Jump to content

WIN764bit-WinDefender/Worm32.exe now what? INFECTED!


Recommended Posts

WHAT HAPPENED:

So, as title states, I had the Windows Defender/ Worm32.exe infection. Basically, No files, with any extensions would open. A pop-up would come up and say that "xyz.exe is infected with worm32.exe. please click here to fix this problem" ie: bait to fake software/virus. Anyways, did the normal stuff, spybot & avira in safe mode, mb normal mode afterwards, cleaned reg, etc, etc. Everything was back to normal for about two days. Now, I dont have any of those issues, but rather an annoyance with Avira and MB popping up with apparent missed issues. Which leads me to:

CURRENT ISSUES:

Avira says many times, every 4-5 min depending on what i'm doing on pc, with varying file names ofc:

"Virus or unwanted program 'TR/Drop.Pihar.f [trojan]'

detected in file 'C:\Users\Brandon\AppData\Local\Temp\thpm2791638927023868823.tmp.

Action performed: Deny access"

MB blocks ip's many times, every 4-5 min in hand with Avira, with diff ip's:

"208.87.32.69 (Type: outgoing, Port: 59939, Process: thpm2791638927023868823.tmp),

69.6.27.100 (Type: outgoing, Port: 60144, Process: thpm2791638927023868823.tmp),

208.87.33.151 (Type: outgoing, Port: 60165, Process: thpm2791638927023868823.tmp)" etc. etc.

ANYWAYS

These pop-ups are slowing down my PC immensly, or rather, the bug is, but regardless, I can't seem for the life of me to shake this one off alone. **Note** Now when I scan with anything other than Spybot- nothing is found. Spybot finds adclickers, etc, etc. MB and Avira find nothing. Sys Restore is not an option either- FYI. Help is mucho appreciated :D. Ty for reading.

AND THE STUFF:

Most Recent MB LOG:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7504

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

8/18/2011 11:49:31 PM

mbam-log-2011-08-18 (23-49-31).txt

Scan type: Full scan (C:\|)

Objects scanned: 372644

Time elapsed: 43 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Brandon at 19:28:38 on 2011-08-23

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2301 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Linksys\WUSBF54G\wlMonitor.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbengine.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\vds.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LINKSY~1.LNK - C:\Program Files (x86)\Linksys\WUSBF54G\wlMonitor.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B} : DhcpNameServer = 68.87.69.150 68.87.85.102

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Toolbar Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Trixie.Bho: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157|http://www.google.com/

FF - prefs.js: network.proxy.ftp - :

FF - prefs.js: network.proxy.http - :

FF - prefs.js: network.proxy.socks - :

FF - prefs.js: network.proxy.ssl - :

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]

R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100809.001\IDSviA64.sys [2010-8-10 463408]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-26 132656]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vmcam326av;HP Camera;C:\Windows\system32\Drivers\vmcam326av.sys --> C:\Windows\system32\Drivers\vmcam326av.sys [?]

S3 vvftav;326 Solborn filter service name, vista ver;C:\Windows\system32\drivers\vvftav.sys --> C:\Windows\system32\drivers\vvftav.sys [?]

S3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);C:\Windows\system32\DRIVERS\zd1211u.sys --> C:\Windows\system32\DRIVERS\zd1211u.sys [?]

.

=============== Created Last 30 ================

.

2011-08-24 02:25:09 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEC99E74-949A-44A1-B146-B8869DC9565E}\mpengine.dll

2011-08-24 02:22:13 -------- d-----w- C:\Users\Brandon\AppData\Local\{2BDD3066-C444-44CD-AAA8-57EC3C8A0BC5}

2011-08-24 02:22:00 -------- d-----w- C:\Users\Brandon\AppData\Local\{8CEEF702-C621-4F39-A0C7-E86546DE8EB9}

2011-08-23 03:38:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{AD68585F-7CB0-483B-BF5E-8D959919BDBB}

