Jump to content

Troublesome issue

AKTech84

By AKTech84
in Resolved Malware Removal Logs

 Share

Recommended Posts

AKTech84

AKTech84

Posted
Posted

I have a virus that's become very annoying. I have tried many possible solutions with no success. Here is the most recent malware bytes log after it has been updated.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7680

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/8/2011 1:16:50 PM

mbam-log-2011-09-08 (13-16-44).txt

Scan type: Quick scan

Objects scanned: 293880

Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\programdata\amres_fi32.dll (Trojan.Tracur.S) -> No action taken.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\amres_fi32.dll (Trojan.Tracur.S) -> No action taken.

c:\Windows\System32\0200000083f1c3151406c.manifest (Malware.Trace) -> No action taken.

c:\Windows\System32\0200000083f1c3151406o.manifest (Malware.Trace) -> No action taken.

c:\Windows\System32\0200000083f1c3151406p.manifest (Malware.Trace) -> No action taken.

c:\Windows\System32\0200000083f1c3151406s.manifest (Malware.Trace) -> No action taken.

Any help and or suggestions would greatly appreciated.

Link to post
Share on other sites
AKTech84

AKTech84

Posted
  • Author
Posted

Thank you for the response. Here are the logs.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7680

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/8/2011 1:52:01 PM

mbam-log-2011-09-08 (13-51-43).txt

Scan type: Quick scan

Objects scanned: 294874

Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\programdata\amres_fi32.dll (Trojan.Tracur.S) -> No action taken.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\amres_fi32.dll (Trojan.Tracur.S) -> No action taken.

c:\Windows\System32\0200000083f1c3151406c.manifest (Malware.Trace) -> No action taken.

c:\Windows\System32\0200000083f1c3151406o.manifest (Malware.Trace) -> No action taken.

c:\Windows\System32\0200000083f1c3151406p.manifest (Malware.Trace) -> No action taken.

c:\Windows\System32\0200000083f1c3151406s.manifest (Malware.Trace) -> No action taken.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Irina.McCoskey at 13:54:40 on 2011-09-08

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2463 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Windows\system32\atashost.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\odbccp3232.exe

C:\ProgramData\AmRes_fi32.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Windows\system32\mpnotify.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TDMAuditLogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [PeachtreePrefetcher.exe] c:\program files\sage\peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config

mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\hp laserjet professional cm1410 series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tdxnet.webex.com/client/T27LC/support/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 204.17.139.2 209.112.128.2

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A} : NameServer = 192.168.1.50

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A}\3303030334 : NameServer = 192.168.1.50

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A}\3303030334 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{88AA3FAC-96F9-4275-86C5-6DFCB7599079} : DhcpNameServer = 204.17.139.2 209.112.128.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\programdata\AmRes_fi32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-10-15 17072]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-10-15 81920]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-9-7 133944]

R2 btwdins32;Bluetooth Service ;c:\windows\system32\odbccp3232.exe [2011-8-16 1208832]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 142336]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-10-15 60928]

R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-10-15 59904]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-2-1 2440120]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-10-15 42672]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-10-15 274472]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-15 33320]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-10-15 144576]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-10-15 33832]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-10-15 224424]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-10-15 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 232960]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-8 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-10-15 13336]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-10-15 134144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-8 136176]

S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-2-28 20504]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-2-28 21528]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-7 41272]

S3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files\sage\peachtree\SmartPostingService2012.exe [2011-4-7 43848]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-10-15 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-10-15 38912]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-22 1343400]

.

=============== Created Last 30 ================

.

2011-09-08 21:53:43 270336 ------w- c:\programdata\AmRes_fi32.dll

2011-09-08 21:02:32 1208832 ----a-w- c:\programdata\AmRes_fi32.exe

2011-09-08 20:59:36 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-08 19:54:54 -------- d-----w- c:\program files\ESET

2011-09-08 18:53:06 -------- d-----w- c:\users\irina.mccoskey\appdata\local\temp

2011-09-08 18:45:01 98816 ----a-w- c:\windows\sed.exe

2011-09-08 18:45:01 518144 ----a-w- c:\windows\SWREG.exe

2011-09-08 18:45:01 256000 ----a-w- c:\windows\PEV.exe

2011-09-08 18:45:01 208896 ----a-w- c:\windows\MBR.exe

2011-09-08 00:18:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-08 00:18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-07 21:20:56 -------- d-----w- c:\windows\pss

2011-09-07 19:18:50 -------- d-----w- c:\users\irina.mccoskey\appdata\roaming\Malwarebytes

2011-09-07 19:18:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-07 19:18:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-07 19:18:43 -------- d-----w- c:\programdata\Malwarebytes

2011-09-07 19:18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-07 17:07:14 216888 ----a-w- c:\windows\system32\atsckernel.exe

2011-09-07 17:07:11 133944 ----a-w- c:\windows\system32\atashost.exe

2011-08-23 20:36:48 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-16 20:15:48 1208832 ----a-w- c:\windows\system32\odbccp3232.exe

