----w- c:\users\Chip\AV Stuff

2011-08-25 01:04 . 2011-08-25 01:04 -------- d-----w- c:\users\Chip\AppData\Roaming\Windstream

2011-08-25 01:04 . 2011-08-25 01:04 -------- d-----w- c:\users\Chip\AppData\Roaming\Radialpoint

2011-08-25 00:21 . 2011-08-25 00:21 -------- d-----w- c:\users\conns\AppData\Roaming\Windstream

2011-08-25 00:21 . 2011-08-25 03:22 -------- d-----w- c:\programdata\Radialpoint

2011-08-25 00:21 . 2011-08-25 00:33 -------- d-----w- c:\users\conns\AppData\Roaming\Radialpoint

2011-08-25 00:21 . 2011-08-25 03:37 -------- d-----w- c:\programdata\Windstream

2011-08-25 00:00 . 2011-08-25 00:01 -------- d-----w- c:\users\conns\AppData\Local\ElevatedDiagnostics

2011-08-24 22:01 . 2011-08-24 22:01 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-08-24 21:47 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 21:47 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-24 19:09 . 2011-08-24 19:09 -------- d-----w- c:\users\conns\AppData\Local\CyberLink

2011-08-24 19:09 . 2011-08-24 19:09 -------- d-----w- c:\users\conns\AppData\Local\PowerCinema

2011-08-24 18:51 . 2011-08-24 18:51 -------- d-----w- c:\users\conns\AppData\Roaming\Malwarebytes

2011-08-24 18:50 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 18:46 . 2011-08-25 03:42 -------- d-----w- c:\users\conns\AppData\Roaming\U3

2011-08-24 18:36 . 2011-08-24 18:36 -------- d-----w- c:\users\conns\AppData\Local\ArcSoft

2011-08-24 18:35 . 2011-08-24 18:35 -------- d-----w- c:\users\conns\AppData\Roaming\ArcSoft

2011-08-23 17:11 . 2011-08-24 21:48 -------- d-----w- C:\AV stuff

2011-08-23 15:24 . 2011-08-23 15:24 -------- d-----w- c:\users\Chip\AppData\Roaming\Malwarebytes

2011-08-23 15:24 . 2011-08-23 15:24 -------- d-----w- c:\programdata\Malwarebytes

2011-08-23 14:39 . 2011-08-23 14:39 -------- dc----w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2011-08-23 02:20 . 2011-08-23 02:20 -------- d-----w- c:\programdata\Applications

2011-08-23 01:05 . 2011-08-16 12:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5B9D1AF-8429-4E4F-AF6C-E2B538B775FD}\mpengine.dll

2011-08-23 01:03 . 2011-08-24 21:32 -------- d-----w- c:\windows\ufa

2011-08-23 00:54 . 2011-08-24 18:39 246272 ----a-w- c:\windows\unrar.exe

2011-08-23 00:51 . 2011-08-24 21:48 -------- d-----w- c:\windows\av_ico

2011-08-23 00:48 . 2011-08-24 19:03 -------- d--h--w- c:\windows\update.tray-14-0-lnk

2011-08-23 00:48 . 2011-08-24 18:55 -------- d--h--w- c:\windows\update.tray-14-0

2011-08-17 17:42 . 2011-08-17 17:42 -------- d-----w- c:\users\Chip\AppData\Roaming\OpenOffice.org

2011-08-17 17:40 . 2011-08-17 17:49 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2011-08-16 15:38 . 2011-08-16 15:38 -------- d-----w- c:\users\Chip\AppData\Roaming\Nitro PDF

2011-08-16 15:38 . 2011-06-21 22:56 17200 ----a-w- c:\windows\system32\nitrolocalui2.dll

2011-08-16 15:38 . 2011-06-21 22:56 28976 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2011-08-16 15:38 . 2011-08-16 15:38 -------- d-----w- c:\programdata\Nitro PDF