2011-08-23 03:38:47 -------- d-----w- C:\Users\Brandon\AppData\Local\{D77AF365-E1C9-4A65-A7D0-0579EFCCEDB1}

2011-08-22 13:34:53 -------- d-----w- C:\Users\Brandon\AppData\Local\{FDEEDCD0-DDE1-4D47-845E-26BA68369954}

2011-08-22 13:34:42 -------- d-----w- C:\Users\Brandon\AppData\Local\{D20A0463-6372-4A6A-BC3D-DFAFE54DD3BC}

2011-08-22 01:55:23 -------- d-----r- C:\Program Files (x86)\Skype

2011-08-20 15:42:44 -------- d-----w- C:\Users\Brandon\AppData\Local\{4379CB41-40BD-49D9-AECF-7E142A57D724}

2011-08-20 09:29:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Avira

2011-08-20 09:26:18 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-08-20 09:26:18 -------- d-----w- C:\ProgramData\Avira

2011-08-20 09:26:17 -------- d-----w- C:\Program Files (x86)\Avira

2011-08-20 08:53:11 -------- d-----w- C:\Windows\System32\SPReview

2011-08-20 08:51:19 -------- d-----w- C:\Windows\System32\EventProviders

2011-08-20 08:46:52 -------- d-----w- C:\Users\Brandon\AppData\Local\{A304E9A9-C245-49EB-9F35-EC010F11708D}

2011-08-20 08:46:42 -------- d-----w- C:\Users\Brandon\AppData\Local\{02B50335-FA73-4146-B22F-198C309A623C}

2011-08-20 08:36:08 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-08-20 02:24:10 8862544 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDF1D45A-CA65-47D8-B540-C6316BBFC918}\mpengine.dll

2011-08-20 02:19:25 -------- d-----w- C:\Users\Brandon\AppData\Local\{FA1479B6-E372-49E2-975B-16E7DB0084BF}

2011-08-19 05:00:35 -------- d-----w- C:\Users\Brandon\AppData\Local\{82675153-5275-4198-9665-57C9B8F284FA}

2011-08-19 05:00:25 -------- d-----w- C:\Users\Brandon\AppData\Local\{051FCD1A-FAE3-43AA-9968-801F4C6FDC04}

2011-08-19 03:18:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{3FB071D8-CBE3-46AD-83D8-976D2E1249CC}

2011-08-19 03:18:36 -------- d-----w- C:\Users\Brandon\AppData\Local\{B735C7FC-1F4F-4FC8-B7AC-28F912C50D7E}

2011-08-19 03:06:04 -------- d-----w- C:\Users\Brandon\AppData\Local\{903E1974-57A5-4C3E-BEC2-9B3E7221F906}

2011-08-19 02:51:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{35088BA6-69F4-493F-A143-04C9C90F2354}

2011-08-19 02:51:37 -------- d-----w- C:\Users\Brandon\AppData\Local\{CC67D1F0-B256-4E96-82E4-1C9BAC5BED1F}

2011-08-19 02:30:14 -------- d-----w- C:\Users\Brandon\AppData\Local\{2DC0DB8D-0894-4FCA-8C8C-7EFDC34BD567}

2011-08-18 04:13:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{09AF0FA2-BBE4-4F89-AE80-A60525C93E23}

2011-08-18 04:12:59 -------- d-----w- C:\Users\Brandon\AppData\Local\{771C181C-4771-4E60-AA1E-29BB8ED248F4}

2011-08-18 02:38:22 -------- d-----w- C:\Users\Brandon\AppData\Local\{C64E3CE5-7AC8-4F66-ADCF-99BAEAACCEC2}

2011-08-18 02:38:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{7D133192-5B66-4F33-9CDA-6C388DE9B7FF}

2011-08-17 04:08:01 -------- d-----w- C:\Users\Brandon\AppData\Local\{585628FC-D07B-41BD-8A79-BAB4A16749D9}

2011-08-16 05:02:34 -------- d-----w- C:\Users\Brandon\AppData\Local\{5E1E3201-A2A3-4859-A197-D7489CBEA618}

