Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: truckie on March 15, 2011, 11:46:22 AM
-
Hi there, I had the spyware problem where the file AvastUI.exe was infected, I followed the instructions to get rid of it from another post on here which ended with downloading Malwarebytes anti-malware and then DDS and asking the original poster to post their logs..what do I do now? Is the spyware gone and should I post my logs? Sorry if this is the wrong place, I've never used this forum before. Thanks.
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Hi, thanks a lot! I found some programs I haven't seen before while on Step 1 -
"Atheros Communications Inc.(R) AR81 Family Gigabit/Fast Ethernet Driver"
"Broadcom 802.11 Wireless LAN Adapter"
"HP Customer Experience Enhancements"
"HP QuickSync"
"IDT Audio"
"LogonStudio"
"Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053" and another similar one however 2008 version
"Power2Go"
"SPIF225 USB to SATA Bridge 98 Drive Installer"
and finally "Synaptics Pointing Device Driver"
Im sure theyre all normal, I've just never seen them before.
Are they okay?
thanks
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***************************************************
Yes, they're ok. Please continue and post the necessary logs.
-
I had run the scan for SUPERAntiSpyware and Malwarebytes AntiMalware yesterday and today I ran them again - however no infections came up, I also ran the HiJackThis scan but when it opened notepad it said it could not find the log? But here are the logs for SUPERAntiSpyware, Malwarebytes AntiMalware and DDS from yesterday:
SUPERAntiSpyware yesterday(excuse the dates I had previously changed the date on my laptop as I was told this may help with the virus):
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/10/2009 at 03:24 AM
Application Version : 4.49.1000
Core Rules Database Version : 6584
Trace Rules Database Version: 4396
Scan type : Complete Scan
Total Scan Time : 02:04:04
Memory items scanned : 670
Memory threats detected : 0
Registry items scanned : 7454
Registry threats detected : 1
File items scanned : 115997
File threats detected : 117
Adware.Tracking Cookie
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@atdmt[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@serving-sys[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@doubleclick[1].txt
.doubleclick.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-newscientist.hitbox.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ehg-newscientist.hitbox.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fuckyeahvoldemort.wordpress.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
cdn.eyewonder.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Laurie\AppData\Local\Temp\Low\Cookies\laurie@2o7[2].txt
C:\Users\Laurie\AppData\Local\Temp\Low\Cookies\laurie@advertising[2].txt
C:\Users\Laurie\AppData\Local\Temp\Low\Cookies\laurie@doubleclick[1].txt
C:\Users\Laurie\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
cdn.insights.gravity.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
cloud.video.unrulymedia.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
ec.atdmt.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
gw.callingbanners.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
ia.media-imdb.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
media.mtvnservices.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
media.oprah.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
media.stereofame.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
objects.tremormedia.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
s0.2mdn.net [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
secure-uk.imrworldwide.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
secure-us.imrworldwide.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
serving-sys.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
spe.atdmt.com [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
stat.easydate.biz [ C:\Users\Laurie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6C66EKRG ]
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@2o7[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adtech[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[3].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@apmebf[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@chitika[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@collective-media[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@doubleclick[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@doubleclick[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@fastclick[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@invitemedia[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@media6degrees[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@mediaplex[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@partypoker[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revenue[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@serving-sys[1].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@tribalfusion[2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@zedo[1].txt
Malware.Trace
HKU\S-1-5-21-3758040321-2433826461-1242790299-1000\Software\qni8hj710fdl
Trojan.Agent/Gen-IEFake
C:\USERS\LAURIE\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\LAURIE\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\LAURIE\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
Trojan.Agent/Gen-PEC
C:\USERS\LAURIE\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
Malwarebytes AntiMalware log from yesterday:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6039
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/03/2009 12:56:54
mbam-log-2009-03-10 (12-56-53).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 257383
Time elapsed: 1 hour(s), 28 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kFfLcFo06300 (Trojan.FakeAlert) -> Value: kFfLcFo06300 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dmgpkmac (Trojan.FakeAlert.Gen) -> Value: dmgpkmac -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\kfflcfo06300\kfflcfo06300.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
DDS logs from yesterday:
"DDS"
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Laurie at 13:05:31.09 on 10/03/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1015.162 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\MyColors\VistaSrv.exe
C:\Program Files\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Laurie\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Laurie\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [Google Update] "c:\users\laurie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\laurie\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [RevHDD] c:\windows\system\RevHDD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\mycolors\SDDelayedLaunch.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\laurie\appdata\roaming\mozilla\firefox\profiles\zgs32r34.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\users\laurie\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-3 293968]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe [2009-12-17 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-3 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-3 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-3 40384]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-9 323584]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-17 29472]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-4-28 50688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-10 38224]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-17 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S4 Erisorvr_wor;Erisorvr_wor;c:\windows\system32\DeviceEject.exe [2009-7-13 26112]
.
=============== Created Last 30 ================
.