2011-08-16 15:35 . 2011-08-16 15:37 -------- d-----w- c:\users\Chip\AppData\Roaming\Downloaded Installations

2011-08-06 14:54 . 2011-08-22 16:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-05 12:16 . 2011-08-24 21:48 -------- d-----w- c:\users\Christina Bugg

2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-19 00:55 . 2011-07-19 00:55 53248 ----a-r- c:\users\Chip\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2011-07-16 04:26 . 2011-08-10 21:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-11 15:49 . 2010-09-14 12:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-20 18:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-20 18:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-11 03:07 . 2011-07-13 11:41 3137536 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

"DisableThumbnailCache"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-14 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-14 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-09-27 21624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-07-05 517632]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 Zimbra Desktop Service;Zimbra Desktop Service;c:\users\Chip\AppData\Local\Zimbra\zdesktop\zdesktop.exe [2010-01-26 139264]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 18:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-14 11:45]

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-14 11:45]

.

2011-08-22 c:\windows\Tasks\HPCeeScheduleForChip.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

2011-08-25 c:\windows\Tasks\HPCeeScheduleForconns.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

2011-08-22 c:\windows\Tasks\HPCeeScheduleForMeggel.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"combofix"="c:\combofix\CF25450.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.254.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B63797370245548433: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-tray_ico - (no file)

Wow6432Node-HKLM-Run-tray_ico1 - (no file)

Wow6432Node-HKLM-Run-tray_ico2 - (no file)

Wow6432Node-HKLM-Run-tray_ico3 - (no file)

Wow6432Node-HKLM-Run-tray_ico4 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

AddRemove-RadialpointServicepointDashboardExtensions_is1 - c:\users\conns\AppData\Local\Temp\is-H33RS.tmp\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Completion time: 2011-08-25 01:13:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-25 05:13

.

Pre-Run: 215,219,818,496 bytes free

Post-Run: 214,709,370,880 bytes free

.

- - End Of File - - 3C611F06D4C4921C81C23545138A81F1

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Chip at 20:54:20 on 2011-08-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1215 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\SPLASH.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Users\Chip\AppData\Local\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k HPService

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {B80F591E-FE9A-46CF-A13E-180377240586} - No File

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart

uRun: [Rim.DesktopHelper.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

Trusted Zone: atperspective.com\www

Trusted Zone: fusionmls.com\fmls

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: rexplorer.net

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.254.254

TCP: Interfaces\{46B19DA3-1F2A-4FA0-854B-6B2B2EF9ACEB} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D} : DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.254.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\140707C65602E4564777F627B602230393331353 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\2375942554036363 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\45548433F5E6564723 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\6457277656471626F657479647 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B63797370245548433 : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{9084FB62-1770-4F2C-830A-A498514E077D}\C696E6B63797370245548433 : DhcpNameServer = 192.168.254.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {B80F591E-FE9A-46CF-A13E-180377240586} - No File

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chip\AppData\Roaming\Mozilla\Firefox\Profiles\v9a7p8oe.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13122.dll

FF - plugin: C:\Program Files (x86)\Opera\program\plugins\NPJinit13122.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-1-12 89600]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-8-25 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-8-25 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-25 366640]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-8-24 517632]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-12 2320920]

R2 Zimbra Desktop Service;Zimbra Desktop Service;C:\Users\Chip\AppData\Local\Zimbra\zdesktop\zdesktop.exe [2011-1-14 139264]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-5 227896]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-14 136176]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-14 136176]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-8-25 428200]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-08-25 15:50:11 -------- d-----w- C:\Program Files\iPod

2011-08-25 15:50:10 -------- d-----w- C:\Program Files\iTunes

2011-08-25 15:50:10 -------- d-----w- C:\Program Files (x86)\iTunes

2011-08-25 15:47:48 -------- d-----w- C:\Program Files\Bonjour

2011-08-25 15:47:48 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-08-25 15:42:10 -------- d-----w- C:\Program Files (x86)\AirPort