2011-08-16 05:02:24 -------- d-----w- C:\Users\Brandon\AppData\Local\{8398B117-355A-4FDA-8351-DBFF89794CA7}

2011-08-15 13:53:36 -------- d-----w- C:\Users\Brandon\AppData\Local\{B49A627D-D6F3-4551-A920-36FF8169CA3D}

2011-08-15 13:53:26 -------- d-----w- C:\Users\Brandon\AppData\Local\{3BE4946F-56F1-40B8-9468-31262C26BAB0}

2011-08-14 17:39:06 -------- d-----w- C:\Users\Brandon\AppData\Local\{4DDCEEF2-1FD1-4238-A137-2757B1349E00}

2011-08-14 17:38:55 -------- d-----w- C:\Users\Brandon\AppData\Local\{A366061A-2546-4A08-A8B7-9A372584BE8B}

2011-08-13 04:33:04 -------- d-----w- C:\Users\Brandon\AppData\Local\{5A3BF18F-2DB1-4E5B-A12D-06ABFEC1C812}

2011-08-13 04:32:54 -------- d-----w- C:\Users\Brandon\AppData\Local\{F75645A9-E11C-4A15-9D91-750A276C62D5}

2011-08-11 05:14:41 -------- d-----w- C:\Users\Brandon\AppData\Local\{FD10C834-4ED8-4E26-9D76-3C2E0FB1907D}

2011-08-11 05:14:27 -------- d-----w- C:\Users\Brandon\AppData\Local\{CF917CA8-A764-4D64-8593-23B2ABE24ACD}

2011-08-10 02:36:46 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-08-10 02:29:43 -------- d-----w- C:\Users\Brandon\AppData\Local\{EE23519C-6D53-4188-9037-DAD76C1A677D}

2011-08-09 02:38:39 -------- d-----w- C:\Users\Brandon\AppData\Local\{4C137466-F257-439B-8A81-C0A265BD8C43}

2011-08-09 02:38:29 -------- d-----w- C:\Users\Brandon\AppData\Local\{B3CA0845-55AA-476F-B76A-014DF50BF36C}

2011-08-08 04:45:42 -------- d-----w- C:\Users\Brandon\AppData\Local\{4F7BB3E0-2B86-4118-935A-EE7D69DC7888}

2011-08-08 04:45:32 -------- d-----w- C:\Users\Brandon\AppData\Local\{68185EA8-7C0D-41F4-8F9C-4AAD69F714D7}

2011-08-06 17:58:55 -------- d-----w- C:\Users\Brandon\AppData\Local\{B8A05932-1AFD-4477-BEF5-5105DC43CECD}

2011-08-06 17:58:44 -------- d-----w- C:\Users\Brandon\AppData\Local\{F057A64F-82E0-40CD-86E5-4C300E4EC238}

2011-08-06 02:37:23 -------- d-----w- C:\Users\Brandon\AppData\Local\{BD61FB89-6106-44A1-890B-E09148011B1F}

2011-08-04 17:30:43 -------- d-----w- C:\Users\Brandon\AppData\Local\{81C5EEEB-DC14-48BE-B986-AF405674A330}

2011-08-03 17:20:46 -------- d-----w- C:\Users\Brandon\AppData\Local\{3F1B3953-220D-4F92-B814-278529FA8C76}

2011-08-03 02:33:47 -------- d-----w- C:\Users\Brandon\AppData\Local\{69D42B2E-D11A-43FA-A150-F553BEF8B551}

2011-08-02 04:28:14 -------- d-----w- C:\Users\Brandon\AppData\Local\{43687AAB-0F84-4C73-B382-5E0D349083A2}

2011-08-01 04:02:23 -------- d-----w- C:\Users\Brandon\AppData\Local\{04DF3169-1252-4609-88BC-856268D2683A}