2011-03-12 23:26:40 -------- d-----w- c:\progra~2\kFfLcFo06300
2011-03-11 15:48:06 5943120 begin_of_the_skype_highlighting 06 5943120 end_of_the_skype_highlighting ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dc1214b2-9eb1-423b-9627-1f8b1d9431ba}\mpengine.dll
2011-03-09 15:25:57 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 15:25:56 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 15:25:55 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 15:25:50 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 15:25:49 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:25:48 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:25:48 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:25:45 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:25:44 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-02-23 03:01:01 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 18:07:03 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 18:07:02 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-15 13:19:57 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-01-27 19:25:23 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-01-12 19:22:38 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-12 19:22:34 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-12 19:22:33 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-12 19:22:33 107520 ----a-w- c:\windows\system32\cdd.dll
2011-01-12 19:22:32 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-01-12 19:22:32 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-12 19:22:31 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-12 19:22:20 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 19:22:18 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 19:22:18 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 19:22:17 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 19:22:17 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-03 20:00:34 -------- d-----w- c:\progra~2\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-27 19:03:15 -------- d-----w- c:\program files\uTorrent
2010-12-27 19:01:26 -------- d-----w- c:\users\laurie\appdata\roaming\uTorrent
2010-12-27 18:50:16 -------- d-----w- c:\users\laurie\appdata\roaming\Shareaza
2010-12-27 18:50:16 -------- d-----w- c:\users\laurie\appdata\local\Shareaza
2010-12-15 02:47:32 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 02:47:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 02:45:59 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 02:45:59 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 02:45:58 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 02:45:58 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 02:45:57 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 02:45:56 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-15 02:45:21 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:45:16 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 02:45:07 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-12 18:37:36 -------- d-----w- c:\users\laurie\appdata\local\Google
2010-12-12 18:36:27 -------- d-----w- c:\users\laurie\appdata\roaming\Local
2010-12-12 18:30:56 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-12-12 18:29:12 -------- d-----w- c:\program files\DivX
2010-12-12 18:28:41 -------- d-----w- c:\progra~2\DivX
2010-11-24 16:22:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-18 00:27:52 -------- d-----w- c:\program files\MSECache
2010-10-27 00:02:57 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 00:02:44 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 00:55:34 -------- d-----w- c:\program files\Yawcam
2010-10-14 20:21:40 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 20:21:39 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 20:21:20 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 20:21:19 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 20:21:16 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 20:21:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 20:21:13 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 20:21:05 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 20:21:02 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 20:20:58 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 20:20:57 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 20:20:57 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 20:20:57 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 20:20:55 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 20:20:54 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-06 01:37:38 -------- d-----w- c:\users\laurie\appdata\roaming\Spotify
2010-10-06 01:37:38 -------- d-----w- c:\users\laurie\appdata\local\Spotify
2010-10-06 01:37:33 -------- d-----w- c:\program files\Spotify
2010-09-30 15:53:50 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-30 15:53:49 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 13:37:04 12278608 ----a-w- c:\program files\common files\microsoft shared\office11\MSO.DLL
2010-09-23 00:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-21 14:13:50 1564072 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL
2010-09-21 14:08:38 439168 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
2010-09-21 14:06:02 853912 ----a-w- c:\program files\common files\microsoft shared\windows live\wlidcli.dll
2010-09-21 14:06:02 57752 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
2010-09-21 14:03:14 332160 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDCREDPROV.DLL
