Jump to content

Nasty Redirect Trojan


Recommended Posts

So somebody downloaded something from a dodgy site (and was duly lectured). But of course we have to deal with the consequences at hand.

A fake anti-virus thing came up and froze the computer, so I had to reboot. (Cloud-something? Something-Cloud?) It popped up, wouldn't go away, and blocked my ability to disable it using Ctrl+Alt+Delete, as well as blocking MBAM and Microsoft Security Essentials.

Now no matter what browser I use - IE, Firefox, Google Chrome - I get a re-direct and pop-ups in other tabs. It took me 45 minutes to get to the MBAM forums because it kept blocking me at every turn.

I can't access Microsoft Security Essentials at all. I tried to un-install and re-install it hoping that would help, but I was re-directed every time I tried to get to the Microsoft Security Essentials site to, you know, re-install it.

As a last resort, hoping to install SOME protection, I WAS able to get Avira anti-virus on instead (though I prefer MSE) but a short time later the virus turned off the firewall and I'm unable to turn it back on.

The computer has shut down by itself at random twice because of a "major error", and this infection only presented earlier this afternoon (Around 4 PM US Eastern Time).

The whole system is also moving very slowly, even allowing for the computer's age (like, compared to a day ago). MBAM took about six times as long as usual. The first scan I ran in Safe Mode showed and removed three malicious items (but I can't figure out where that log saved to), then there were three clean scans, then another object showed up (shown below).

The computer SEEMS to be behaving a little better since I rebooted after this last MBAM scan, but I'd like somebody who knows more than me to give me an "all clear" rather than allowing an infection to fester.

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7804

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/27/2011 4:00:15 AM

mbam-log-2011-09-27 (04-00-15).txt

Scan type: Full scan (C:\|)

Objects scanned: 254276

Time elapsed: 5 hour(s), 8 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{7cbf4be5-4f02-4c47-9368-371777dbc8c7}\RP151\A0016365.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

DSS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Owner at 17:37:11 on 2011-09-26

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1078 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\3479135023:3499925552.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

LSP: mswsock.dll

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9A02C25C-702D-4229-B079-BC0BFEE83028} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qebcxjvq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=70102

FF - prefs.js: keyword.URL - hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&tbid=70102&qkw=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-26 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-26 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-26 61960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-14 366152]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-14 22216]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 geioiigv;geioiigv;\??\c:\windows\system32\drivers\geioiigv.sys --> c:\windows\system32\drivers\geioiigv.sys [?]

S1 MpKsl1189bada;MpKsl1189bada;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\mpksl1189bada.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\MpKsl1189bada.sys [?]

S1 MpKsl322af7c2;MpKsl322af7c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\mpksl322af7c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\MpKsl322af7c2.sys [?]

S1 MpKsl7fd1f76e;MpKsl7fd1f76e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\mpksl7fd1f76e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\MpKsl7fd1f76e.sys [?]

S1 MpKslb5b3334f;MpKslb5b3334f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1339eb35-d354-42ca-acd2-0f0ab95af0fd}\mpkslb5b3334f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1339eb35-d354-42ca-acd2-0f0ab95af0fd}\MpKslb5b3334f.sys [?]

S1 MpKslb771e3d8;MpKslb771e3d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e845e9d-7661-4f31-a54e-0052f199549e}\mpkslb771e3d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e845e9d-7661-4f31-a54e-0052f199549e}\MpKslb771e3d8.sys [?]

S1 MpKsld08f67e2;MpKsld08f67e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\mpksld08f67e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\MpKsld08f67e2.sys [?]

S1 MpKsld7468dac;MpKsld7468dac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a037f4f2-ef8a-49fe-a073-f79207ad337b}\mpksld7468dac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a037f4f2-ef8a-49fe-a073-f79207ad337b}\MpKsld7468dac.sys [?]

S1 MpKslf3baea30;MpKslf3baea30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{745826d3-5dcd-44fc-8811-c169c308e370}\mpkslf3baea30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{745826d3-5dcd-44fc-8811-c169c308e370}\MpKslf3baea30.sys [?]

S1 MpKslfd8f6657;MpKslfd8f6657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d65d6c7d-ad27-492a-9684-5f894f9feceb}\mpkslfd8f6657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d65d6c7d-ad27-492a-9684-5f894f9feceb}\MpKslfd8f6657.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 msav;Moon Secure Antivirus Core;c:\program files\moon secure antivirus\msavcore.exe --> c:\program files\moon secure antivirus\msavcore.exe [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-15 00:44:23 -------- d-----w- c:\program files\CCleaner

2011-09-26 20:45:54 -------- dc----w- c:\documents and settings\owner\application data\Avira

2011-09-26 20:44:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-26 20:44:37 -------- dc----w- c:\documents and settings\all users\application data\Avira

2011-09-26 20:44:37 -------- d-----w- c:\program files\Avira

2011-09-26 19:11:29 -------- dc----w- c:\documents and settings\owner\application data\lPP00yccS

2011-09-26 19:11:29 -------- dc----w- c:\documents and settings\owner\application data\aiiibDD3onGaQ

2011-09-26 19:11:19 -------- dc----w- c:\documents and settings\owner\application data\wnnG44aQH6dW7fL

2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-08-28 20:10:19 -------- d-----w- c:\program files\common files\Windows Live

.