2011-07-30 02:29:59 -------- d-----w- C:\Users\Brandon\AppData\Local\{9F183923-BBD8-4B02-8D79-B2C359C28586}

2011-07-29 05:21:32 -------- d-----w- C:\Users\Brandon\AppData\Local\{A7904ED6-1CB8-402D-8FF0-1590F1B765AE}

2011-07-28 17:09:11 -------- d-----w- C:\Users\Brandon\AppData\Local\{91D42953-FFFE-411B-BCD4-EAE5A98F89FB}

2011-07-28 03:35:58 -------- d-----w- C:\Program Files (x86)\AmazingMIDI

2011-07-28 03:30:00 -------- d-----w- C:\Program Files (x86)\Chord Pickout

2011-07-28 02:20:03 -------- d-----w- C:\Users\Brandon\AppData\Local\{8888B0D6-B0DC-4227-803D-46E3D5F2F3DB}

2011-07-27 02:20:03 -------- d-----w- C:\Users\Brandon\AppData\Local\{24D245D6-645C-413A-876C-0612C0128675}

2011-07-25 17:13:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{06E3BE68-CEA0-4F08-9B39-E27DF7DA2CDA}

.

==================== Find3M ====================

.

2011-08-20 09:03:23 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-08-20 09:03:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-29 09:31:24 73216 ----a-w- C:\Windows\ST6UNST.EXE

2011-06-29 09:31:24 249856 ------w- C:\Windows\Setup1.exe

2011-06-29 08:29:09 2829 ----a-w- C:\Windows\DIIUnin.pif

2011-06-29 08:29:08 94208 ----a-w- C:\Windows\DIIUnin.exe

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-19 18:56:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 19:32:09.28 ===============

finally, GMER

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-23 20:40:33

Windows 6.1.7601 Service Pack 1

Running: gmer root.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xC1 0xF5 0x45 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0xDE 0xE0 0x56 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x81 0x54 0xD5 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7D 0xD3 0x8E 0x57 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF3 0x44 0xB2 0x94 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x3A 0x81 0x54 0xD5 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0xC1 0xF5 0x45 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0xDE 0xE0 0x56 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x81 0x54 0xD5 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7D 0xD3 0x8E 0x57 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF3 0x44 0xB2 0x94 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x3A 0x81 0x54 0xD5 ...

---- EOF - GMER 1.0.15 ----

Thanks Again!!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Norton and Antivir). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

screen317 - thank you for the quick reply!

i've done as you've asked and removed an av (norton (it was disabled and outdated)).

i've upgraded mb database, and performed a "quick scan"(below).

i downloaded and ran combofix (below). **note** after scan completed and cf restarted pc, i could not open anything. kept saying something like "cannot run xyz.exe , file is marked for deletion. file not found, do you want to remove this file?" i just ignored this and restarted. pc/ seems back to normal "infected" status now.

re-ran dds (below).

LOGS

Mbam:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7559

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/24/2011 7:50:42 PM

mbam-log-2011-08-24 (19-50-42).txt

Scan type: Quick scan

Objects scanned: 178761

Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix: (File has too much content for forum, zipped & attached.)

Finally, DDS

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Brandon at 20:25:27 on 2011-08-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2887 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Linksys\WUSBF54G\wlMonitor.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LINKSY~1.LNK - C:\Program Files (x86)\Linksys\WUSBF54G\wlMonitor.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B} : DhcpNameServer = 68.87.69.150 68.87.85.102

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Toolbar Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Trixie.Bho: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157|http://www.google.com/

FF - prefs.js: network.proxy.ftp - :

FF - prefs.js: network.proxy.http - :

FF - prefs.js: network.proxy.socks - :

FF - prefs.js: network.proxy.ssl - :

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-8-20 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-8-20 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 NICSer_WUSBF54G;NICSer_WUSBF54G;C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe [2010-11-8 529920]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-15 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vmcam326av;HP Camera;C:\Windows\system32\Drivers\vmcam326av.sys --> C:\Windows\system32\Drivers\vmcam326av.sys [?]