2011-08-25 15:37:07 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2011-08-25 15:27:09 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-08-25 15:16:59 -------- d-----w- C:\Users\Chip\AppData\Local\Secunia PSI

2011-08-25 15:16:53 -------- d-----w- C:\Program Files (x86)\Secunia

2011-08-25 15:12:23 -------- d-----w- C:\Program Files (x86)\WOT

2011-08-25 05:25:25 -------- d-----w- C:\Users\Chip\AppData\Roaming\Avira

2011-08-25 05:19:57 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-25 05:13:54 -------- d-----w- C:\Users\Chip\AppData\Local\temp

2011-08-25 04:56:54 98816 ----a-w- C:\Windows\sed.exe

2011-08-25 04:56:54 518144 ----a-w- C:\Windows\SWREG.exe

2011-08-25 04:56:54 256000 ----a-w- C:\Windows\PEV.exe

2011-08-25 04:56:54 208896 ----a-w- C:\Windows\MBR.exe

2011-08-25 04:24:26 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-08-25 04:24:23 -------- d-----w- C:\ProgramData\Avira

2011-08-25 04:24:23 -------- d-----w- C:\Program Files (x86)\Avira

2011-08-25 04:05:21 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-25 04:05:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-25 04:01:53 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2011-08-25 01:25:18 -------- d-----w- C:\Users\Chip\AppData\Roaming\McAfee

2011-08-25 01:06:39 -------- d-----w- C:\Program Files (x86)\Common Files\Motive

2011-08-25 01:06:33 -------- d-----w- C:\Program Files\Common Files\Motive

2011-08-25 01:04:51 -------- d-----w- C:\Users\Chip\AV Stuff

2011-08-25 01:04:33 -------- d-----w- C:\Users\Chip\AppData\Roaming\Windstream

2011-08-25 01:04:23 -------- d-----w- C:\Users\Chip\AppData\Roaming\Radialpoint

2011-08-25 00:21:34 -------- d-----w- C:\ProgramData\Radialpoint

2011-08-25 00:21:23 -------- d-----w- C:\ProgramData\Windstream

2011-08-24 22:01:28 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-08-24 21:47:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 21:47:13 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 18:50:54 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-23 17:11:14 -------- d-----w- C:\AV stuff

2011-08-23 15:24:45 -------- d-----w- C:\Users\Chip\AppData\Roaming\Malwarebytes

2011-08-23 15:24:41 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-23 14:39:56 -------- dc----w- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2011-08-23 02:20:18 -------- d-----w- C:\ProgramData\Applications

2011-08-23 01:05:29 7752528 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-08-23 01:05:25 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5B9D1AF-8429-4E4F-AF6C-E2B538B775FD}\mpengine.dll

2011-08-23 01:03:49 -------- d-----w- C:\Windows\ufa

2011-08-23 00:54:28 246272 ----a-w- C:\Windows\unrar.exe

2011-08-23 00:51:26 -------- d-----w- C:\Windows\av_ico

2011-08-23 00:48:53 -------- d--h--w- C:\Windows\update.tray-14-0-lnk

2011-08-23 00:48:53 -------- d--h--w- C:\Windows\update.tray-14-0

2011-08-17 17:42:03 -------- d-----w- C:\Users\Chip\AppData\Roaming\OpenOffice.org

2011-08-17 17:40:55 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2011-08-16 15:38:14 17200 ----a-w- C:\Windows\System32\nitrolocalui2.dll

2011-08-16 15:38:13 28976 ----a-w- C:\Windows\System32\nitrolocalmon2.dll

2011-08-16 15:35:48 -------- d-----w- C:\Users\Chip\AppData\Roaming\Downloaded Installations

2011-08-06 14:54:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys

.

==================== Find3M ====================

.