==================== Find3M ====================

.

2011-09-26 12:41:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 17:41:09.85 ===============

ark.zip

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Antivir and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317o

Link to post
Share on other sites

I was not actually running two anti-virus programs at any point. I installed Avira for a short time because I didn't want the computer completely unprotected while I was trying to figure out the virus. (I was able to get to the Avira website but every attempt to get to Microsoft was blocked.) I have since removed Avira and installed Microsoft Security Essentials again.

The browser is no longer re-directing, though it's still running much slower than before the infection.

At any rate, TDSSKiller found something and rebooted the computer. (After that, I scanned again and it came up clean.)

05:21:02.0015 2628 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

05:21:02.0859 2628 ============================================================

05:21:02.0859 2628 Current date / time: 2011/09/28 05:21:02.0859

05:21:02.0859 2628 SystemInfo:

05:21:02.0859 2628

05:21:02.0859 2628 OS Version: 5.1.2600 ServicePack: 3.0

05:21:02.0859 2628 Product type: Workstation

05:21:02.0859 2628 ComputerName: HOME

05:21:02.0875 2628 UserName: Owner

05:21:02.0875 2628 Windows directory: C:\WINDOWS

05:21:02.0875 2628 System windows directory: C:\WINDOWS

05:21:02.0875 2628 Processor architecture: Intel x86

05:21:02.0875 2628 Number of processors: 1

05:21:02.0875 2628 Page size: 0x1000

05:21:02.0875 2628 Boot type: Normal boot

05:21:02.0875 2628 ============================================================

05:21:08.0828 2628 Initialize success

05:21:19.0796 0276 ============================================================

05:21:19.0796 0276 Scan started

05:21:19.0796 0276 Mode: Manual;

05:21:19.0796 0276 ============================================================

05:21:21.0093 0276 2f635fcf (c3f1a471b9ced627dd4f124e6e0d6c72) C:\WINDOWS\3479135023:3499925552.exe

05:21:21.0296 0276 Suspicious file (Hidden): C:\WINDOWS\3479135023:3499925552.exe. md5: c3f1a471b9ced627dd4f124e6e0d6c72

05:21:21.0296 0276 2f635fcf ( HiddenFile.Multi.Generic ) - warning

05:21:21.0296 0276 2f635fcf - detected HiddenFile.Multi.Generic (1)