2010-09-21 14:03:14 237952 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDPROV.DLL
2010-09-21 14:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 14:03:14 193408 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE
2010-09-21 14:03:14 1710464 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE
2010-09-21 14:03:14 145280 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDNSP.DLL
2010-09-19 14:04:34 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 10:50:22 17244544 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2010-09-14 17:09:22 -------- d-----w- c:\users\laurie\appdata\local\Adobe
2010-09-10 19:23:39 -------- d-----w- c:\users\laurie\appdata\local\Apple Computer
2010-09-10 19:23:11 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-10 19:23:11 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-10 19:21:49 -------- d-----w- c:\program files\iPod
2010-09-10 19:21:46 -------- d-----w- c:\program files\iTunes
2010-09-10 19:21:46 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-10 17:19:41 -------- d-----w- c:\users\laurie\appdata\local\Apple
2010-09-10 17:18:56 -------- d-----w- c:\program files\Bonjour
2010-09-07 17:48:41 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-09-06 21:45:35 -------- d-----w- c:\users\laurie\appdata\roaming\HP Support Assistant
2010-09-06 21:43:45 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-09-06 21:37:17 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-09-06 21:37:17 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-09-06 21:37:17 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-09-06 21:37:17 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-09-06 21:37:17 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-09-06 21:37:08 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-09-06 21:37:08 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-09-06 18:38:41 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-06 18:37:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-06 18:37:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-06 18:37:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-06 18:37:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-06 18:37:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-06 18:28:46 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-09-06 16:07:05 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-09-06 16:07:04 507568 ----a-w- c:\windows\system32\winload.exe
2010-09-06 16:07:04 442920 ----a-w- c:\windows\system32\winresume.exe
2010-09-06 16:06:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-09-06 16:06:30 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-06 16:06:03 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-09-06 16:05:01 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-09-06 16:05:01 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-09-06 16:04:56 2614272 ----a-w- c:\windows\explorer.exe
2010-09-06 16:04:55 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-09-06 16:04:52 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-09-06 16:04:38 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-09-06 16:04:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-06 16:04:20 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-09-06 16:04:15 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-06 16:04:15 1619968 ----a-w- c:\program files\windows mail\msoe.dll
2010-09-06 16:02:16 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-09-06 16:01:30 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-09-06 16:01:28 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-09-06 16:01:28 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-09-06 16:01:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-09-06 16:01:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-09-06 16:01:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-09-06 16:01:27 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-09-06 16:01:27 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-09-06 16:01:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-09-06 15:59:26 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-06 15:59:26 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-06 15:59:26 369152 ----a-w- c:\windows\system32\secproc.dll
2010-09-06 15:59:26 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-06 15:59:26 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-06 15:59:26 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-06 15:59:25 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-06 15:59:25 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-06 15:59:03 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-06 15:59:03 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-06 15:59:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-06 15:58:41 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-09-06 15:49:47 -------- d-----w- c:\users\laurie\appdata\roaming\Windows Live Writer
2010-09-06 15:49:47 -------- d-----w- c:\users\laurie\appdata\local\Windows Live Writer
2010-09-06 15:46:26 -------- d-----w- c:\users\laurie\appdata\roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
2010-09-05 22:42:16 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-09-05 22:42:16 -------- d-----w- c:\windows\system32\x64
2010-09-05 22:39:13 132608 ----a-w- c:\windows\system32\cabview.dll
2010-09-05 22:39:12 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-05 20:28:24 -------- d-----w- c:\users\laurie\appdata\local\Diagnostics
2010-09-05 19:39:35 17828 ----a-r- c:\windows\system32\drivers\SPIF225.sys