2011-08-16 20:48:08 59 ----a-w- C:\Windows\wpd99.drv

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-11 15:49:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-20 18:42:16 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-20 18:42:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 20:55:10.30 ===============

Link to post
Share on other sites

  • Staff

Delete your copy of ComboFix, grab a fresh copy, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

TDSS Killer did not find anything. Log posted here, and new ComboFix log attached.ComboFix Log 09.01.2011.txt

2011/09/02 08:19:17.0259 5884 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/09/02 08:19:17.0618 5884 ================================================================================

2011/09/02 08:19:17.0618 5884 SystemInfo:

2011/09/02 08:19:17.0618 5884

2011/09/02 08:19:17.0618 5884 OS Version: 6.1.7601 ServicePack: 1.0

2011/09/02 08:19:17.0618 5884 Product type: Workstation

2011/09/02 08:19:17.0618 5884 ComputerName: CHHP

2011/09/02 08:19:17.0618 5884 UserName: Chip

2011/09/02 08:19:17.0618 5884 Windows directory: C:\Windows

2011/09/02 08:19:17.0618 5884 System windows directory: C:\Windows

2011/09/02 08:19:17.0618 5884 Running under WOW64

2011/09/02 08:19:17.0618 5884 Processor architecture: Intel x64

2011/09/02 08:19:17.0618 5884 Number of processors: 4

2011/09/02 08:19:17.0618 5884 Page size: 0x1000

2011/09/02 08:19:17.0618 5884 Boot type: Normal boot

2011/09/02 08:19:17.0618 5884 ================================================================================

2011/09/02 08:19:18.0180 5884 Initialize success

2011/09/02 08:19:24.0669 6960 ================================================================================

2011/09/02 08:19:24.0669 6960 Scan started

2011/09/02 08:19:24.0669 6960 Mode: Manual;

2011/09/02 08:19:24.0669 6960 ================================================================================

2011/09/02 08:19:26.0510 6960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/09/02 08:19:26.0604 6960 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/09/02 08:19:26.0744 6960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/09/02 08:19:26.0853 6960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/09/02 08:19:26.0994 6960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/02 08:19:27.0103 6960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/02 08:19:27.0212 6960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/02 08:19:27.0337 6960 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/09/02 08:19:27.0477 6960 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

2011/09/02 08:19:27.0586 6960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/09/02 08:19:27.0711 6960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/09/02 08:19:27.0805 6960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/09/02 08:19:27.0883 6960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/02 08:19:27.0976 6960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/02 08:19:28.0148 6960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/09/02 08:19:28.0226 6960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/02 08:19:28.0335 6960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/09/02 08:19:28.0476 6960 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/09/02 08:19:28.0585 6960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/09/02 08:19:28.0725 6960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/09/02 08:19:28.0772 6960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/02 08:19:28.0866 6960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/02 08:19:28.0959 6960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/09/02 08:19:29.0100 6960 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys

2011/09/02 08:19:29.0427 6960 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/09/02 08:19:29.0490 6960 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

2011/09/02 08:19:29.0552 6960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/09/02 08:19:29.0630 6960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/09/02 08:19:29.0692 6960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/09/02 08:19:29.0755 6960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/02 08:19:29.0802 6960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/02 08:19:29.0848 6960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/02 08:19:29.0864 6960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/02 08:19:29.0926 6960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/09/02 08:19:29.0958 6960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/02 08:19:30.0004 6960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/02 08:19:30.0020 6960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/02 08:19:30.0067 6960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/02 08:19:30.0145 6960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/02 08:19:30.0207 6960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/02 08:19:30.0238 6960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/02 08:19:30.0270 6960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/09/02 08:19:30.0332 6960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/02 08:19:30.0379 6960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/09/02 08:19:30.0457 6960 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/09/02 08:19:30.0535 6960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/02 08:19:30.0582 6960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/09/02 08:19:30.0628 6960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/02 08:19:30.0691 6960 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

2011/09/02 08:19:30.0753 6960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/09/02 08:19:30.0800 6960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/09/02 08:19:30.0847 6960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/09/02 08:19:30.0925 6960 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2011/09/02 08:19:30.0972 6960 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