05:21:21.0687 0276 Abiosdsk - ok

05:21:22.0187 0276 abp480n5 - ok

05:21:22.0968 0276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

05:21:23.0062 0276 ACPI - ok

05:21:23.0796 0276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

05:21:23.0828 0276 ACPIEC - ok

05:21:24.0437 0276 adpu160m - ok

05:21:25.0328 0276 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

05:21:25.0453 0276 aec - ok

05:21:26.0250 0276 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

05:21:26.0296 0276 AFD - ok

05:21:26.0859 0276 Aha154x - ok

05:21:27.0421 0276 aic78u2 - ok

05:21:28.0015 0276 aic78xx - ok

05:21:28.0593 0276 AliIde - ok

05:21:29.0218 0276 amsint - ok

05:21:29.0750 0276 asc - ok

05:21:30.0234 0276 asc3350p - ok

05:21:30.0812 0276 asc3550 - ok

05:21:31.0593 0276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

05:21:31.0609 0276 AsyncMac - ok

05:21:32.0375 0276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

05:21:32.0375 0276 atapi - ok

05:21:33.0062 0276 Atdisk - ok

05:21:33.0531 0276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

05:21:33.0625 0276 Atmarpc - ok

05:21:34.0171 0276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

05:21:34.0171 0276 audstub - ok

05:21:35.0062 0276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

05:21:35.0125 0276 Beep - ok

05:21:35.0531 0276 catchme - ok

05:21:36.0109 0276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

05:21:36.0140 0276 cbidf2k - ok

05:21:36.0734 0276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

05:21:36.0781 0276 CCDECODE - ok

05:21:37.0250 0276 cd20xrnt - ok

05:21:37.0750 0276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

05:21:37.0843 0276 Cdaudio - ok

05:21:38.0609 0276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

05:21:38.0671 0276 Cdfs - ok

05:21:39.0437 0276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

05:21:39.0500 0276 Cdrom - ok

05:21:40.0015 0276 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

05:21:40.0156 0276 cercsr6 - ok

05:21:40.0796 0276 Changer - ok

05:21:41.0515 0276 CmdIde - ok

05:21:42.0062 0276 Cpqarray - ok

05:21:42.0796 0276 dac2w2k - ok

05:21:43.0640 0276 dac960nt - ok

05:21:44.0265 0276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

05:21:44.0343 0276 Disk - ok

05:21:45.0171 0276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

05:21:45.0359 0276 dmboot - ok

05:21:46.0203 0276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

05:21:46.0281 0276 dmio - ok

05:21:47.0265 0276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

05:21:47.0421 0276 dmload - ok

05:21:48.0015 0276 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

05:21:48.0078 0276 DMusic - ok

05:21:48.0562 0276 dpti2o - ok

05:21:49.0125 0276 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

05:21:49.0203 0276 drmkaud - ok

05:21:49.0796 0276 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

05:21:49.0890 0276 E100B - ok

05:21:50.0406 0276 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys

05:21:50.0515 0276 elagopro - ok

05:21:51.0187 0276 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys

05:21:51.0234 0276 elaunidr - ok

05:21:52.0031 0276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

05:21:52.0140 0276 Fastfat - ok

05:21:52.0734 0276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

05:21:52.0781 0276 Fdc - ok

05:21:53.0421 0276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

05:21:53.0484 0276 Fips - ok

05:21:53.0937 0276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

05:21:53.0984 0276 Flpydisk - ok

05:21:54.0921 0276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

05:21:55.0046 0276 FltMgr - ok

05:21:55.0562 0276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

05:21:55.0625 0276 Fs_Rec - ok

05:21:56.0187 0276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

05:21:56.0265 0276 Ftdisk - ok

05:21:56.0750 0276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

05:21:56.0812 0276 GEARAspiWDM - ok

05:21:57.0171 0276 geioiigv - ok

05:21:57.0531 0276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

05:21:57.0562 0276 Gpc - ok

05:21:58.0031 0276 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

05:21:58.0093 0276 hidusb - ok

05:21:58.0484 0276 hpn - ok

05:21:58.0890 0276 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

05:21:58.0984 0276 HSFHWBS2 - ok

05:21:59.0984 0276 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

05:22:00.0515 0276 HSF_DP - ok

05:22:01.0203 0276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

05:22:01.0296 0276 HTTP - ok

05:22:01.0625 0276 i2omgmt - ok

05:22:01.0859 0276 i2omp - ok

05:22:02.0250 0276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

05:22:02.0359 0276 i8042prt - ok

05:22:03.0296 0276 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

05:22:03.0953 0276 ialm - ok

05:22:04.0484 0276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

05:22:04.0531 0276 Imapi - ok

05:22:04.0968 0276 ini910u - ok

05:22:05.0328 0276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

05:22:05.0328 0276 IntelIde - ok

05:22:05.0812 0276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

05:22:05.0843 0276 intelppm - ok

05:22:06.0265 0276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

05:22:06.0296 0276 Ip6Fw - ok

05:22:06.0781 0276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

05:22:06.0796 0276 IpFilterDriver - ok

05:22:07.0218 0276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

05:22:07.0250 0276 IpInIp - ok

05:22:07.0750 0276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

05:22:07.0859 0276 IpNat - ok

05:22:08.0312 0276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

05:22:08.0390 0276 IPSec - ok

05:22:08.0859 0276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

05:22:08.0921 0276 IRENUM - ok

05:22:09.0406 0276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

05:22:09.0468 0276 isapnp - ok

05:22:09.0875 0276 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys

05:22:09.0906 0276 ivusb - ok

05:22:10.0390 0276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

05:22:10.0437 0276 Kbdclass - ok

05:22:10.0937 0276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

05:22:10.0984 0276 kbdhid - ok

05:22:11.0531 0276 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

05:22:11.0625 0276 kmixer - ok

05:22:12.0171 0276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

05:22:12.0218 0276 KSecDD - ok

05:22:12.0343 0276 Lavasoft Kernexplorer - ok

05:22:12.0687 0276 Lbd - ok

05:22:12.0937 0276 lbrtfdc - ok

05:22:13.0265 0276 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

05:22:13.0296 0276 LVPr2Mon - ok

05:22:13.0828 0276 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys

05:22:14.0015 0276 LVRS - ok

05:22:16.0312 0276 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

05:22:18.0312 0276 LVUVC - ok

05:22:18.0812 0276 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

05:22:18.0812 0276 MBAMProtector - ok

05:22:19.0265 0276 MBAMSwissArmy - ok

05:22:19.0609 0276 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

05:22:19.0640 0276 mdmxsdk - ok

05:22:20.0156 0276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

05:22:20.0187 0276 mnmdd - ok

05:22:20.0750 0276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

05:22:20.0765 0276 Modem - ok

05:22:21.0234 0276 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

05:22:21.0296 0276 MODEMCSA - ok

05:22:21.0781 0276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

05:22:21.0843 0276 Mouclass - ok

05:22:22.0328 0276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

05:22:22.0421 0276 mouhid - ok

05:22:22.0921 0276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

05:22:22.0937 0276 MountMgr - ok

05:22:23.0484 0276 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

05:22:23.0593 0276 MpFilter - ok

05:22:23.0906 0276 MpKsl1189bada - ok

05:22:23.0984 0276 MpKsl322af7c2 - ok

05:22:24.0171 0276 MpKsl4725adf0 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{122952A8-6FA4-4F8E-8809-E606007FAD1F}\MpKsl4725adf0.sys

05:22:24.0187 0276 MpKsl4725adf0 - ok

05:22:24.0468 0276 MpKsl7fd1f76e - ok

05:22:24.0671 0276 MpKsl8c580e6f (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{594E376B-748C-4A9F-A765-684BC1606B52}\MpKsl8c580e6f.sys