2011-08-12 17:56:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-12 17:56:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-12 17:56:07 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-12 17:56:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2011-08-05 19:37:47 804 ----a-w- c:\windows\PSODBCEI.reg

2011-08-05 19:37:47 610 ----a-w- c:\windows\PSOA.reg

2011-08-05 19:37:46 804 ----a-w- c:\windows\PSODBCCI.reg

2011-08-05 19:37:46 17626 ----a-w- c:\windows\PriorPervasive.reg

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec

2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 13:55:53.36 ===============

Link to post
Share on other sites
AKTech84

AKTech84

Posted
  • Author
Posted

Here are the new logs:

ComboFix 11-09-08.03 - Irina.McCoskey 09/08/2011 14:39:06.3.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.1546 [GMT -8:00]

Running from: c:\users\Irina.McCoskey\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\AmRes_fi32.dll

c:\programdata\AmRes_fi32.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))

.

.

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\sysadmin\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\Shirley Choi\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\kevin.wars\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\joe.kozloff\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\IRINA~1~MCC\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\Irina McCoskey\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\eric.sprague\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-08 22:47 . 2011-09-08 22:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-09-08 19:54 . 2011-09-08 19:54 -------- d-----w- c:\program files\ESET

2011-09-08 18:53 . 2011-09-08 22:50 -------- d-----w- c:\users\Irina.McCoskey\AppData\Local\temp

2011-09-08 00:18 . 2011-09-08 00:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-08 00:18 . 2011-09-08 00:20 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-07 19:18 . 2011-09-07 19:18 -------- d-----w- c:\users\Irina.McCoskey\AppData\Roaming\Malwarebytes

2011-09-07 19:18 . 2011-07-07 03:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-07 19:18 . 2011-09-07 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-07 19:18 . 2011-09-07 19:18 -------- d-----w- c:\programdata\Malwarebytes

2011-09-07 19:18 . 2011-07-07 03:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-07 17:07 . 2011-09-07 17:06 216888 ----a-w- c:\windows\system32\atsckernel.exe

2011-09-07 17:07 . 2011-09-07 17:06 133944 ----a-w- c:\windows\system32\atashost.exe

2011-08-23 20:36 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-16 20:15 . 2011-08-16 20:15 1208832 ----a-w- c:\windows\system32\odbccp3232.exe

2011-08-12 17:56 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-12 17:56 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-12 17:56 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-12 17:56 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-08 22:49 . 2011-02-09 18:02 0 ----a-w- c:\users\Irina.McCoskey\AppData\Local\WavXMapDrive.bat

2011-08-05 19:37 . 2011-08-05 19:37 610 ----a-w- c:\windows\PSOA.reg

2011-08-05 19:37 . 2011-08-05 19:37 804 ----a-w- c:\windows\PSODBCEI.reg

2011-08-05 19:37 . 2011-08-05 19:37 804 ----a-w- c:\windows\PSODBCCI.reg

2011-08-05 19:37 . 2011-08-05 19:37 17626 ----a-w- c:\windows\PriorPervasive.reg

2011-06-11 02:37 . 2011-07-12 18:10 2332672 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-08_20.48.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-16 01:41 . 2011-09-08 21:55 51368 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:55 . 2011-09-08 20:49 34004 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-09-08 22:51 34004 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-08 21:58 . 2011-09-08 21:58 71598 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin

- 2011-08-29 19:51 . 2011-09-08 20:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2011-08-29 19:51 . 2011-09-08 22:48 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-10-21 23:04 . 2011-09-08 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-21 23:04 . 2011-09-08 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-10-21 23:04 . 2011-09-08 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-10-21 23:04 . 2011-09-08 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-09 18:50 . 2011-09-08 22:51 9382 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3244793213-830658175-2502920366-1133_UserData.bin

+ 2011-09-08 21:53 . 2011-09-08 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-09-08 20:33 . 2011-09-08 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-08 21:53 . 2011-09-08 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-08 20:33 . 2011-09-08 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:05 . 2011-09-08 22:01 629008 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2011-09-08 20:41 629008 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2011-09-08 20:41 108464 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2011-09-08 22:01 108464 c:\windows\System32\perfc009.dat

+ 2010-10-16 01:43 . 2011-09-08 22:48 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2010-10-16 01:43 . 2011-09-08 20:47 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-10-16 01:43 . 2011-09-08 22:48 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-10-16 01:43 . 2011-09-08 20:47 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:41 . 2011-09-08 20:47 212992 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2011-09-08 22:48 212992 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:47 . 2011-09-08 21:52 400056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:47 . 2011-09-08 20:28 400056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:03 . 2011-09-08 22:07 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:03 . 2011-09-08 18:24 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2010-10-16 01:43 . 2011-09-08 20:47 1622016 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-10-16 01:43 . 2011-09-08 22:48 1622016 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-19 115560]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"PeachtreePrefetcher.exe"="c:\program files\Sage\Peachtree\PeachtreePrefetcher.exe" [2011-04-07 30024]