2011/09/02 08:19:30.0987 6960 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/09/02 08:19:31.0050 6960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/09/02 08:19:31.0128 6960 DVMIO (f9f437b39cc0fcacce8ac7ce422f537f) C:\SPLASH.SYS\config\dvmio.sys

2011/09/02 08:19:31.0190 6960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/02 08:19:31.0330 6960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/09/02 08:19:31.0486 6960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/02 08:19:31.0549 6960 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys

2011/09/02 08:19:31.0596 6960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/09/02 08:19:31.0642 6960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/09/02 08:19:31.0658 6960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/09/02 08:19:31.0720 6960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/02 08:19:31.0752 6960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/09/02 08:19:31.0767 6960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/09/02 08:19:31.0798 6960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/02 08:19:31.0861 6960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/09/02 08:19:31.0892 6960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/09/02 08:19:31.0939 6960 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/09/02 08:19:31.0970 6960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/02 08:19:32.0017 6960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/02 08:19:32.0048 6960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/02 08:19:32.0095 6960 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/09/02 08:19:32.0157 6960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/02 08:19:32.0204 6960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/09/02 08:19:32.0251 6960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/09/02 08:19:32.0282 6960 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

2011/09/02 08:19:32.0313 6960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/02 08:19:32.0360 6960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/02 08:19:32.0391 6960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/02 08:19:32.0454 6960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/02 08:19:32.0610 6960 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/09/02 08:19:32.0703 6960 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/09/02 08:19:32.0781 6960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/09/02 08:19:32.0859 6960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/09/02 08:19:32.0906 6960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/02 08:19:32.0937 6960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/09/02 08:19:32.0968 6960 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

2011/09/02 08:19:33.0015 6960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/09/02 08:19:33.0202 6960 igfx (0372c154226f7074cd150f475a4870a6) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/09/02 08:19:33.0390 6960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/02 08:19:33.0436 6960 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys

2011/09/02 08:19:33.0483 6960 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

2011/09/02 08:19:33.0530 6960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/09/02 08:19:33.0561 6960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/02 08:19:33.0624 6960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/02 08:19:33.0686 6960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/09/02 08:19:33.0717 6960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/09/02 08:19:33.0811 6960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/09/02 08:19:33.0842 6960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/09/02 08:19:33.0889 6960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/09/02 08:19:33.0936 6960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/02 08:19:33.0967 6960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/02 08:19:33.0998 6960 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/02 08:19:34.0029 6960 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/02 08:19:34.0060 6960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/09/02 08:19:34.0092 6960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/02 08:19:34.0154 6960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/02 08:19:34.0185 6960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/02 08:19:34.0216 6960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/02 08:19:34.0248 6960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/02 08:19:34.0279 6960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/09/02 08:19:34.0326 6960 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/09/02 08:19:34.0419 6960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/02 08:19:34.0450 6960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/02 08:19:34.0466 6960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/09/02 08:19:34.0497 6960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/02 08:19:34.0544 6960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/02 08:19:34.0575 6960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/02 08:19:34.0622 6960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/09/02 08:19:34.0669 6960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/09/02 08:19:34.0684 6960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/02 08:19:34.0731 6960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/09/02 08:19:34.0778 6960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/02 08:19:34.0825 6960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/02 08:19:34.0856 6960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/02 08:19:34.0872 6960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/09/02 08:19:34.0918 6960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/09/02 08:19:34.0950 6960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/09/02 08:19:34.0965 6960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/02 08:19:35.0012 6960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/09/02 08:19:35.0059 6960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/02 08:19:35.0074 6960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/02 08:19:35.0090 6960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/09/02 08:19:35.0137 6960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/09/02 08:19:35.0184 6960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/09/02 08:19:35.0215 6960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/09/02 08:19:35.0262 6960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/02 08:19:35.0293 6960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/09/02 08:19:35.0324 6960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/02 08:19:35.0386 6960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/09/02 08:19:35.0433 6960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/02 08:19:35.0449 6960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/02 08:19:35.0511 6960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/02 08:19:35.0574 6960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/02 08:19:35.0636 6960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/09/02 08:19:35.0667 6960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/02 08:19:35.0714 6960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/02 08:19:35.0901 6960 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/09/02 08:19:36.0088 6960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/02 08:19:36.0135 6960 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/09/02 08:19:36.0166 6960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/09/02 08:19:36.0213 6960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/02 08:19:36.0291 6960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/09/02 08:19:36.0385 6960 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/09/02 08:19:36.0416 6960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/09/02 08:19:36.0478 6960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/09/02 08:19:36.0510 6960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/09/02 08:19:36.0556 6960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/09/02 08:19:36.0603 6960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/09/02 08:19:36.0681 6960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/09/02 08:19:36.0728 6960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/09/02 08:19:36.0759 6960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/09/02 08:19:36.0790 6960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/09/02 08:19:36.0822 6960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/02 08:19:36.0853 6960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/09/02 08:19:36.0884 6960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/09/02 08:19:36.0993 6960 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