05:22:24.0843 0276 MpKsl8c580e6f - ok

05:22:25.0046 0276 MpKslb5b3334f - ok

05:22:25.0125 0276 MpKslb771e3d8 - ok

05:22:25.0203 0276 MpKsld08f67e2 - ok

05:22:25.0265 0276 MpKsld7468dac - ok

05:22:25.0375 0276 MpKslf3baea30 - ok

05:22:25.0406 0276 MpKslfd8f6657 - ok

05:22:25.0781 0276 mraid35x - ok

05:22:26.0171 0276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

05:22:26.0328 0276 MRxDAV - ok

05:22:27.0000 0276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

05:22:27.0203 0276 MRxSmb - ok

05:22:27.0812 0276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

05:22:27.0875 0276 Msfs - ok

05:22:28.0359 0276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

05:22:28.0421 0276 MSKSSRV - ok

05:22:28.0875 0276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

05:22:28.0921 0276 MSPCLOCK - ok

05:22:29.0359 0276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

05:22:29.0390 0276 MSPQM - ok

05:22:29.0812 0276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

05:22:29.0843 0276 mssmbios - ok

05:22:30.0343 0276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

05:22:30.0406 0276 MSTEE - ok

05:22:30.0921 0276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

05:22:30.0937 0276 Mup - ok

05:22:31.0484 0276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

05:22:31.0593 0276 NABTSFEC - ok

05:22:32.0187 0276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

05:22:32.0281 0276 NDIS - ok

05:22:32.0781 0276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

05:22:32.0812 0276 NdisIP - ok

05:22:33.0265 0276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

05:22:33.0296 0276 NdisTapi - ok

05:22:33.0750 0276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

05:22:33.0812 0276 Ndisuio - ok

05:22:34.0312 0276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

05:22:34.0437 0276 NdisWan - ok

05:22:34.0953 0276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

05:22:34.0953 0276 NDProxy - ok

05:22:35.0437 0276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

05:22:35.0500 0276 NetBIOS - ok

05:22:36.0062 0276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

05:22:36.0156 0276 NetBT - ok

05:22:36.0859 0276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

05:22:36.0906 0276 Npfs - ok

05:22:37.0640 0276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

05:22:37.0843 0276 Ntfs - ok

05:22:38.0203 0276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

05:22:38.0250 0276 Null - ok

05:22:38.0593 0276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

05:22:38.0640 0276 NwlnkFlt - ok

05:22:39.0109 0276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

05:22:39.0203 0276 NwlnkFwd - ok

05:22:39.0703 0276 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

05:22:39.0859 0276 OMCI - ok

05:22:40.0390 0276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

05:22:40.0500 0276 Parport - ok

05:22:40.0968 0276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

05:22:41.0031 0276 PartMgr - ok

05:22:41.0593 0276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

05:22:41.0656 0276 ParVdm - ok

05:22:42.0187 0276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

05:22:42.0296 0276 PCI - ok

05:22:42.0734 0276 PCIDump - ok

05:22:43.0125 0276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

05:22:43.0156 0276 PCIIde - ok

05:22:43.0609 0276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

05:22:43.0687 0276 Pcmcia - ok

05:22:44.0078 0276 PDCOMP - ok

05:22:44.0343 0276 PDFRAME - ok

05:22:44.0593 0276 PDRELI - ok

05:22:44.0812 0276 PDRFRAME - ok

05:22:45.0078 0276 perc2 - ok

05:22:45.0437 0276 perc2hib - ok

05:22:46.0187 0276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

05:22:46.0265 0276 PptpMiniport - ok

05:22:46.0843 0276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

05:22:46.0937 0276 PSched - ok

05:22:47.0406 0276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

05:22:47.0406 0276 Ptilink - ok

05:22:47.0843 0276 ql1080 - ok

05:22:48.0046 0276 Ql10wnt - ok

05:22:48.0312 0276 ql12160 - ok

05:22:48.0562 0276 ql1240 - ok

05:22:48.0765 0276 ql1280 - ok

05:22:49.0093 0276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

05:22:49.0140 0276 RasAcd - ok

05:22:49.0656 0276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

05:22:49.0718 0276 Rasl2tp - ok

05:22:50.0234 0276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

05:22:50.0296 0276 RasPppoe - ok

05:22:50.0843 0276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

05:22:50.0890 0276 Raspti - ok

05:22:51.0515 0276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

05:22:51.0656 0276 Rdbss - ok

05:22:52.0109 0276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

05:22:52.0156 0276 RDPCDD - ok

05:22:52.0781 0276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

05:22:52.0812 0276 RDPWD - ok

05:22:53.0312 0276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

05:22:53.0359 0276 redbook - ok

05:22:53.0921 0276 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

05:22:53.0953 0276 ROOTMODEM - ok

05:22:54.0531 0276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

05:22:54.0531 0276 Secdrv - ok

05:22:55.0906 0276 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

05:22:56.0296 0276 senfilt - ok

05:22:56.0843 0276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

05:22:56.0875 0276 serenum - ok

05:22:57.0375 0276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

05:22:57.0437 0276 Sfloppy - ok

05:22:57.0812 0276 Simbad - ok

05:22:58.0187 0276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

05:22:58.0218 0276 SLIP - ok

05:22:58.0828 0276 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

05:22:59.0000 0276 smwdm - ok

05:22:59.0343 0276 Sparrow - ok

05:22:59.0687 0276 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

05:22:59.0718 0276 splitter - ok

05:23:00.0546 0276 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys

05:23:01.0015 0276 sptd - ok

05:23:01.0593 0276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