S3 vvftav;326 Solborn filter service name, vista ver;C:\Windows\system32\drivers\vvftav.sys --> C:\Windows\system32\drivers\vvftav.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);C:\Windows\system32\DRIVERS\zd1211u.sys --> C:\Windows\system32\DRIVERS\zd1211u.sys [?]

.

=============== Created Last 30 ================

.

2011-08-25 03:25:15 -------- d-----w- C:\Users\Brandon\AppData\Local\{CBF4CCB6-5674-42D7-8E46-672392F8078B}

2011-08-25 03:25:05 -------- d-----w- C:\Users\Brandon\AppData\Local\{E623362E-B9D1-4B80-8F22-47F40CEE5E37}

2011-08-25 03:11:33 -------- d-----w- C:\$RECYCLE.BIN

2011-08-25 02:43:22 -------- d-----w- C:\Users\Brandon\AppData\Local\{5CD7CCEC-6350-4169-B3CB-DC886BB3B7E5}

2011-08-25 02:43:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{8EB8D65D-133C-4396-B313-700E5F0BB9BF}

2011-08-25 02:40:13 -------- d-----w- C:\Users\Brandon\AppData\Local\{F3888826-1AF9-4BC3-A2A5-6AFA59597CBB}

2011-08-25 02:40:01 -------- d-----w- C:\Users\Brandon\AppData\Local\{73D4CDD9-5F12-44E3-AD2D-94FB8A55C96D}

2011-08-25 02:35:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{1F971D58-7844-4BCA-8410-5F9F8795B21C}

2011-08-25 02:34:56 -------- d-----w- C:\Users\Brandon\AppData\Local\{EEB1A82F-CBBB-4C52-B387-B2922390E799}

2011-08-24 02:31:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 02:31:14 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 02:25:09 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEC99E74-949A-44A1-B146-B8869DC9565E}\mpengine.dll

2011-08-24 02:22:13 -------- d-----w- C:\Users\Brandon\AppData\Local\{2BDD3066-C444-44CD-AAA8-57EC3C8A0BC5}

2011-08-24 02:22:00 -------- d-----w- C:\Users\Brandon\AppData\Local\{8CEEF702-C621-4F39-A0C7-E86546DE8EB9}

2011-08-23 03:38:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{AD68585F-7CB0-483B-BF5E-8D959919BDBB}

2011-08-23 03:38:47 -------- d-----w- C:\Users\Brandon\AppData\Local\{D77AF365-E1C9-4A65-A7D0-0579EFCCEDB1}

2011-08-22 13:34:53 -------- d-----w- C:\Users\Brandon\AppData\Local\{FDEEDCD0-DDE1-4D47-845E-26BA68369954}

2011-08-22 13:34:42 -------- d-----w- C:\Users\Brandon\AppData\Local\{D20A0463-6372-4A6A-BC3D-DFAFE54DD3BC}

2011-08-22 01:55:23 -------- d-----r- C:\Program Files (x86)\Skype

2011-08-20 15:42:44 -------- d-----w- C:\Users\Brandon\AppData\Local\{4379CB41-40BD-49D9-AECF-7E142A57D724}

2011-08-20 09:29:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Avira

2011-08-20 09:26:18 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-08-20 09:26:18 -------- d-----w- C:\ProgramData\Avira

2011-08-20 09:26:17 -------- d-----w- C:\Program Files (x86)\Avira

2011-08-20 08:53:11 -------- d-----w- C:\Windows\System32\SPReview

2011-08-20 08:51:19 -------- d-----w- C:\Windows\System32\EventProviders

2011-08-20 08:46:52 -------- d-----w- C:\Users\Brandon\AppData\Local\{A304E9A9-C245-49EB-9F35-EC010F11708D}

2011-08-20 08:46:42 -------- d-----w- C:\Users\Brandon\AppData\Local\{02B50335-FA73-4146-B22F-198C309A623C}