2010-09-05 19:39:35 -------- d-----w- c:\windows\system\Iosubsys
2010-09-05 19:39:34 212992 ----a-r- c:\windows\system32\drivers\RevHDD.exe
2010-09-05 19:38:17 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2010-09-05 19:38:17 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2010-09-05 19:38:17 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2010-09-05 19:38:16 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2010-09-05 19:38:16 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2010-09-05 19:37:55 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2010-09-05 19:37:54 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2010-09-05 17:47:34 -------- d-----w- c:\progra~2\Alwil Software
2010-09-05 17:38:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-05 17:09:27 -------- d-----r- c:\program files\Skype
2010-09-05 16:27:31 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-09-05 16:27:31 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-09-05 16:27:31 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-09-05 16:27:30 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-09-05 16:27:21 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-09-05 16:27:18 -------- d-----w- c:\users\laurie\appdata\local\Programs
2010-09-05 16:26:39 -------- d-----w- c:\users\laurie\appdata\local\ArcSoft
2010-09-05 16:26:39 -------- d-----w- c:\progra~2\ArcSoft
2010-09-05 16:12:35 -------- d-----w- c:\users\laurie\appdata\roaming\HpUpdate
2010-09-05 16:10:55 -------- d-----w- c:\users\laurie\appdata\local\AOL
2010-09-05 16:09:17 20715520 ----a-w- c:\windows\system32\imageres.dll
2010-09-05 16:08:01 -------- d-----w- c:\users\laurie\appdata\local\Broadcom
2010-09-05 16:07:58 -------- d-----w- c:\users\laurie\.migoDesktop
2010-09-05 16:06:29 -------- d-----w- C:\temp
2010-09-05 16:06:09 -------- d-----w- c:\users\laurie\appdata\roaming\hpqlog
2010-09-05 16:05:57 -------- d-----w- c:\users\laurie\appdata\local\Hewlett-Packard
2010-09-05 16:01:59 -------- d-----w- c:\users\laurie\appdata\roaming\HP TCS
2010-09-05 15:58:59 -------- d-sh--w- C:\HPMBackup
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-11 15:47:40 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-07-11 15:47:40 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-06-24 11:33:56 196416 ----a-w- c:\program files\common files\microsoft shared\windows live\SQMAPI.DLL
2010-06-24 11:33:56 18328 ----a-w- c:\progra~2\microsoft\identitycrl\production\ppcrlconfig600.dll
2010-04-19 19:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 19:47:42 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 09:49:08 503296 ----a-w- c:\program files\common files\microsoft shared\office11\USP10.DLL
2010-03-18 12:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-02-08 12:28:12 640296 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
2010-01-03 21:22:10 -------- d-----w- c:\users\laurie\appdata\local\Windows Live
2010-01-03 21:21:27 3181568 ----a-w- c:\windows\system32\mf.dll
2010-01-03 21:21:27 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-01-03 21:21:26 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-01-03 20:52:51 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-03 20:52:32 38848 ----a-w- c:\windows\avastSS.scr
2009-12-17 17:41:33 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2009-12-17 17:41:33 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2009-12-17 17:41:33 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2009-12-17 17:41:32 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2009-12-17 17:41:07 -------- d-----w- c:\program files\WIDCOMM
2009-12-17 17:39:49 -------- d--h--w- C:\dvmexp
2009-12-17 17:39:05 -------- d--h--w- C:\SPLASH.000
2009-12-17 17:38:09 -------- d--h--w- C:\SPLASH.SYS
2009-12-17 17:36:33 -------- d-----w- c:\program files\Downloaded Installations
2009-12-17 17:34:44 -------- d-----w- c:\progra~2\Stardock
2009-12-17 17:33:53 33760890 ----a-w- c:\windows\system32\Tord Screensaver Artist Version.scr
2009-12-17 17:33:19 -------- d-----w- c:\program files\common files\Stardock
2009-12-17 17:33:11 -------- dc-h--w- c:\progra~2\{B3CB1E70-1F79-49F2-AF4E-A1C8248D2B55}
2009-12-17 17:33:03 -------- d-----w- c:\program files\Stardock
2009-12-17 17:23:27 -------- d-----w- c:\progra~2\Recovery
2009-12-17 17:07:35 485888 ------w- c:\windows\system32\stapi32.dll
2009-12-17 17:07:10 61440 ----a-w- c:\windows\system32\aestaren.dll
2009-12-17 17:07:10 372736 ----a-w- c:\windows\system32\aestecap.dll
2009-12-17 17:07:09 138240 ----a-w- c:\windows\system32\aestacap.dll
2009-12-17 17:07:07 86016 ----a-w- c:\windows\system32\AESTCom.dll
2009-12-17 17:07:07 536576 ----a-w- c:\windows\system32\idtmini1.exe
2009-12-17 17:07:07 458844 ----a-w- c:\windows\sttray.exe
2009-12-17 17:07:07 3600384 ----a-w- c:\windows\system32\stlang.dll
2009-12-17 17:07:07 12021852 ----a-w- c:\windows\system32\idtcpl.cpl
2009-12-17 17:07:02 -------- d-----w- c:\windows\system32\SRSLabs
2009-12-17 17:06:52 175616 ----a-w- c:\windows\system32\staco.dll
2009-12-17 17:04:57 408576 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-12-17 17:04:57 405504 ----a-w- c:\windows\system32\stcplx.dll
2009-12-17 17:04:56 914944 ----a-w- c:\windows\system32\stapo.dll
2009-12-17 17:04:31 -------- d-----w- c:\program files\IDT
2009-12-17 17:03:36 -------- d-----w- C:\Intel
2009-12-17 17:03:35 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-17 17:03:14 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2009-12-17 17:03:14 -------- d-----w- c:\windows\system32\sda
