View Full Version : Click.GiftLoad removal help, DDS Log Posted
dwill60513
2011-03-30, 17:37
Sorry, I now have everything in order... can you help me in removing the Click.Giftload
_______________________________________________
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dave at 10:23:37.52 on Wed 03/30/2011
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1019 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\dllhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Web Page Maker\WebPageMaker.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://broadband.zoomtown.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Web Video Downloader] "c:\program files\sothink web video downloader stand-alone\VideoDownloader.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\dell\mediad~1\kernel\office\pptview\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\dell\mediad~1\kernel\office\pptview\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\shx0bqp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\dave\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-5 64288]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-4-10 20392]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl01e2028a;MpKsl01e2028a;c:\programdata\microsoft\microsoft antimalware\definition updates\{f64b1c59-3566-460d-bea0-55a2eab36aa2}\MpKsl01e2028a.sys [2011-3-30 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-25 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 DbgSvc;Debug Diagnostic Service;c:\program files\debugdiag\DbgSvc.exe [2007-1-16 316256]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-23 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-17 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-28 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-03-30 12:35:31 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{f64b1c59-3566-460d-bea0-55a2eab36aa2}\MpKsl01e2028a.sys
2011-03-29 19:34:21 -------- d-----w- c:\users\dave\appdata\roaming\SourceTec
2011-03-29 19:34:05 -------- d-----w- c:\program files\common files\SourceTec
2011-03-29 19:33:39 -------- d-----w- c:\program files\Sothink Web Video Downloader Stand-alone
2011-03-29 14:26:13 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-29 14:26:05 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{63fb66bd-cb5e-47fc-833f-5734e9ef69a6}\gapaengine.dll
2011-03-29 14:25:57 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-29 14:25:40 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{f64b1c59-3566-460d-bea0-55a2eab36aa2}\mpengine.dll
2011-03-29 14:15:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-28 15:20:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-28 13:10:58 -------- d-----w- c:\program files\VS Revo Group
2011-03-23 12:34:47 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 12:34:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:34:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-10 01:34:24 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 01:34:23 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 01:34:23 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 01:34:23 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 01:34:20 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 01:34:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 20:03:23 -------- d-----w- c:\users\dave\appdata\roaming\VTExtra
2011-03-04 20:00:37 -------- d-----w- c:\users\dave\appdata\local\VTShared
2011-03-04 20:00:31 -------- d-----w- c:\users\dave\appdata\local\EnglishHarbourCasino
.
==================== Find3M ====================
.
2011-03-14 19:57:06 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:25:13.59 ===============
Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply.
dwill60513
2011-04-01, 19:25
Here you go and thanks sooo much...
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-01 12:22:14
-----------------------------
12:22:14.766 OS Version: Windows 6.0.6002 Service Pack 2
12:22:14.767 Number of processors: 2 586 0xF0D
12:22:14.768 ComputerName: OFFICE UserName: Dave
12:22:53.731 Initialize success
12:22:56.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:22:56.965 Disk 0 Vendor: FUJITSU_ 0085 Size: 152627MB BusType: 3
12:22:56.971 Disk 0 MBR read successfully
12:22:56.974 Disk 0 MBR scan
12:22:56.980 Disk 0 scanning sectors +312578048
12:22:57.001 Disk 0 scanning C:\Windows\system32\drivers
12:23:05.769 Service scanning
12:23:07.079 Disk 0 trace - called modules:
12:23:07.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:23:07.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8543a030]
12:23:07.120 3 CLASSPNP.SYS[87ba58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a17030]
12:23:07.123 Scan finished successfully
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
dwill60513
2011-04-02, 00:23
dds log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dave at 17:14:43.74 on Fri 04/01/2011
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.868 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\dllhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\msdtc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Dave\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://broadband.zoomtown.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Web Video Downloader] "c:\program files\sothink web video downloader stand-alone\VideoDownloader.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\dell\mediad~1\kernel\office\pptview\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\dell\mediad~1\kernel\office\pptview\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\shx0bqp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\dave\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-5 64288]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-4-10 20392]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3bfdabf9;MpKsl3bfdabf9;c:\programdata\microsoft\microsoft antimalware\definition updates\{20cbb466-692e-4fea-8f86-6224289edee5}\MpKsl3bfdabf9.sys [2011-4-1 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-25 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 DbgSvc;Debug Diagnostic Service;c:\program files\debugdiag\DbgSvc.exe [2007-1-16 316256]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-23 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-17 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-28 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-04-01 21:00:54 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{20cbb466-692e-4fea-8f86-6224289edee5}\MpKsl3bfdabf9.sys
2011-04-01 20:58:23 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{20cbb466-692e-4fea-8f86-6224289edee5}\mpengine.dll
2011-04-01 20:56:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-01 20:56:49 -------- d-----w- c:\users\dave\appdata\local\temp
2011-04-01 20:37:50 98816 ----a-w- c:\windows\sed.exe
2011-04-01 20:37:50 89088 ----a-w- c:\windows\MBR.exe
2011-04-01 20:37:50 256512 ----a-w- c:\windows\PEV.exe
2011-04-01 20:37:50 161792 ----a-w- c:\windows\SWREG.exe
2011-03-29 19:34:21 -------- d-----w- c:\users\dave\appdata\roaming\SourceTec
2011-03-29 19:34:05 -------- d-----w- c:\program files\common files\SourceTec
2011-03-29 19:33:39 -------- d-----w- c:\program files\Sothink Web Video Downloader Stand-alone
2011-03-29 14:26:13 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-29 14:26:05 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{63fb66bd-cb5e-47fc-833f-5734e9ef69a6}\gapaengine.dll