2011/09/02 08:19:37.0071 6960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/02 08:19:37.0134 6960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/09/02 08:19:37.0196 6960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/02 08:19:37.0258 6960 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

2011/09/02 08:19:37.0336 6960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/02 08:19:37.0399 6960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/02 08:19:37.0430 6960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/02 08:19:37.0461 6960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/02 08:19:37.0508 6960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/02 08:19:37.0555 6960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/02 08:19:37.0602 6960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/02 08:19:37.0617 6960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/02 08:19:37.0664 6960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/02 08:19:37.0695 6960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/02 08:19:37.0711 6960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/02 08:19:37.0758 6960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/02 08:19:37.0789 6960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/02 08:19:37.0836 6960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/09/02 08:19:37.0898 6960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/09/02 08:19:37.0960 6960 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

2011/09/02 08:19:38.0023 6960 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

2011/09/02 08:19:38.0038 6960 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

2011/09/02 08:19:38.0116 6960 RSPCIESTOR (48c4d7895b5b6a655ca9f8c480db293b) C:\Windows\system32\DRIVERS\RtsPStor.sys

2011/09/02 08:19:38.0148 6960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/02 08:19:38.0163 6960 RSUSBSTOR (9aa2048cab0b57dc408bb119ad52f70d) C:\Windows\system32\Drivers\RtsUStor.sys

2011/09/02 08:19:38.0226 6960 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/09/02 08:19:38.0288 6960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/09/02 08:19:38.0335 6960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/02 08:19:38.0413 6960 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

2011/09/02 08:19:38.0475 6960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/09/02 08:19:38.0538 6960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/02 08:19:38.0553 6960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/09/02 08:19:38.0600 6960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/02 08:19:38.0678 6960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/09/02 08:19:38.0709 6960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/02 08:19:38.0740 6960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/02 08:19:38.0772 6960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/02 08:19:38.0803 6960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/02 08:19:38.0834 6960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/02 08:19:38.0881 6960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/09/02 08:19:38.0928 6960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/09/02 08:19:39.0006 6960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/09/02 08:19:39.0037 6960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/02 08:19:39.0084 6960 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2011/09/02 08:19:39.0162 6960 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2011/09/02 08:19:39.0255 6960 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2011/09/02 08:19:39.0302 6960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/02 08:19:39.0364 6960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/02 08:19:39.0411 6960 STHDA (1fedf8d130ce221521b9bad6703b92de) C:\Windows\system32\DRIVERS\stwrt64.sys

2011/09/02 08:19:39.0489 6960 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

2011/09/02 08:19:39.0567 6960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/09/02 08:19:39.0692 6960 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