2009-12-17 17:03:00 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2009-12-17 17:03:00 167424 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2009-12-17 17:03:00 -------- d-----w- c:\program files\Realtek
2009-12-17 17:01:39 -------- d-----w- c:\program files\Synaptics
2009-12-17 17:01:09 -------- d-----w- c:\windows\system32\Atheros_L1e
2009-12-17 16:57:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-12-17 16:57:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2009-12-17 16:57:58 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2009-12-17 16:57:57 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-12-17 16:57:57 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-12-17 16:57:56 -------- d-----w- c:\program files\Broadcom
2009-10-24 02:11:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-10-24 01:39:34 -------- d---a-r- c:\program files\Tord Boontje Studio
2009-10-24 01:29:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-24 01:19:11 -------- d-----w- c:\program files\Seesmic Social Networking
2009-10-24 00:24:33 -------- d-----w- c:\program files\HP Games
2009-10-24 00:24:32 -------- d-----w- c:\progra~2\WildTangent
2009-10-24 00:24:32 -------- d-----r- c:\program files\Online Services
2009-10-24 00:19:50 -------- d--h--w- C:\HP
2009-10-24 00:10:39 -------- d-----w- c:\program files\HP
2009-10-23 23:56:56 -------- d-----w- c:\progra~2\Norton
2009-10-23 23:56:08 -------- d-----w- c:\progra~2\NortonInstaller
2009-10-23 23:44:05 -------- d-----w- c:\windows\PCHEALTH
2009-10-23 23:43:56 -------- d-sh--w- c:\windows\Installer
2009-10-23 23:43:09 140066664 ----a-w- c:\program files\common files\windows live\.cache\wlc3A41.tmp
2009-10-23 23:42:54 -------- d-----w- c:\program files\common files\Windows Live
2009-10-23 23:40:42 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2009-10-23 23:40:42 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2009-10-23 23:40:41 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2009-10-23 23:40:41 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2009-10-23 23:40:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2009-10-23 23:40:41 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2009-10-23 23:40:41 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2009-10-23 23:40:40 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2009-09-23 18:30:50 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2009-09-23 18:30:50 672792 ----a-w- c:\windows\system32\igfxcfg.exe
2009-09-23 18:30:48 252952 ----a-w- c:\windows\system32\igfxsrvc.exe
2009-09-23 18:30:48 173592 ----a-w- c:\windows\system32\hkcmd.exe
2009-09-23 18:30:48 173080 ----a-w- c:\windows\system32\igfxext.exe
2009-09-23 18:30:48 150552 ----a-w- c:\windows\system32\igfxpers.exe
2009-09-23 18:30:48 141848 ----a-w- c:\windows\system32\igfxtray.exe
2009-09-23 18:27:44 155648 ----a-w- c:\windows\system32\igfxCoIn_v1930.dll
2009-09-23 18:18:14 4808192 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2009-09-23 18:18:08 3829760 ----a-w- c:\windows\system32\igdumd32.dll
2009-09-23 17:58:38 2686976 ----a-w- c:\windows\system32\ig4dev32.dll
2009-09-23 17:58:12 4104192 ----a-w- c:\windows\system32\ig4icd32.dll
2009-09-23 17:49:42 257536 ----a-w- c:\windows\system32\igfxTMM.dll
2009-09-23 17:49:42 199680 ----a-w- c:\windows\system32\igfxpph.dll
2009-09-23 17:49:38 59392 ----a-w- c:\windows\system32\oemdspif.dll
2009-09-23 17:49:36 23552 ----a-w- c:\windows\system32\igfxexps.dll
2009-09-23 17:49:34 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
2009-09-23 17:49:24 51712 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-09-23 17:49:10 130048 ----a-w- c:\windows\system32\igfxdo.dll
2009-09-23 17:49:04 94208 ----a-w- c:\windows\system32\hccutils.dll
2009-09-23 17:49:00 218112 ----a-w- c:\windows\system32\igfxdev.dll
2009-09-23 17:48:52 5702656 ----a-w- c:\windows\system32\igfxress.dll
2009-09-23 17:48:52 275968 ----a-w- c:\windows\system32\igfxrenu.lrc
2009-07-24 17:00:10 -------- d-----w- c:\windows\Panther
2009-07-24 16:59:55 -------- d-sh--w- C:\boot
2009-07-24 16:11:17 -------- d-----w- c:\windows\system32\wbem\Performance
2009-07-24 16:06:36 -------- d-sh--w- C:\Recovery
2009-07-16 23:12:44 -------- d--h--w- C:\SYSTEM.SAV
2009-07-16 23:12:44 -------- d-----w- C:\SwSetup
2009-07-14 17:53:52 569344 ----a-w- c:\windows\system32\InstantWebConfTool.cpl
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\winrm
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\WCN
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\slmgr
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\en
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\drivers\en-US
2009-07-14 04:56:48 -------- d-----w- c:\windows\system32\0409
2009-07-14 04:56:48 -------- d-----w- c:\windows\en-US
2009-07-14 04:56:48 -------- d-----w- c:\windows\DigitalLocker
2009-07-14 04:56:47 -------- d-----w- c:\windows\system32\wbem\en-US
2009-07-14 04:56:47 -------- d-----w- c:\windows\system32\Printing_Admin_Scripts
2009-07-14 04:55:08 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\en-us\LXKPTPRC.DLL.mui
2009-07-14 04:53:55 -------- d-sh--we C:\Documents and Settings
2009-07-14 04:53:50 -------- d-----w- c:\windows\system32\wbem\mof\good
2009-07-14 04:53:50 -------- d-----w- c:\windows\system32\wbem\mof\bad
2009-07-14 04:41:11 -------- d-----w- c:\windows\system32\wbem\MOF
2009-07-14 04:34:16 -------- d-----w- c:\windows\Setup
2009-07-14 04:34:13 -------- d-----w- c:\windows\ServiceProfiles
2009-07-14 04:34:06 -------- d-s---w- c:\windows\system32\Microsoft
.
==================== Find3M ====================
.