2011-03-29 14:25:57 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-29 14:15:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-28 15:20:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-28 13:10:58 -------- d-----w- c:\program files\VS Revo Group
2011-03-23 12:34:47 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 12:34:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:34:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-10 01:34:24 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 01:34:23 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 01:34:23 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 01:34:23 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 01:34:20 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 01:34:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 20:03:23 -------- d-----w- c:\users\dave\appdata\roaming\VTExtra
2011-03-04 20:00:37 -------- d-----w- c:\users\dave\appdata\local\VTShared
2011-03-04 20:00:31 -------- d-----w- c:\users\dave\appdata\local\EnglishHarbourCasino
.
==================== Find3M ====================
.
2011-03-14 19:57:06 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 17:16:17.99 ===============
______________________________________________________
combofix.txt log:
ComboFix 11-04-01.01 - Dave 04/01/2011 16:39:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1225 [GMT -4:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\g2mdlhlpx.exe
c:\users\Dave\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-04-01 20:53 . 2011-04-01 20:53 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-04-01 12:38 . 2011-04-01 12:38 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{8C455ADF-4A7D-4FDF-BA46-0D5CC7097DE3}\MpKsl9ded0e4e.sys
2011-04-01 12:38 . 2011-03-15 01:05 6792528 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{8C455ADF-4A7D-4FDF-BA46-0D5CC7097DE3}\mpengine.dll
2011-03-30 14:21 . 2011-03-30 14:21 -------- d-----w- c:\program files\ERUNT
2011-03-29 19:34 . 2011-03-29 19:34 -------- d-----w- c:\users\Dave\AppData\Roaming\SourceTec
2011-03-29 19:34 . 2011-03-29 19:34 -------- d-----w- c:\program files\Common Files\SourceTec
2011-03-29 19:33 . 2011-03-29 19:33 -------- d-----w- c:\program files\Sothink Web Video Downloader Stand-alone
2011-03-29 14:26 . 2011-03-29 14:24 439632 ------w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-29 14:26 . 2011-03-29 14:24 439632 ------w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{63FB66BD-CB5E-47FC-833F-5734E9EF69A6}\gapaengine.dll
2011-03-29 14:25 . 2011-03-15 01:05 6792528 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-29 14:15 . 2011-03-29 14:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-28 15:20 . 2011-03-28 15:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-28 13:10 . 2011-03-28 13:10 -------- d-----w- c:\program files\VS Revo Group
2011-03-23 12:34 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:34 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:34 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-10 01:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 01:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 01:34 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 01:34 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 01:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 01:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 20:03 . 2011-03-04 20:06 -------- d-----w- c:\users\Dave\AppData\Roaming\VTExtra
2011-03-04 20:00 . 2011-03-04 20:03 -------- d-----w- c:\users\Dave\AppData\Local\VTShared
2011-03-04 20:00 . 2011-03-04 20:02 -------- d-----w- c:\users\Dave\AppData\Local\EnglishHarbourCasino
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 19:57 . 2009-04-16 21:05 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-01-20 16:37 . 2011-02-09 08:48 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 08:48 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 08:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 08:48 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 08:48 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 08:48 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 08:48 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 08:48 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 08:48 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 08:48 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 08:48 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 08:48 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 08:48 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 08:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 08:48 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 08:48 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 08:48 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 08:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 08:48 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 08:48 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 08:48 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 08:48 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 08:48 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 08:48 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 08:48 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-09 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 08:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-18 17:53 . 2011-03-28 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Web Video Downloader"="c:\program files\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [2010-11-11 5387608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55 50520 ----a-w- c:\users\Dave\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD or CD Sharing]
2008-02-21 01:10 619832 ----a-w- c:\program files\DVD or CD Sharing\ODSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 21:14 133104 ----atw- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 21:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-12-12 04:35 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
R1 MpKsl01e2028a;MpKsl01e2028a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F64B1C59-3566-460D-BEA0-55A2EAB36AA2}\MpKsl01e2028a.sys [x]
R1 MpKsl85925626;MpKsl85925626;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF66AE33-8869-4152-98DD-67014400B098}\MpKsl85925626.sys [x]
R1 MpKslffd59198;MpKslffd59198;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3FC9DB2-2937-48AE-90A1-E76570BAE064}\MpKslffd59198.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Aldebaran;Aldebaran - Storage Filter Drivers;c:\windows\system32\Drivers\Aldebaran.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 MpKsl9ded0e4e;MpKsl9ded0e4e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C455ADF-4A7D-4FDF-BA46-0D5CC7097DE3}\MpKsl9ded0e4e.sys [2011-04-01 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [2007-01-16 316256]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-12 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL9DED0E4E
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087515188-20942962-1641699201-1000Core1cb6fb1c6c3d42d.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 21:14]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087515188-20942962-1641699201-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 21:14]
.