2011-08-20 08:36:08 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-08-20 02:19:25 -------- d-----w- C:\Users\Brandon\AppData\Local\{FA1479B6-E372-49E2-975B-16E7DB0084BF}

2011-08-19 05:00:35 -------- d-----w- C:\Users\Brandon\AppData\Local\{82675153-5275-4198-9665-57C9B8F284FA}

2011-08-19 05:00:25 -------- d-----w- C:\Users\Brandon\AppData\Local\{051FCD1A-FAE3-43AA-9968-801F4C6FDC04}

2011-08-19 03:18:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{3FB071D8-CBE3-46AD-83D8-976D2E1249CC}

2011-08-19 03:18:36 -------- d-----w- C:\Users\Brandon\AppData\Local\{B735C7FC-1F4F-4FC8-B7AC-28F912C50D7E}

2011-08-19 03:06:04 -------- d-----w- C:\Users\Brandon\AppData\Local\{903E1974-57A5-4C3E-BEC2-9B3E7221F906}

2011-08-19 02:51:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{35088BA6-69F4-493F-A143-04C9C90F2354}

2011-08-19 02:51:37 -------- d-----w- C:\Users\Brandon\AppData\Local\{CC67D1F0-B256-4E96-82E4-1C9BAC5BED1F}

2011-08-19 02:30:14 -------- d-----w- C:\Users\Brandon\AppData\Local\{2DC0DB8D-0894-4FCA-8C8C-7EFDC34BD567}

2011-08-18 04:13:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{09AF0FA2-BBE4-4F89-AE80-A60525C93E23}

2011-08-18 04:12:59 -------- d-----w- C:\Users\Brandon\AppData\Local\{771C181C-4771-4E60-AA1E-29BB8ED248F4}

2011-08-18 02:38:22 -------- d-----w- C:\Users\Brandon\AppData\Local\{C64E3CE5-7AC8-4F66-ADCF-99BAEAACCEC2}

2011-08-18 02:38:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{7D133192-5B66-4F33-9CDA-6C388DE9B7FF}

2011-08-17 04:08:01 -------- d-----w- C:\Users\Brandon\AppData\Local\{585628FC-D07B-41BD-8A79-BAB4A16749D9}

2011-08-16 05:02:34 -------- d-----w- C:\Users\Brandon\AppData\Local\{5E1E3201-A2A3-4859-A197-D7489CBEA618}

2011-08-16 05:02:24 -------- d-----w- C:\Users\Brandon\AppData\Local\{8398B117-355A-4FDA-8351-DBFF89794CA7}

2011-08-15 13:53:36 -------- d-----w- C:\Users\Brandon\AppData\Local\{B49A627D-D6F3-4551-A920-36FF8169CA3D}

2011-08-15 13:53:26 -------- d-----w- C:\Users\Brandon\AppData\Local\{3BE4946F-56F1-40B8-9468-31262C26BAB0}

2011-08-14 17:39:06 -------- d-----w- C:\Users\Brandon\AppData\Local\{4DDCEEF2-1FD1-4238-A137-2757B1349E00}

2011-08-14 17:38:55 -------- d-----w- C:\Users\Brandon\AppData\Local\{A366061A-2546-4A08-A8B7-9A372584BE8B}

2011-08-13 04:33:04 -------- d-----w- C:\Users\Brandon\AppData\Local\{5A3BF18F-2DB1-4E5B-A12D-06ABFEC1C812}

2011-08-13 04:32:54 -------- d-----w- C:\Users\Brandon\AppData\Local\{F75645A9-E11C-4A15-9D91-750A276C62D5}

2011-08-11 05:14:41 -------- d-----w- C:\Users\Brandon\AppData\Local\{FD10C834-4ED8-4E26-9D76-3C2E0FB1907D}

2011-08-11 05:14:27 -------- d-----w- C:\Users\Brandon\AppData\Local\{CF917CA8-A764-4D64-8593-23B2ABE24ACD}