"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]

"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-10 2460472]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1327472]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]

R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-19 23888]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-04-22 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2010-04-22 21528]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]

R3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files\Sage\Peachtree\SmartPostingService2012.exe [2011-04-07 43848]

R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]

R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1343400]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-09-07 133944]

S2 btwdins32;Bluetooth Service ;c:\windows\system32\odbccp3232.exe [2011-08-16 1208832]

S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]

S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-08-13 435496]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 105592]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 23:03]

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 23:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 204.17.139.2 209.112.128.2

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A}: NameServer = 192.168.1.50

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A}\3303030334: NameServer = 192.168.1.50

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\9b79aa00]

"imagepath"="\??\c:\windows\TEMP\3303.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4024)

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE

c:\program files\Dell\DW WLAN Card\bcmwltry.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\programdata\AmRes_fi32.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\taskhost.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\conhost.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\windows\system32\igfxext.exe

.

**************************************************************************

.

Completion time: 2011-09-08 15:01:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-08 23:01

ComboFix2.txt 2011-09-08 21:00

ComboFix3.txt 2011-09-08 19:01

.

Pre-Run: 114,808,848,384 bytes free

Post-Run: 114,797,359,104 bytes free

.

- - End Of File - - 78489625EEC9F2056F334BF7226504EF

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Irina.McCoskey at 15:06:31 on 2011-09-08

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.1818 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Windows\system32\atashost.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\odbccp3232.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\ProgramData\AmRes_fi32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\HP\HP LaserJet Professional CM1410 series\Fax Driver\hppfaxprintersrv.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [PeachtreePrefetcher.exe] c:\program files\sage\peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config

mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\hp laserjet professional cm1410 series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tdxnet.webex.com/client/T27LC/support/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 204.17.139.2 209.112.128.2

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A} : NameServer = 192.168.1.50

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A}\3303030334 : NameServer = 192.168.1.50

TCP: Interfaces\{11A1D791-5DEC-4438-AED2-C4CEA014272A}\3303030334 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{88AA3FAC-96F9-4275-86C5-6DFCB7599079} : DhcpNameServer = 204.17.139.2 209.112.128.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-10-15 17072]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-10-15 81920]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-9-7 133944]

R2 btwdins32;Bluetooth Service ;c:\windows\system32\odbccp3232.exe [2011-8-16 1208832]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 142336]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-10-15 13336]

R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-10-15 59904]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-2-1 2440120]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-10-15 42672]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-10-15 274472]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-15 33320]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-10-15 144576]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-10-15 33832]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-10-15 224424]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-10-15 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 232960]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-8 136176]

S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-10-15 60928]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-10-15 134144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-8 136176]

S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-2-28 20504]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-2-28 21528]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-7 41272]

S3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files\sage\peachtree\SmartPostingService2012.exe [2011-4-7 43848]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-10-15 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-10-15 38912]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-22 1343400]

.

=============== Created Last 30 ================

.

2011-09-08 23:00:53 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-08 19:54:54 -------- d-----w- c:\program files\ESET

2011-09-08 18:53:06 -------- d-----w- c:\users\irina.mccoskey\appdata\local\temp

2011-09-08 18:45:01 98816 ----a-w- c:\windows\sed.exe

2011-09-08 18:45:01 518144 ----a-w- c:\windows\SWREG.exe

2011-09-08 18:45:01 256000 ----a-w- c:\windows\PEV.exe

2011-09-08 18:45:01 208896 ----a-w- c:\windows\MBR.exe

2011-09-08 00:18:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-08 00:18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-07 21:20:56 -------- d-----w- c:\windows\pss

2011-09-07 19:18:50 -------- d-----w- c:\users\irina.mccoskey\appdata\roaming\Malwarebytes

2011-09-07 19:18:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-07 19:18:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-07 19:18:43 -------- d-----w- c:\programdata\Malwarebytes

2011-09-07 19:18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-07 17:07:14 216888 ----a-w- c:\windows\system32\atsckernel.exe

2011-09-07 17:07:11 133944 ----a-w- c:\windows\system32\atashost.exe

2011-08-23 20:36:48 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-16 20:15:48 1208832 ----a-w- c:\windows\system32\odbccp3232.exe

2011-08-12 17:56:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-12 17:56:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-12 17:56:07 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-12 17:56:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2011-08-05 19:37:47 804 ----a-w- c:\windows\PSODBCEI.reg

2011-08-05 19:37:47 610 ----a-w- c:\windows\PSOA.reg

2011-08-05 19:37:46 804 ----a-w- c:\windows\PSODBCCI.reg

2011-08-05 19:37:46 17626 ----a-w- c:\windows\PriorPervasive.reg

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec

2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:06:48.18 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
  • 4 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.