2009-11-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-03-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2009-11-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-03-10 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2010-10-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-16 04:35]
.
2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{444E6A6C-6AAC-4FFC-9F9B-ED6104AA48E1}.job
- c:\windows\system32\msfeedssync.exe [2011-03-28 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://broadband.zoomtown.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\shx0bqp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 16:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-01 16:56:47
ComboFix-quarantined-files.txt 2011-04-01 20:56
.
Pre-Run: 67,958,104,064 bytes free
Post-Run: 67,892,518,912 bytes free
.
- - End Of File - - 5456AC76F8FE07D256106AEBC3425D78
____________________________________________________
Dave
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
dwill60513
2011-04-02, 17:02
2011/04/02 09:59:50.0427 3916 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 09:59:50.0645 3916 ================================================================================
2011/04/02 09:59:50.0646 3916 SystemInfo:
2011/04/02 09:59:50.0646 3916
2011/04/02 09:59:50.0646 3916 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/02 09:59:50.0646 3916 Product type: Workstation
2011/04/02 09:59:50.0646 3916 ComputerName: OFFICE
2011/04/02 09:59:50.0646 3916 UserName: Dave
2011/04/02 09:59:50.0646 3916 Windows directory: C:\Windows
2011/04/02 09:59:50.0646 3916 System windows directory: C:\Windows
2011/04/02 09:59:50.0646 3916 Processor architecture: Intel x86
2011/04/02 09:59:50.0646 3916 Number of processors: 2
2011/04/02 09:59:50.0646 3916 Page size: 0x1000
2011/04/02 09:59:50.0646 3916 Boot type: Normal boot
2011/04/02 09:59:50.0646 3916 ================================================================================
2011/04/02 09:59:51.0483 3916 Initialize success
2011/04/02 10:00:00.0295 3432 ================================================================================
2011/04/02 10:00:00.0295 3432 Scan started
2011/04/02 10:00:00.0295 3432 Mode: Manual;
2011/04/02 10:00:00.0295 3432 ================================================================================
2011/04/02 10:00:00.0886 3432 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/02 10:00:01.0003 3432 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/02 10:00:01.0083 3432 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/02 10:00:01.0146 3432 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/02 10:00:01.0251 3432 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/02 10:00:01.0356 3432 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/02 10:00:01.0426 3432 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/02 10:00:01.0488 3432 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/02 10:00:01.0608 3432 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/04/02 10:00:01.0710 3432 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/02 10:00:01.0769 3432 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/04/02 10:00:01.0819 3432 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/02 10:00:01.0874 3432 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/02 10:00:01.0974 3432 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/02 10:00:02.0126 3432 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/02 10:00:02.0203 3432 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
2011/04/02 10:00:02.0280 3432 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/02 10:00:02.0385 3432 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/02 10:00:02.0475 3432 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/02 10:00:02.0565 3432 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/04/02 10:00:02.0637 3432 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/02 10:00:02.0817 3432 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/02 10:00:02.0887 3432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/02 10:00:02.0954 3432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/02 10:00:03.0026 3432 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/02 10:00:03.0135 3432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/02 10:00:03.0211 3432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/02 10:00:03.0287 3432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/02 10:00:03.0349 3432 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/02 10:00:03.0573 3432 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/02 10:00:03.0651 3432 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/02 10:00:03.0748 3432 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/02 10:00:03.0835 3432 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/02 10:00:03.0934 3432 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/02 10:00:03.0992 3432 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/04/02 10:00:04.0035 3432 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/02 10:00:04.0108 3432 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/02 10:00:04.0178 3432 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/02 10:00:04.0286 3432 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/02 10:00:04.0383 3432 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/02 10:00:04.0475 3432 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/02 10:00:04.0566 3432 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/02 10:00:04.0693 3432 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/04/02 10:00:04.0809 3432 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/02 10:00:04.0915 3432 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/02 10:00:04.0979 3432 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/02 10:00:05.0127 3432 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/02 10:00:05.0215 3432 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
2011/04/02 10:00:05.0331 3432 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/02 10:00:05.0442 3432 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/02 10:00:05.0541 3432 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/02 10:00:05.0605 3432 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/02 10:00:05.0694 3432 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/02 10:00:05.0765 3432 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/02 10:00:05.0879 3432 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/02 10:00:05.0941 3432 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/02 10:00:06.0048 3432 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/02 10:00:06.0099 3432 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/02 10:00:06.0212 3432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/02 10:00:06.0296 3432 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/02 10:00:06.0406 3432 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/02 10:00:06.0526 3432 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/02 10:00:06.0591 3432 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/02 10:00:06.0661 3432 