boothby
2010-12-07, 18:43
Hi,
I have Virtumonde, I previous made a post about it and I was asking to backup my registry, post the DDS log and after doing so start a new topic. A link to the post is below.
http://forums.spybot.info/showthread.php?p=390435#post390435
My DDS log is
DDS (Ver_10-12-05.01) - NTFSx86
Run by lou at 17:32:41.07 on 07/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.1756 [GMT 0:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET Smart Security 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\CNYHKey.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\lou\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\tbNCH_.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\tbNCH_.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - scriptproxy
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\tbNCH_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [CHotkey] mHotkey.exe
mRun: [ledpointer] CNYHKey.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
StartupFolder: c:\users\lou\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bwmete~1.lnk - c:\program files\bandwidthmeterpro\BWMeterPro.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\utorrent.lnk - c:\program files\utorrent\uTorrent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\lou\appdata\roaming\mozilla\firefox\profiles\8czjsvj5.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-6 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-6 112592]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2010-12-4 540776]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-12-4 352856]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-10-1 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-6 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-19 1153368]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2010-6-30 33792]
R3 TASCAM_US1641;TASCAM US-1641 Audio Device driver;c:\windows\system32\drivers\tus1641u.sys [2009-11-26 397888]
R3 TASCAM_US1641_MIDI;TASCAM US-1641 WDM MIDI Device;c:\windows\system32\drivers\tus1641m.sys [2009-11-26 26688]
R3 TASCAM_US1641_WDM;TASCAM US-1641 WDM;c:\windows\system32\drivers\tus1641a.sys [2009-11-26 39488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-25 136176]
S2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe --> c:\progra~1\mcafee\msc\mcpromgr.exe [?]
S2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2010-12-4 248416]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-12-4 71496]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-12-4 34184]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-12-4 170408]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2010-12-4 32008]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2010-12-4 37480]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-6 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-6 1142224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2010-12-07 15:07:28 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e13c25c5-8962-4ff0-a6f3-02130ea8bd02}\mpengine.dll
2010-12-07 09:43:17 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-07 09:38:26 -------- d-----w- c:\users\lou\appdata\local\temp
2010-12-07 09:29:59 98816 ----a-w- c:\windows\sed.exe
2010-12-07 09:29:59 89088 ----a-w- c:\windows\MBR.exe
2010-12-07 09:29:59 256512 ----a-w- c:\windows\PEV.exe
2010-12-07 09:29:59 161792 ----a-w- c:\windows\SWREG.exe
2010-12-07 08:51:02 -------- d-----w- c:\users\lou\appdata\roaming\Malwarebytes
2010-12-07 08:50:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 08:50:53 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-07 08:50:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 08:50:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 22:35:16 -------- d-----w- c:\users\lou\appdata\roaming\ESET
2010-12-06 22:19:49 -------- d-----w- C:\VundoFix Backups
2010-12-06 18:31:08 -------- d-----w- c:\users\lou\appdata\roaming\SUPERAntiSpyware.com
2010-12-06 18:31:08 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-06 18:31:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-06 18:13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-06 18:13:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-06 18:13:54 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-06 18:13:54 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-06 18:11:58 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 18:11:58 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 18:11:48 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 18:11:48 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 18:11:37 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 18:11:16 -------- d-----w- c:\users\lou\appdata\roaming\PC Tools
2010-12-06 18:11:16 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 18:11:16 -------- d-----w- c:\progra~2\PC Tools