05:23:01.0671 0276 sr - ok

05:23:02.0218 0276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

05:23:02.0359 0276 Srv - ok

05:23:02.0937 0276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

05:23:03.0000 0276 streamip - ok

05:23:03.0468 0276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

05:23:03.0515 0276 swenum - ok

05:23:04.0062 0276 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

05:23:04.0156 0276 swmidi - ok

05:23:04.0546 0276 symc810 - ok

05:23:04.0781 0276 symc8xx - ok

05:23:05.0046 0276 sym_hi - ok

05:23:05.0296 0276 sym_u3 - ok

05:23:05.0906 0276 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

05:23:05.0953 0276 sysaudio - ok

05:23:06.0609 0276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

05:23:06.0765 0276 Tcpip - ok

05:23:07.0265 0276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

05:23:07.0296 0276 TDPIPE - ok

05:23:07.0796 0276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

05:23:07.0828 0276 TDTCP - ok

05:23:08.0328 0276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

05:23:08.0406 0276 TermDD - ok

05:23:08.0781 0276 TosIde - ok

05:23:09.0187 0276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

05:23:09.0281 0276 Udfs - ok

05:23:09.0671 0276 ultra - ok

05:23:10.0187 0276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

05:23:10.0390 0276 Update - ok

05:23:10.0906 0276 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

05:23:10.0937 0276 usbaudio - ok

05:23:11.0468 0276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

05:23:11.0531 0276 usbccgp - ok

05:23:12.0140 0276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

05:23:12.0187 0276 usbehci - ok

05:23:12.0687 0276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

05:23:12.0781 0276 usbhub - ok

05:23:13.0296 0276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

05:23:13.0359 0276 usbprint - ok

05:23:13.0843 0276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

05:23:13.0906 0276 usbscan - ok

05:23:14.0453 0276 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

05:23:14.0453 0276 usbstor - ok

05:23:15.0046 0276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

05:23:15.0093 0276 usbuhci - ok

05:23:15.0625 0276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

05:23:15.0687 0276 usbvideo - ok

05:23:16.0171 0276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

05:23:16.0203 0276 VgaSave - ok

05:23:16.0671 0276 ViaIde - ok

05:23:17.0046 0276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

05:23:17.0109 0276 VolSnap - ok

05:23:17.0703 0276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

05:23:17.0781 0276 Wanarp - ok

05:23:18.0203 0276 WDICA - ok

05:23:18.0578 0276 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

05:23:18.0625 0276 wdmaud - ok

05:23:19.0421 0276 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

05:23:19.0828 0276 winachsf - ok

05:23:20.0515 0276 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

05:23:20.0546 0276 WS2IFSL - ok

05:23:21.0109 0276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

05:23:21.0156 0276 WSTCODEC - ok

05:23:21.0750 0276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

05:23:21.0796 0276 WudfPf - ok

05:23:22.0375 0276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

05:23:22.0421 0276 WudfRd - ok

05:23:22.0515 0276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

05:23:24.0359 0276 \Device\Harddisk0\DR0 - ok

05:23:24.0406 0276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4

05:23:24.0484 0276 \Device\Harddisk1\DR4 - ok

05:23:24.0500 0276 Boot (0x1200) (fe6d582008521713c11fb68657ce1b56) \Device\Harddisk0\DR0\Partition0

05:23:24.0500 0276 \Device\Harddisk0\DR0\Partition0 - ok

05:23:24.0515 0276 Boot (0x1200) (e7af4236a29384112c26c1bc8e7f8f77) \Device\Harddisk1\DR4\Partition0

05:23:24.0515 0276 \Device\Harddisk1\DR4\Partition0 - ok

05:23:24.0515 0276 ============================================================

05:23:24.0515 0276 Scan finished

05:23:24.0515 0276 ============================================================

05:23:24.0546 1984 Detected object count: 1

05:23:24.0546 1984 Actual detected object count: 1

05:23:39.0671 1984 HKLM\SYSTEM\ControlSet002\services\2f635fcf - will be deleted on reboot

05:23:39.0671 1984 HKLM\SYSTEM\ControlSet003\services\2f635fcf - will be deleted on reboot

05:23:39.0671 1984 C:\WINDOWS\3479135023:3499925552.exe - will be deleted on reboot

05:23:39.0671 1984 2f635fcf ( HiddenFile.Multi.Generic ) - User select action: Delete

05:25:26.0437 2168 Deinitialize success

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Owner at 5:39:00 on 2011-09-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1488 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

svchost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

LSP: mswsock.dll

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9A02C25C-702D-4229-B079-BC0BFEE83028} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qebcxjvq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=70102

FF - prefs.js: keyword.URL - hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&tbid=70102&qkw=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKslf41934ba;MpKslf41934ba;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{122952a8-6fa4-4f8e-8809-e606007fad1f}\MpKslf41934ba.sys [2011-9-28 28752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-14 366152]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-14 22216]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 geioiigv;geioiigv;\??\c:\windows\system32\drivers\geioiigv.sys --> c:\windows\system32\drivers\geioiigv.sys [?]

S1 MpKsl1189bada;MpKsl1189bada;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\mpksl1189bada.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\MpKsl1189bada.sys [?]

S1 MpKsl322af7c2;MpKsl322af7c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\mpksl322af7c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\MpKsl322af7c2.sys [?]