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-23 14:57:34 1243704 ----a-w- c:\windows\help\oem\scripts\HPSAUpgrade.exe
2010-11-17 14:29:06 55864 ----a-w- c:\windows\help\oem\scripts\HPSAUpdaterObj.exe
2010-10-27 13:28:46 11320 ----a-w- c:\windows\help\oem\scripts\HPSARedirectorLauncher.exe
2010-10-27 04:43:38 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-27 04:43:37 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-09-23 17:52:20 279040 ----a-w- c:\windows\system32\igfxrtrk.lrc
2009-08-14 10:22:02 20744 ----a-w- c:\windows\help\oem\scripts\checkMui.dll
2009-07-14 01:26:21 249408 ----a-w- c:\windows\system32\clfs.sys
2009-07-14 01:26:15 2217536 ----a-w- c:\windows\system32\bootres.dll
2009-07-14 01:26:15 21584 ----a-w- c:\windows\system32\BOOTVID.DLL
2009-07-14 01:24:31 1073152 ----a-w- c:\windows\system32\Narrator.exe
2009-07-14 01:23:21 5070848 ----a-w- c:\windows\system32\AuthFWSnapin.dll
2009-07-14 01:22:23 107008 ----a-w- c:\windows\system32\NAPHLPR.DLL
2009-07-14 01:22:14 46080 ----a-w- c:\windows\system32\NAPCRYPT.DLL
2009-07-14 01:20:43 91728 ----a-w- c:\windows\system32\MigAutoPlay.exe
2009-07-14 01:20:36 470608 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-07-14 01:20:36 31824 ----a-w- c:\windows\system32\mcupdate_AuthenticAMD.dll
2009-07-14 01:20:36 17488 ----a-w- c:\windows\system32\kdusb.dll
2009-07-14 01:20:36 16960 ----a-w- c:\windows\system32\kd1394.dll
2009-07-14 01:20:36 15952 ----a-w- c:\windows\system32\kdcom.dll
2009-07-14 01:20:28 194640 ----a-w- c:\windows\system32\halmacpi.dll
2009-07-14 01:20:28 137296 ----a-w- c:\windows\system32\halacpi.dll
2009-07-14 01:20:07 126976 ----a-w- c:\windows\system32\AuthFWWizFwk.dll
2009-07-14 01:19:10 22096 ----a-w- c:\windows\system32\streamci.dll
2009-07-14 01:19:03 52816 ----a-w- c:\windows\system32\PSHED.DLL
2009-07-14 01:17:54 690888 ----a-w- c:\windows\system32\ci.dll
2009-07-14 01:17:54 271864 ----a-w- c:\windows\system32\fveapi.dll
2009-07-14 01:17:54 249680 ----a-w- c:\windows\system32\bcryptprimitives.dll
2009-07-14 01:17:54 242936 ----a-w- c:\windows\system32\rsaenh.dll
2009-07-14 01:17:54 156728 ----a-w- c:\windows\system32\dssenh.dll
2009-07-14 01:17:54 102448 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
2009-07-14 01:17:51 143936 ----a-w- c:\windows\system32\basecsp.dll
2009-07-14 01:15:52 6656 ----a-w- c:\windows\system32\mtxex.dll
2009-07-14 01:14:59 9216 ----a-w- c:\windows\system32\bitsprx4.dll
2009-07-14 01:11:27 54272 ----a-w- c:\windows\system32\WsmRes.dll
2009-07-14 01:11:26 4608 ----a-w- c:\windows\system32\ws2help.dll
2009-07-14 01:11:09 5120 ----a-w- c:\windows\system32\wmi.dll
2009-07-14 01:11:09 2048 ----a-w- c:\windows\system32\wmerror.dll
2009-07-14 01:11:09 2048 ----a-w- c:\windows\system32\wbem\WmiApRes.dll
2009-07-14 01:11:05 6656 ----a-w- c:\windows\system32\wbem\WinMgmtR.dll
2009-07-14 01:11:05 1536 ----a-w- c:\windows\system32\winrsmgr.dll
2009-07-14 01:11:04 669184 ----a-w- c:\windows\system32\WFSR.dll
2009-07-14 01:10:56 2560 ----a-w- c:\windows\system32\uxlibres.dll
2009-07-14 01:10:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-07-14 01:10:47 108544 ----a-w- c:\windows\system32\tapiui.dll
2009-07-14 01:10:37 7168 ----a-w- c:\windows\system32\spwizres.dll
2009-07-14 01:10:36 8338432 ----a-w- c:\windows\system32\spwizimg.dll
2009-07-14 01:10:22 5120 ----a-w- c:\windows\system32\setupetw.dll
2009-07-14 01:10:22 2560 ----a-w- c:\windows\system32\sfc.dll
2009-07-14 01:10:13 68608 ----a-w- c:\windows\system32\nlsbres.dll
2009-07-14 01:08:59 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2009-07-14 01:07:56 2048 ----a-w- c:\windows\system32\netmsg.dll
2009-07-14 01:07:56 2048 ----a-w- c:\windows\system32\neth.dll
2009-07-14 01:07:56 18944 ----a-w- c:\windows\system32\netevent.dll
2009-07-14 01:07:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-07-14 01:07:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-07-14 01:07:19 60928 ----a-w- c:\windows\system32\msvcrt40.dll
2009-07-14 01:07:16 268800 ----a-w- c:\windows\system32\msshavmsg.dll
2009-07-14 01:07:15 8192 ----a-w- c:\windows\system32\msorc32r.dll
2009-07-14 01:07:15 2048 ----a-w- c:\windows\system32\msprivs.dll
2009-07-14 01:07:14 60416 ----a-w- c:\windows\system32\msobjs.dll
2009-07-14 01:07:12 4608 ----a-w- c:\windows\system32\msidntld.dll
2009-07-14 01:07:12 25088 ----a-w- c:\windows\system32\msimsg.dll
2009-07-14 01:05:46 3072 ----a-w- c:\windows\system32\icmp.dll
2009-07-14 01:05:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-14 01:05:30 925184 ----a-w- c:\windows\system32\FXSRESM.dll
2009-07-14 01:05:30 7680 ----a-w- c:\windows\system32\FXSEVENT.dll
2009-07-14 01:05:30 34816 ----a-w- c:\windows\system32\FXSCOMPOSERES.dll
2009-07-14 01:04:52 2560 ----a-w- c:\windows\system32\dpnlobby.dll
2009-07-14 01:04:52 2048 ----a-w- c:\windows\system32\dpnaddr.dll
2009-07-14 01:04:51 51200 ----a-w- c:\windows\system32\DocumentPerformanceEvents.dll
2009-07-14 01:04:51 372224 ----a-w- c:\windows\system32\dmdskres.dll
2009-07-14 01:04:51 2048 ----a-w- c:\windows\system32\dmdskres2.dll
2009-07-14 01:04:30 1297408 ----a-w- c:\windows\system32\comres.dll
2009-07-14 01:04:20 514048 ----a-w- c:\windows\system32\shellstyle.dll
2009-07-14 01:04:08 6214144 ----a-w- c:\windows\system32\CardGames.dll
2009-07-14 01:04:07 2048 ----a-w- c:\windows\system32\bridgeres.dll
2009-07-14 01:04:06 2560 ----a-w- c:\windows\system32\bootstr.dll
2009-07-14 01:04:05 2048 ----a-w- c:\windows\system32\blbres.dll
2009-07-14 01:04:04 52224 ----a-w- c:\windows\system32\BlbEvents.dll
2009-07-14 00:12:10 40960 ----a-w- c:\windows\system32\cliconfg.rll
2009-07-14 00:12:07 106496 ----a-w- c:\windows\system32\sqlsrv32.rll
.