2010-12-06 06:05:13 -------- d-----w- c:\users\lou\appdata\roaming\Registry Mechanic
2010-12-06 02:39:43 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-06 02:39:43 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-12-06 02:39:43 506368 ----a-w- c:\windows\system32\msxml.dll
2010-12-06 02:39:43 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-06 02:39:43 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-06 02:39:43 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-06 02:39:33 -------- d-----w- c:\program files\common files\PC Tools
2010-12-06 02:38:23 -------- d-----w- C:\$AVG
2010-12-06 00:26:58 -------- d-----w- c:\users\lou\appdata\roaming\AVG10
2010-12-06 00:25:34 -------- d--h--w- c:\progra~2\Common Files
2010-12-06 00:24:29 -------- d-----w- c:\progra~2\AVG10
2010-12-06 00:23:51 -------- d-----w- c:\program files\AVG
2010-12-05 23:18:58 -------- d-----w- c:\progra~2\Applications
2010-12-05 23:09:26 -------- d-----w- c:\progra~2\MFAData
2010-12-04 17:25:32 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-12-04 17:08:27 37480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-12-04 17:08:27 32008 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-12-04 17:08:26 34184 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-12-04 17:08:25 170408 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-12-04 17:08:24 71496 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-12-04 17:08:11 107608 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-12-04 17:07:42 -------- d-----w- c:\program files\common files\McAfee
2010-12-04 11:55:11 -------- d-----w- c:\users\lou\appdata\local\ElevatedDiagnostics
2010-12-03 15:42:27 -------- d-----w- c:\program files\Toontrack
2010-12-02 08:51:54 -------- d-----w- c:\program files\Paradox Interactive
2010-11-26 16:17:44 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-11-26 16:17:21 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-11-26 16:17:21 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-11-26 16:17:21 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-11-26 16:17:21 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-11-26 16:17:21 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-11-26 16:17:21 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-11-26 16:17:21 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-11-26 16:17:21 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-11-26 16:17:21 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-11-24 22:17:16 -------- d-----w- c:\program files\Calibre2
2010-11-23 19:54:36 747 ----a-w- c:\windows\LedHKey.reg
2010-11-23 19:54:36 532992 ----a-w- c:\windows\CNYHKey.exe
2010-11-23 19:54:36 524800 ----a-w- c:\windows\mHotkey.exe
2010-11-23 19:54:36 5120 ----a-w- c:\windows\HKCYDLL.dll
2010-11-23 19:54:36 49152 ----a-w- c:\windows\CNYUSB.dll
2010-11-23 19:54:36 11776 ----a-w- c:\windows\HIDMNT.dll
2010-11-23 19:54:36 -------- d-----w- c:\program files\USB Wireless Keyboard Driver Ver1.2
2010-11-18 17:53:44 -------- d-----w- C:\df
2010-11-18 17:52:56 -------- d-----w- C:\bab
2010-11-18 17:51:39 72192 ----a-w- c:\windows\unlite3.exe
2010-11-18 17:51:38 -------- d-----w- c:\program files\Bradbury
2010-11-18 17:50:33 -------- d-----w- c:\program files\LogiXML IES Dev
2010-11-18 17:21:42 -------- d-----w- c:\program files\NCH Software
2010-11-18 17:21:38 -------- d-----w- c:\program files\Conduit
2010-11-18 17:21:34 -------- d-----w- c:\program files\ConduitEngine
2010-11-18 17:21:32 -------- d-----w- c:\program files\NCH_EN
2010-11-18 17:21:18 -------- d-----w- c:\program files\NCH Swift Sound
2010-11-14 03:12:57 -------- d-----w- c:\windows\system32\AGEIA
2010-11-12 15:14:14 -------- d-----w- c:\program files\Asteria
2010-11-10 18:46:29 -------- d-----w- c:\users\lou\appdata\roaming\Sports Interactive
2010-11-10 18:46:29 -------- d-----w- c:\users\lou\appdata\local\Sports Interactive
2010-11-10 18:39:21 -------- d--h--w- c:\users\lou\InstallAnywhere
2010-11-09 04:21:53 -------- d-----w- c:\users\lou\appdata\local\Apps
2010-11-09 04:21:52 -------- d-----w- c:\users\lou\appdata\local\Deployment
==================== Find3M ====================
2010-11-20 00:21:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-01 01:52:50 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-01 01:50:52 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-10-01 01:50:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
============= FINISH: 17:33:14.44 ===============
And heres 'Attach.txt'
http://www.megaupload.com/?d=HXVLJY49
Thank you in advance :)
I have Virtumonde, I previous made a post about it and I was asking to backup my registry, post the DDS log and after doing so start a new topic. A link to the post is below.