S1 MpKsl7fd1f76e;MpKsl7fd1f76e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\mpksl7fd1f76e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\MpKsl7fd1f76e.sys [?]

S1 MpKslb5b3334f;MpKslb5b3334f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1339eb35-d354-42ca-acd2-0f0ab95af0fd}\mpkslb5b3334f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1339eb35-d354-42ca-acd2-0f0ab95af0fd}\MpKslb5b3334f.sys [?]

S1 MpKslb771e3d8;MpKslb771e3d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e845e9d-7661-4f31-a54e-0052f199549e}\mpkslb771e3d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e845e9d-7661-4f31-a54e-0052f199549e}\MpKslb771e3d8.sys [?]

S1 MpKsld08f67e2;MpKsld08f67e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\mpksld08f67e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\MpKsld08f67e2.sys [?]

S1 MpKsld7468dac;MpKsld7468dac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a037f4f2-ef8a-49fe-a073-f79207ad337b}\mpksld7468dac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a037f4f2-ef8a-49fe-a073-f79207ad337b}\MpKsld7468dac.sys [?]

S1 MpKslf3baea30;MpKslf3baea30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{745826d3-5dcd-44fc-8811-c169c308e370}\mpkslf3baea30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{745826d3-5dcd-44fc-8811-c169c308e370}\MpKslf3baea30.sys [?]

S1 MpKslfd8f6657;MpKslfd8f6657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d65d6c7d-ad27-492a-9684-5f894f9feceb}\mpkslfd8f6657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d65d6c7d-ad27-492a-9684-5f894f9feceb}\MpKslfd8f6657.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 msav;Moon Secure Antivirus Core;c:\program files\moon secure antivirus\msavcore.exe --> c:\program files\moon secure antivirus\msavcore.exe [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

=============== Created Last 30 ================

.

2011-12-15 00:44:23 -------- d-----w- c:\program files\CCleaner

2011-09-28 09:30:01 28752 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{122952a8-6fa4-4f8e-8809-e606007fad1f}\MpKslf41934ba.sys

2011-09-28 09:28:55 56200 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{122952a8-6fa4-4f8e-8809-e606007fad1f}\offreg.dll

2011-09-28 08:51:07 7269712 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{122952a8-6fa4-4f8e-8809-e606007fad1f}\mpengine.dll

2011-09-28 03:56:46 7269712 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-09-27 08:30:01 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-26 19:11:29 -------- dc----w- c:\documents and settings\owner\application data\lPP00yccS

2011-09-26 19:11:29 -------- dc----w- c:\documents and settings\owner\application data\aiiibDD3onGaQ

2011-09-26 19:11:19 -------- dc----w- c:\documents and settings\owner\application data\wnnG44aQH6dW7fL

2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-26 12:41:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 5:42:57.17 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I appreciate everyone's help with this. I'm sorry if I sounded at all short in my previous post - this is just a really frustrating, hair-pulling-out bastard of a virus. It's a REALLY inconvenient time for the computer to break down (well, really, is there ever a convenient time?) but we only have the one computer and I'd prefer to avoid taking it in anywhere if at all possible - we're moving across the country in less than a month, so we're pretty much flat broke.

If it helps anything, there don't APPEAR to be any processes running in the background that shouldn't be, but Internet Explorer in particular seems to be taking up more memory when it runs than it should be.

Anyway, here are the logs.

~Emily

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7870

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/4/2011 8:40:16 PM

mbam-log-2011-10-04 (20-40-16).txt

Scan type: Quick scan

Objects scanned: 203885

Time elapsed: 17 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Combofix

ComboFix 11-10-04.04 - Owner 10/04/2011 21:02:32.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1670 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB36691$

c:\windows\$NtUninstallKB36691$\269545262

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))

.

.

2011-12-15 00:44 . 2011-10-04 22:43 -------- d-----w- c:\program files\CCleaner

2011-10-05 01:17 . 2011-10-05 01:17 56200 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18ECADB0-6167-419C-AF6B-2F8F9F3C71EA}\offreg.dll

2011-10-04 23:54 . 2011-10-04 23:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware

2011-10-04 23:53 . 2011-09-12 20:14 7269712 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18ECADB0-6167-419C-AF6B-2F8F9F3C71EA}\mpengine.dll

2011-10-04 23:31 . 2011-10-05 00:00 -------- dc----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-10-03 19:36 . 2011-10-03 19:38 -------- d-----w- c:\program files\Linksys EasyLink Advisor

2011-09-29 19:54 . 2011-09-29 19:54 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-29 05:33 . 2011-09-29 05:33 -------- dc----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics

2011-09-29 03:26 . 2011-09-12 20:14 7269712 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-28 18:59 . 2011-09-28 19:00 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-26 19:50 . 2011-09-26 19:50 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache

2011-09-26 19:11 . 2011-09-26 19:11 -------- dc----w- c:\documents and settings\Owner\Application Data\lPP00yccS

2011-09-26 19:11 . 2011-09-26 19:11 -------- dc----w- c:\documents and settings\Owner\Application Data\aiiibDD3onGaQ

2011-09-26 19:11 . 2011-09-26 19:11 -------- dc----w- c:\documents and settings\Owner\Application Data\wnnG44aQH6dW7fL