============= FINISH: 13:08:17.18 ===============
-
Here is the "Attach" DDS log as it would not fit in my previous post:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 05/09/2010 16:56:46
System Uptime: 10/03/2009 13:00:39 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 308F
Processor: Intel(R) Atom(TM) CPU N280 @ 1.66GHz | CPU 1 | 1316/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 165.719 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.846 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&19BEFD6&0&30694BAD36D0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&19BEFD6&0&30694BAD36D0_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&19BEFD6&0&30694B2E7FA6_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&19BEFD6&0&30694B2E7FA6_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&19BEFD6&0&30694BAD36D0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&19BEFD6&0&30694BAD36D0_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&19BEFD6&0&30694B2E7FA6_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&19BEFD6&0&30694B2E7FA6_C00000000
Service:
.
==== System Restore Points ===================
.
RP109: 09/03/2009 23:48:32 - Windows Defender Checkpoint
RP110: 09/03/2009 23:53:56 - Restore Operation
RP93: 05/02/2011 03:10:02 - Windows Update
RP94: 08/02/2011 17:31:59 - Windows Update
RP95: 15/02/2011 13:09:27 - Windows Update
RP96: 17/02/2011 13:55:03 - HPSF Applying updates
RP97: 18/02/2011 11:27:56 - Windows Update
RP98: 18/02/2011 16:40:20 - Windows Update
RP99: 22/02/2011 18:05:10 - Windows Update
RP100: 23/02/2011 03:00:15 - Windows Update
RP101: 25/02/2011 20:42:45 - Windows Update
RP102: 01/03/2011 14:59:01 - Windows Update
RP103: 04/03/2011 14:42:20 - Windows Update
RP104: 09/03/2011 15:14:22 - Windows Update
RP105: 09/03/2011 15:53:45 - Windows Update
RP106: 11/03/2011 15:36:28 - Windows Update
RP107: 11/03/2011 15:46:06 - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.1 MUI
Adobe Shockwave Player
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 3
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CyberLink DVD Suite
D3DX10
Google Chrome
Google Talk (remove only)
HP Customer Experience Enhancements
HP Games
HP Instant Web
HP Integrated Module with Bluetooth wireless technology
HP QuickSync
HP Setup
HP Support Assistant
HP Update
HP User Guides 0166
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 14
LogonStudio
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
MSVCRT
Power2Go
PowerRecover
QuickTime
Realtek USB 2.0 Card Reader
Seesmic Social Networking
Skype Toolbars
Skype™ 4.2
SPIF225 USB to SATA Bridge 98 Driver Installer
Spotify
Stardock MyColors
SUPERAntiSpyware
Synaptics Pointing Device Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10/03/2011 19:29:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
10/03/2009 13:03:35, Error: Schannel [36888] - The following fatal alert was generated: 45. The internal error state is 552.
10/03/2009 13:03:35, Error: Schannel [36881] - The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.
10/03/2009 13:01:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/03/2009 11:51:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/03/2009 05:39:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
10/03/2009 00:48:22, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5E500175-FCEB-4156-BAA9-E0DDA3A9CF61} because another computer on the network has the same name. The server could not start.
10/03/2009 00:48:22, Error: NetBT [4321] - The name "LAURIE-PC :20" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
10/03/2009 00:48:17, Error: NetBT [4321] - The name "LAURIE-PC :0" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
-
Please read here for more information about WildTangent (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-spyware-6472). Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driveror anything related to WildTangent.
*************************************************
P2P - I see you have P2P software installed on your machine (µTorrent ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
I could not find a WildTangent program, however I uninstalled uTorrent. Thanks!