http://forums.spybot.info/showthread.php?p=390435#post390435
My DDS log is
DDS (Ver_10-12-05.01) - NTFSx86
Run by lou at 17:32:41.07 on 07/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.1756 [GMT 0:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET Smart Security 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\CNYHKey.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BandwidthMeterPro\BWMeterPro.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\lou\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\tbNCH_.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\tbNCH_.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - scriptproxy
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\tbNCH_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [CHotkey] mHotkey.exe
mRun: [ledpointer] CNYHKey.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
StartupFolder: c:\users\lou\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bwmete~1.lnk - c:\program files\bandwidthmeterpro\BWMeterPro.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\utorrent.lnk - c:\program files\utorrent\uTorrent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\lou\appdata\roaming\mozilla\firefox\profiles\8czjsvj5.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-6 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-6 112592]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2010-12-4 540776]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-12-4 352856]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-10-1 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-6 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-19 1153368]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2010-6-30 33792]
R3 TASCAM_US1641;TASCAM US-1641 Audio Device driver;c:\windows\system32\drivers\tus1641u.sys [2009-11-26 397888]
R3 TASCAM_US1641_MIDI;TASCAM US-1641 WDM MIDI Device;c:\windows\system32\drivers\tus1641m.sys [2009-11-26 26688]
R3 TASCAM_US1641_WDM;TASCAM US-1641 WDM;c:\windows\system32\drivers\tus1641a.sys [2009-11-26 39488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-25 136176]
S2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe --> c:\progra~1\mcafee\msc\mcpromgr.exe [?]
S2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2010-12-4 248416]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-12-4 71496]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-12-4 34184]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-12-4 170408]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2010-12-4 32008]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2010-12-4 37480]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-6 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-6 1142224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2010-12-07 15:07:28 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e13c25c5-8962-4ff0-a6f3-02130ea8bd02}\mpengine.dll
2010-12-07 09:43:17 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-07 09:38:26 -------- d-----w- c:\users\lou\appdata\local\temp
2010-12-07 09:29:59 98816 ----a-w- c:\windows\sed.exe
2010-12-07 09:29:59 89088 ----a-w- c:\windows\MBR.exe
2010-12-07 09:29:59 256512 ----a-w- c:\windows\PEV.exe
2010-12-07 09:29:59 161792 ----a-w- c:\windows\SWREG.exe
2010-12-07 08:51:02 -------- d-----w- c:\users\lou\appdata\roaming\Malwarebytes
2010-12-07 08:50:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 08:50:53 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-07 08:50:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 08:50:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 22:35:16 -------- d-----w- c:\users\lou\appdata\roaming\ESET
2010-12-06 22:19:49 -------- d-----w- C:\VundoFix Backups
2010-12-06 18:31:08 -------- d-----w- c:\users\lou\appdata\roaming\SUPERAntiSpyware.com
2010-12-06 18:31:08 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-06 18:31:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-06 18:13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-06 18:13:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-06 18:13:54 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-06 18:13:54 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-06 18:11:58 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 18:11:58 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 18:11:48 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 18:11:48 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 18:11:37 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 18:11:16 -------- d-----w- c:\users\lou\appdata\roaming\PC Tools