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 12:41 . 2011-05-18 03:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00 . 2011-04-14 10:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-09-14 02:07 . 2011-06-19 02:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-08-31_13.02.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll

+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll

+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll

+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll

+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll

+ 2011-10-05 01:17 . 2011-10-05 01:17 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat

+ 2004-08-04 10:00 . 2011-10-03 19:56 87056 c:\windows\system32\perfc009.dat

+ 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys

- 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys

+ 2007-03-22 16:57 . 2007-03-22 16:57 28672 c:\windows\system32\drivers\elagopro.sys

- 2007-03-22 17:57 . 2007-03-22 17:57 28672 c:\windows\system32\drivers\elagopro.sys

+ 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\dllcache\serial.sys

+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll

+ 2007-03-22 16:57 . 2007-03-22 16:57 5376 c:\windows\system32\drivers\elaunidr.sys

- 2007-03-22 17:57 . 2007-03-22 17:57 5376 c:\windows\system32\drivers\elaunidr.sys

+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll

+ 2004-08-04 10:00 . 2011-10-03 19:56 502590 c:\windows\system32\perfh009.dat

+ 2011-09-26 12:41 . 2011-09-26 12:41 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe

+ 2011-09-26 12:41 . 2011-09-26 12:41 328864 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.dll

+ 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2011-09-28 19:00 . 2011-09-28 19:00 785920 c:\windows\Installer\20951ef.msi

+ 2011-09-28 18:59 . 2011-09-28 18:59 483840 c:\windows\Installer\20951e8.msi

+ 2011-09-28 18:59 . 2011-09-28 18:59 301056 c:\windows\Installer\20951e2.msi

+ 2011-09-13 20:17 . 2011-09-13 20:17 332288 c:\windows\Installer\1e52c5e8.msi

+ 2011-10-03 19:36 . 2011-10-03 19:36 331776 c:\windows\Installer\12e72a2d.msi

+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll

+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll

+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll

+ 2011-01-18 23:29 . 2011-09-29 19:55 2539220 c:\windows\system32\Restore\rstrlog.dat

+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe

+ 2010-06-21 00:45 . 2011-09-28 07:02 47369160 c:\windows\system32\MRT.exe

+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\2b63ea.msp

+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/14/2011 6:52 AM 366152]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]

R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 1:11 AM 428640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/14/2011 6:52 AM 22216]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S1 geioiigv;geioiigv;\??\c:\windows\system32\drivers\geioiigv.sys --> c:\windows\system32\drivers\geioiigv.sys [?]

S1 MpKsl1189bada;MpKsl1189bada;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B74D965-FEEE-47C3-BB74-BFA7D8F20BA7}\MpKsl1189bada.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B74D965-FEEE-47C3-BB74-BFA7D8F20BA7}\MpKsl1189bada.sys [?]

S1 MpKsl322af7c2;MpKsl322af7c2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0928F610-8092-495F-9A92-DACA9758D677}\MpKsl322af7c2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0928F610-8092-495F-9A92-DACA9758D677}\MpKsl322af7c2.sys [?]

S1 MpKsl38ee3d9a;MpKsl38ee3d9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED7B4351-CED2-401C-BDA0-EDE0D172AD28}\MpKsl38ee3d9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED7B4351-CED2-401C-BDA0-EDE0D172AD28}\MpKsl38ee3d9a.sys [?]

S1 MpKsl7fd1f76e;MpKsl7fd1f76e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0928F610-8092-495F-9A92-DACA9758D677}\MpKsl7fd1f76e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0928F610-8092-495F-9A92-DACA9758D677}\MpKsl7fd1f76e.sys [?]

S1 MpKslb5b3334f;MpKslb5b3334f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1339EB35-D354-42CA-ACD2-0F0AB95AF0FD}\MpKslb5b3334f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1339EB35-D354-42CA-ACD2-0F0AB95AF0FD}\MpKslb5b3334f.sys [?]

S1 MpKslb771e3d8;MpKslb771e3d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E845E9D-7661-4F31-A54E-0052F199549E}\MpKslb771e3d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E845E9D-7661-4F31-A54E-0052F199549E}\MpKslb771e3d8.sys [?]

S1 MpKsld08f67e2;MpKsld08f67e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B74D965-FEEE-47C3-BB74-BFA7D8F20BA7}\MpKsld08f67e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B74D965-FEEE-47C3-BB74-BFA7D8F20BA7}\MpKsld08f67e2.sys [?]

S1 MpKsld7468dac;MpKsld7468dac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A037F4F2-EF8A-49FE-A073-F79207AD337B}\MpKsld7468dac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A037F4F2-EF8A-49FE-A073-F79207AD337B}\MpKsld7468dac.sys [?]

S1 MpKslf3baea30;MpKslf3baea30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{745826D3-5DCD-44FC-8811-C169C308E370}\MpKslf3baea30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{745826D3-5DCD-44FC-8811-C169C308E370}\MpKslf3baea30.sys [?]