Here are the logs:
SecurityCheck
Results of screen317's Security Check version 0.99.9
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Adobe Flash Player 10.2.152.32
Adobe Reader 9.1 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Common Files Microsoft Shared Windows Live AvastSvc.exe -?-
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````
ComboFix
ComboFix 11-03-16.01 - Laurie 16/03/2011 20:29:27.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1015.216 [GMT 0:00]
Running from: c:\users\Laurie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HP\HPBTWD.exe
c:\users\Laurie\AppData\Roaming\Local
c:\users\Laurie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Laurie\AppData\Roaming\Local\Temp\DDM\Settings\jqoidhyfpqow.avi.ddr
c:\users\Laurie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Laurie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\jqoidhyfpqow.avi.ddp
.
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
.
2011-03-16 20:48 . 2011-03-16 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 22:31 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B5F5CEC-02C9-4B40-BD0C-C1A3666DE7D3}\mpengine.dll
2011-03-15 20:58 . 2011-03-15 20:58 388096 ----a-r- c:\users\Laurie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-15 20:58 . 2011-03-15 20:58 -------- d-----w- c:\program files\Trend Micro
2011-03-15 20:45 . 2011-03-15 20:45 -------- d-----w- c:\program files\Common Files\Java
2011-03-15 20:45 . 2011-02-02 21:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-15 20:45 . 2011-02-02 21:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-15 20:41 . 2011-03-15 20:41 -------- d-----w- c:\programdata\McAfee
2011-03-15 17:58 . 2011-03-15 17:58 -------- d-----w- c:\program files\CCleaner
2011-03-12 23:26 . 2009-03-10 12:56 -------- d-----w- c:\programdata\kFfLcFo06300
2011-03-09 15:25 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 15:25 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 15:25 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 15:25 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 15:25 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:25 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:25 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:25 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:25 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-02-23 03:01 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-22 18:07 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 18:07 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-15 13:19 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 15:10 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 17:11 . 2010-09-05 17:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-31 20:06 . 2010-01-03 20:52 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-01-03 20:52 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-01-03 20:52 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-01-03 20:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:56 . 2010-01-03 20:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-01-03 20:52 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-31 19:56 . 2010-01-03 20:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-20 18:09 . 2009-03-10 03:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-03-10 03:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-12 136176]
"googletalk"="c:\users\Laurie\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-6 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]
Stardock MyColors.lnk - c:\program files\Stardock\MyColors\SDDelayedLaunch.exe [2009-6-9 8960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-10-14 1389944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R4 Erisorvr_wor;Erisorvr_wor;c:\windows\system32\DeviceEject.exe [2009-07-14 26112]
S1 aswSP;aswSP;
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758040321-2433826461-1242790299-1000Core.job
- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 18:37]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758040321-2433826461-1242790299-1000UA.job
- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\zgs32r34.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-16 20:54:09
ComboFix-quarantined-files.txt 2011-03-16 20:54
.
Pre-Run: 179,746,791,424 bytes free
Post-Run: 179,667,550,208 bytes free
.
- - End Of File - - EFE85712CDFD622DB89E8D6C1CFC850F
HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:55, on 16/03/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Laurie\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Stardock MyColors.lnk = C:\Program Files\Stardock\MyColors\SDDelayedLaunch.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe
--
End of file - 8932 bytes
-
I could not find a WildTangent program
I believe it's bundled with HP games
Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Thanks, I found and uninstalled the WildTangent program, and uninstalled my old version of Reader and downloaded the new one.
While scanning, SysProt said there was an error scanning the SSDT but here is the log:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 80E8F000
Module End: 80F69000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 80F69000
Module End: 80F7A000
Hidden: Yes
Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: A8D2A000
Module End: A8D2C000
Hidden: Yes
Module Name: \??\C:\Users\Laurie\AppData\Local\Temp\catchme.sys
Service Name: catchme
Module Base: A8D2C000
Module End: A8D34000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ObMakeTemporaryObject
At Address: 81C432CB
Jump To: 8A03611E
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Hooked Function: ObInsertObject
At Address: 81C5D003
Jump To: 8A037BD0
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache
Status: Access denied
Object: C:\Users\Laurie\Pictures\pictures\•??•? JaCk “Pa?ddy“ ?•? ?.jpg
Status: Hidden
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi, sorry i've been away for a bit, i've downloaded it but it says the antivirus software windows defender might effect the scan, should i turn it off? Also, should i uncheck the box that says 'remove threats'/should i check the box that says 'scan archives'? thanks
-
Hi, sorry i've been away for a bit, i've downloaded it but it says the antivirus software windows defender might effect the scan, should i turn it off? Also, should i uncheck the box that says 'remove threats'/should i check the box that says 'scan archives'? thanks
Yes, please turn it off while you're running the scan and also leave the checkmark in "remove threats" and check "scan archives"
-
Here is the report:
C:\Users\Laurie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5099711e-173a686c Java/TrojanDownloader.OpenConnection.AA trojan deleted - quarantined
Did you want the log file too? Thanks
-
Did you want the log file too? Thanks
No. That's ok. If there are no other issues, it's time for some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
****************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Okay thank you, all done. For future reference, I'm the only user on my laptop so is it important I always run these spyware programs as administrator? Thanks
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.