2011-08-10 02:36:46 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-08-10 02:29:43 -------- d-----w- C:\Users\Brandon\AppData\Local\{EE23519C-6D53-4188-9037-DAD76C1A677D}

2011-08-09 02:38:39 -------- d-----w- C:\Users\Brandon\AppData\Local\{4C137466-F257-439B-8A81-C0A265BD8C43}

2011-08-09 02:38:29 -------- d-----w- C:\Users\Brandon\AppData\Local\{B3CA0845-55AA-476F-B76A-014DF50BF36C}

2011-08-08 04:45:42 -------- d-----w- C:\Users\Brandon\AppData\Local\{4F7BB3E0-2B86-4118-935A-EE7D69DC7888}

2011-08-08 04:45:32 -------- d-----w- C:\Users\Brandon\AppData\Local\{68185EA8-7C0D-41F4-8F9C-4AAD69F714D7}

2011-08-06 17:58:55 -------- d-----w- C:\Users\Brandon\AppData\Local\{B8A05932-1AFD-4477-BEF5-5105DC43CECD}

2011-08-06 17:58:44 -------- d-----w- C:\Users\Brandon\AppData\Local\{F057A64F-82E0-40CD-86E5-4C300E4EC238}

2011-08-06 02:37:23 -------- d-----w- C:\Users\Brandon\AppData\Local\{BD61FB89-6106-44A1-890B-E09148011B1F}

2011-08-04 17:30:43 -------- d-----w- C:\Users\Brandon\AppData\Local\{81C5EEEB-DC14-48BE-B986-AF405674A330}

2011-08-03 17:20:46 -------- d-----w- C:\Users\Brandon\AppData\Local\{3F1B3953-220D-4F92-B814-278529FA8C76}

2011-08-03 02:33:47 -------- d-----w- C:\Users\Brandon\AppData\Local\{69D42B2E-D11A-43FA-A150-F553BEF8B551}

2011-08-02 04:28:14 -------- d-----w- C:\Users\Brandon\AppData\Local\{43687AAB-0F84-4C73-B382-5E0D349083A2}

2011-08-01 04:02:23 -------- d-----w- C:\Users\Brandon\AppData\Local\{04DF3169-1252-4609-88BC-856268D2683A}

2011-07-30 02:29:59 -------- d-----w- C:\Users\Brandon\AppData\Local\{9F183923-BBD8-4B02-8D79-B2C359C28586}

2011-07-29 05:21:32 -------- d-----w- C:\Users\Brandon\AppData\Local\{A7904ED6-1CB8-402D-8FF0-1590F1B765AE}

2011-07-28 17:09:11 -------- d-----w- C:\Users\Brandon\AppData\Local\{91D42953-FFFE-411B-BCD4-EAE5A98F89FB}

2011-07-28 03:35:58 -------- d-----w- C:\Program Files (x86)\AmazingMIDI

2011-07-28 03:30:00 -------- d-----w- C:\Program Files (x86)\Chord Pickout

2011-07-28 02:20:03 -------- d-----w- C:\Users\Brandon\AppData\Local\{8888B0D6-B0DC-4227-803D-46E3D5F2F3DB}

2011-07-27 02:20:03 -------- d-----w- C:\Users\Brandon\AppData\Local\{24D245D6-645C-413A-876C-0612C0128675}

.

==================== Find3M ====================

.

2011-08-20 09:03:23 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-08-20 09:03:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-29 09:31:24 73216 ----a-w- C:\Windows\ST6UNST.EXE

2011-06-29 09:31:24 249856 ------w- C:\Windows\Setup1.exe

2011-06-29 08:29:09 2829 ----a-w- C:\Windows\DIIUnin.pif

2011-06-29 08:29:08 94208 ----a-w- C:\Windows\DIIUnin.exe

2011-06-26 06:45:56 256000 ----a-w- C:\Windows\PEV.exe

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-19 18:56:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 20:27:25.43 ===============

Thanks Again! :D

combfix.zip

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.