2011/09/02 08:19:39.0801 6960 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/02 08:19:39.0864 6960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/02 08:19:39.0910 6960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/09/02 08:19:39.0926 6960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/09/02 08:19:39.0988 6960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/02 08:19:40.0020 6960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/09/02 08:19:40.0113 6960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/02 08:19:40.0160 6960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/09/02 08:19:40.0222 6960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/02 08:19:40.0269 6960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/02 08:19:40.0332 6960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/02 08:19:40.0394 6960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/02 08:19:40.0441 6960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/09/02 08:19:40.0472 6960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/02 08:19:40.0550 6960 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

2011/09/02 08:19:40.0612 6960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/02 08:19:40.0644 6960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/09/02 08:19:40.0675 6960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

2011/09/02 08:19:40.0706 6960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/02 08:19:40.0722 6960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/09/02 08:19:40.0753 6960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/02 08:19:40.0784 6960 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/02 08:19:40.0846 6960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/02 08:19:40.0862 6960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

2011/09/02 08:19:40.0909 6960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/09/02 08:19:40.0956 6960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/09/02 08:19:40.0987 6960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/02 08:19:41.0018 6960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/09/02 08:19:41.0049 6960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/09/02 08:19:41.0080 6960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/09/02 08:19:41.0112 6960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/09/02 08:19:41.0158 6960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/09/02 08:19:41.0190 6960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/09/02 08:19:41.0236 6960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/02 08:19:41.0252 6960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/09/02 08:19:41.0299 6960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/09/02 08:19:41.0330 6960 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/09/02 08:19:41.0361 6960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/02 08:19:41.0392 6960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/02 08:19:41.0408 6960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/02 08:19:41.0470 6960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/09/02 08:19:41.0502 6960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/02 08:19:41.0595 6960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/02 08:19:41.0611 6960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/09/02 08:19:41.0689 6960 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/09/02 08:19:41.0767 6960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/02 08:19:41.0829 6960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/02 08:19:41.0876 6960 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/09/02 08:19:41.0923 6960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/09/02 08:19:41.0970 6960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/02 08:19:42.0016 6960 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/09/02 08:19:42.0079 6960 MBR (0x1B8) (9d93d4e4437a3da30568b1ae921b1fee) \Device\Harddisk0\DR0

2011/09/02 08:19:42.0094 6960 Boot (0x1200) (aa30306c93d69430ffcacd1100f87fd2) \Device\Harddisk0\DR0\Partition0

2011/09/02 08:19:42.0110 6960 Boot (0x1200) (9ee82123a63e61ac5deac019519053a4) \Device\Harddisk0\DR0\Partition1

2011/09/02 08:19:42.0141 6960 Boot (0x1200) (c82708f9d37636f1567a320575af9990) \Device\Harddisk0\DR0\Partition2

2011/09/02 08:19:42.0157 6960 Boot (0x1200) (d72fceb0f8fa45ba6f52b26c39a93ebc) \Device\Harddisk0\DR0\Partition3

2011/09/02 08:19:42.0172 6960 ================================================================================

2011/09/02 08:19:42.0172 6960 Scan finished

2011/09/02 08:19:42.0172 6960 ================================================================================

2011/09/02 08:19:42.0172 5228 Detected object count: 0

2011/09/02 08:19:42.0172 5228 Actual detected object count: 0

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Everything seems good to go. Do you want a new DDS?

ESET and your Security Check logs are as follows. Thanks!

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=bea04bb2cac2344899423057262ed85d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-05 09:10:08

# local_time=2011-09-05 05:10:08 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=768 16777215 100 0 29818794 29818794 0 0

# compatibility_mode=5893 16776574 100 94 222006 66752181 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=290290

# found=0

# cleaned=0

# scan_time=5098

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

SpywareBlaster 4.4

Secunia PSI (2.0.0.3003)

Java 6 Update 22

Java 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.3.183.5

Adobe Reader X (10.1.0)

Mozilla Thunderbird (6.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

No need for a new DDS log.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and DDS.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 22

Restart your computer.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Hi Chip,

Looks like a mixture of a few different (randomly named) trojans. It does appear as though they are all gone now. :)

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.