S1 MpKslfd8f6657;MpKslfd8f6657;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D65D6C7D-AD27-492A-9684-5F894F9FECEB}\MpKslfd8f6657.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D65D6C7D-AD27-492A-9684-5F894F9FECEB}\MpKslfd8f6657.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 msav;Moon Secure Antivirus Core;c:\program files\Moon Secure Antivirus\msavcore.exe --> c:\program files\Moon Secure Antivirus\msavcore.exe [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/26/2010 3:13 AM 691696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-362288127-1801674531-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 22:57]

.

2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-362288127-1801674531-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 22:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qebcxjvq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=70102

FF - prefs.js: keyword.URL - hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&tbid=70102&qkw=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Notify-TPSvc - TPSvc.dll

SafeBoot-05244773.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-04 21:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3996)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\locator.exe

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2011-10-04 21:41:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-05 01:41

ComboFix2.txt 2011-08-31 13:04

ComboFix3.txt 2011-07-29 10:31

ComboFix4.txt 2011-07-24 14:47

ComboFix5.txt 2011-10-05 00:46

.

Pre-Run: 20,390,670,336 bytes free

Post-Run: 20,576,415,744 bytes free

.

- - End Of File - - A861BF750F6C8EE8CB76C2904363A980

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Owner at 21:43:53 on 2011-10-04

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1543 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9A02C25C-702D-4229-B079-BC0BFEE83028} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qebcxjvq.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=70102

FF - prefs.js: keyword.URL - hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&tbid=70102&qkw=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-14 366152]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-14 22216]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]

S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]

S1 geioiigv;geioiigv;\??\c:\windows\system32\drivers\geioiigv.sys --> c:\windows\system32\drivers\geioiigv.sys [?]

S1 MpKsl1189bada;MpKsl1189bada;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\mpksl1189bada.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\MpKsl1189bada.sys [?]

S1 MpKsl322af7c2;MpKsl322af7c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\mpksl322af7c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\MpKsl322af7c2.sys [?]

S1 MpKsl38ee3d9a;MpKsl38ee3d9a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed7b4351-ced2-401c-bda0-ede0d172ad28}\mpksl38ee3d9a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed7b4351-ced2-401c-bda0-ede0d172ad28}\MpKsl38ee3d9a.sys [?]

S1 MpKsl7fd1f76e;MpKsl7fd1f76e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\mpksl7fd1f76e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0928f610-8092-495f-9a92-daca9758d677}\MpKsl7fd1f76e.sys [?]

S1 MpKslb5b3334f;MpKslb5b3334f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1339eb35-d354-42ca-acd2-0f0ab95af0fd}\mpkslb5b3334f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1339eb35-d354-42ca-acd2-0f0ab95af0fd}\MpKslb5b3334f.sys [?]

S1 MpKslb771e3d8;MpKslb771e3d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e845e9d-7661-4f31-a54e-0052f199549e}\mpkslb771e3d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e845e9d-7661-4f31-a54e-0052f199549e}\MpKslb771e3d8.sys [?]

S1 MpKsld08f67e2;MpKsld08f67e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\mpksld08f67e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b74d965-feee-47c3-bb74-bfa7d8f20ba7}\MpKsld08f67e2.sys [?]

S1 MpKsld7468dac;MpKsld7468dac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a037f4f2-ef8a-49fe-a073-f79207ad337b}\mpksld7468dac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a037f4f2-ef8a-49fe-a073-f79207ad337b}\MpKsld7468dac.sys [?]

S1 MpKslf3baea30;MpKslf3baea30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{745826d3-5dcd-44fc-8811-c169c308e370}\mpkslf3baea30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{745826d3-5dcd-44fc-8811-c169c308e370}\MpKslf3baea30.sys [?]

S1 MpKslfd8f6657;MpKslfd8f6657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d65d6c7d-ad27-492a-9684-5f894f9feceb}\mpkslfd8f6657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d65d6c7d-ad27-492a-9684-5f894f9feceb}\MpKslfd8f6657.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 msav;Moon Secure Antivirus Core;c:\program files\moon secure antivirus\msavcore.exe --> c:\program files\moon secure antivirus\msavcore.exe [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-15 00:44:23 -------- d-----w- c:\program files\CCleaner

2011-10-05 01:17:26 56200 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{18ecadb0-6167-419c-af6b-2f8f9f3c71ea}\offreg.dll

2011-10-04 23:54:38 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware

2011-10-04 23:53:10 7269712 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{18ecadb0-6167-419c-af6b-2f8f9f3c71ea}\mpengine.dll

2011-10-04 23:31:14 -------- dc----w- c:\documents and settings\all users\application data\STOPzilla!

2011-10-03 19:36:31 -------- d-----w- c:\program files\Linksys EasyLink Advisor

2011-09-29 19:54:41 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-29 19:54:41 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-29 16:59:23 -------- d-----w- c:\program files\Linksys EasyLink Advisor(2)

2011-09-29 05:33:04 -------- dc----w- c:\documents and settings\owner\application data\ElevatedDiagnostics

2011-09-29 03:26:42 7269712 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-09-28 18:59:41 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-26 19:11:29 -------- dc----w- c:\documents and settings\owner\application data\lPP00yccS

2011-09-26 19:11:29 -------- dc----w- c:\documents and settings\owner\application data\aiiibDD3onGaQ

2011-09-26 19:11:19 -------- dc----w- c:\documents and settings\owner\application data\wnnG44aQH6dW7fL

2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-09-26 12:41:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 21:44:33.82 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.