2010-12-06 18:11:16 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 18:11:16 -------- d-----w- c:\progra~2\PC Tools
2010-12-06 06:05:13 -------- d-----w- c:\users\lou\appdata\roaming\Registry Mechanic
2010-12-06 02:39:43 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-06 02:39:43 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-12-06 02:39:43 506368 ----a-w- c:\windows\system32\msxml.dll
2010-12-06 02:39:43 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-06 02:39:43 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-06 02:39:43 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-06 02:39:33 -------- d-----w- c:\program files\common files\PC Tools
2010-12-06 02:38:23 -------- d-----w- C:\$AVG
2010-12-06 00:26:58 -------- d-----w- c:\users\lou\appdata\roaming\AVG10
2010-12-06 00:25:34 -------- d--h--w- c:\progra~2\Common Files
2010-12-06 00:24:29 -------- d-----w- c:\progra~2\AVG10
2010-12-06 00:23:51 -------- d-----w- c:\program files\AVG
2010-12-05 23:18:58 -------- d-----w- c:\progra~2\Applications
2010-12-05 23:09:26 -------- d-----w- c:\progra~2\MFAData
2010-12-04 17:25:32 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-12-04 17:08:27 37480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-12-04 17:08:27 32008 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-12-04 17:08:26 34184 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-12-04 17:08:25 170408 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-12-04 17:08:24 71496 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-12-04 17:08:11 107608 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-12-04 17:07:42 -------- d-----w- c:\program files\common files\McAfee
2010-12-04 11:55:11 -------- d-----w- c:\users\lou\appdata\local\ElevatedDiagnostics
2010-12-03 15:42:27 -------- d-----w- c:\program files\Toontrack
2010-12-02 08:51:54 -------- d-----w- c:\program files\Paradox Interactive
2010-11-26 16:17:44 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-11-26 16:17:21 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-11-26 16:17:21 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-11-26 16:17:21 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-11-26 16:17:21 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-11-26 16:17:21 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-11-26 16:17:21 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-11-26 16:17:21 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-11-26 16:17:21 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-11-26 16:17:21 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-11-24 22:17:16 -------- d-----w- c:\program files\Calibre2
2010-11-23 19:54:36 747 ----a-w- c:\windows\LedHKey.reg
2010-11-23 19:54:36 532992 ----a-w- c:\windows\CNYHKey.exe
2010-11-23 19:54:36 524800 ----a-w- c:\windows\mHotkey.exe
2010-11-23 19:54:36 5120 ----a-w- c:\windows\HKCYDLL.dll
2010-11-23 19:54:36 49152 ----a-w- c:\windows\CNYUSB.dll
2010-11-23 19:54:36 11776 ----a-w- c:\windows\HIDMNT.dll
2010-11-23 19:54:36 -------- d-----w- c:\program files\USB Wireless Keyboard Driver Ver1.2
2010-11-18 17:53:44 -------- d-----w- C:\df
2010-11-18 17:52:56 -------- d-----w- C:\bab
2010-11-18 17:51:39 72192 ----a-w- c:\windows\unlite3.exe
2010-11-18 17:51:38 -------- d-----w- c:\program files\Bradbury
2010-11-18 17:50:33 -------- d-----w- c:\program files\LogiXML IES Dev
2010-11-18 17:21:42 -------- d-----w- c:\program files\NCH Software
2010-11-18 17:21:38 -------- d-----w- c:\program files\Conduit
2010-11-18 17:21:34 -------- d-----w- c:\program files\ConduitEngine
2010-11-18 17:21:32 -------- d-----w- c:\program files\NCH_EN
2010-11-18 17:21:18 -------- d-----w- c:\program files\NCH Swift Sound
2010-11-14 03:12:57 -------- d-----w- c:\windows\system32\AGEIA
2010-11-12 15:14:14 -------- d-----w- c:\program files\Asteria
2010-11-10 18:46:29 -------- d-----w- c:\users\lou\appdata\roaming\Sports Interactive
2010-11-10 18:46:29 -------- d-----w- c:\users\lou\appdata\local\Sports Interactive
2010-11-10 18:39:21 -------- d--h--w- c:\users\lou\InstallAnywhere
2010-11-09 04:21:53 -------- d-----w- c:\users\lou\appdata\local\Apps
2010-11-09 04:21:52 -------- d-----w- c:\users\lou\appdata\local\Deployment
==================== Find3M ====================
2010-11-20 00:21:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-01 01:52:50 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-01 01:50:52 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-10-01 01:50:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
============= FINISH: 17:33:14.44 ===============
And heres 'Attach.txt'
http://www.megaupload.com/?d=HXVLJY49
Thank you in advance :)