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/02 10:00:06.0730 3432 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/02 10:00:06.0825 3432 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/02 10:00:06.0958 3432 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/02 10:00:07.0039 3432 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/02 10:00:07.0146 3432 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/02 10:00:07.0259 3432 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/02 10:00:07.0326 3432 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/04/02 10:00:07.0419 3432 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/02 10:00:07.0527 3432 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/02 10:00:07.0643 3432 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/02 10:00:07.0719 3432 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/02 10:00:07.0801 3432 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/02 10:00:07.0940 3432 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/02 10:00:08.0012 3432 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/02 10:00:08.0088 3432 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/02 10:00:08.0162 3432 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/02 10:00:08.0283 3432 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/02 10:00:08.0350 3432 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/02 10:00:08.0428 3432 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/02 10:00:08.0509 3432 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/02 10:00:08.0587 3432 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/02 10:00:08.0692 3432 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/02 10:00:08.0944 3432 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/02 10:00:09.0013 3432 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/02 10:00:09.0087 3432 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/02 10:00:09.0148 3432 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/02 10:00:09.0198 3432 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/02 10:00:09.0312 3432 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/02 10:00:09.0362 3432 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
2011/04/02 10:00:09.0447 3432 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/02 10:00:09.0501 3432 lvselsus (227e30912d5db820bde18418f5b9be01) C:\Windows\system32\DRIVERS\lvselsus.sys
2011/04/02 10:00:09.0789 3432 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/04/02 10:00:10.0112 3432 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/02 10:00:10.0181 3432 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/02 10:00:10.0268 3432 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/02 10:00:10.0379 3432 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/02 10:00:10.0458 3432 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/02 10:00:10.0508 3432 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/02 10:00:10.0580 3432 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/02 10:00:10.0741 3432 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/02 10:00:10.0827 3432 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/02 10:00:11.0049 3432 MpKsl638ad817 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7263DC82-978F-458C-AC70-12294C2333D4}\MpKsl638ad817.sys
2011/04/02 10:00:11.0348 3432 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/02 10:00:11.0430 3432 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/02 10:00:11.0500 3432 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/02 10:00:11.0595 3432 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/02 10:00:11.0720 3432 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/02 10:00:11.0803 3432 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/02 10:00:11.0868 3432 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/02 10:00:11.0990 3432 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/04/02 10:00:12.0097 3432 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/02 10:00:12.0206 3432 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/02 10:00:12.0279 3432 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/02 10:00:12.0358 3432 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/02 10:00:12.0478 3432 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/02 10:00:12.0565 3432 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/02 10:00:12.0646 3432 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/02 10:00:12.0741 3432 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/02 10:00:12.0835 3432 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/02 10:00:12.0897 3432 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/02 10:00:12.0955 3432 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/02 10:00:13.0016 3432 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/02 10:00:13.0093 3432 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/02 10:00:13.0197 3432 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/02 10:00:13.0285 3432 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/02 10:00:13.0341 3432 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/02 10:00:13.0387 3432 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/02 10:00:13.0460 3432 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/02 10:00:13.0619 3432 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/02 10:00:13.0737 3432 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/02 10:00:13.0880 3432 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/02 10:00:13.0963 3432 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/02 10:00:14.0054 3432 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/02 10:00:14.0204 3432 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/02 10:00:14.0241 3432 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/02 10:00:14.0571 3432 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/02 10:00:14.0891 3432 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/02 10:00:15.0008 3432 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/02 10:00:15.0107 3432 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/02 10:00:15.0298 3432 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/04/02 10:00:15.0436 3432 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/04/02 10:00:15.0532 3432 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/02 10:00:15.0687 3432 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/02 10:00:15.0790 3432 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/02 10:00:15.0862 3432 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/02 10:00:15.0951 3432 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\DRIVERS\PCI.SYS
2011/04/02 10:00:16.0046 3432 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/02 10:00:16.0141 3432 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/02 10:00:16.0254 3432 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/02 10:00:16.0484 3432 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/02 10:00:16.0568 3432 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/02 10:00:16.0662 3432 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/02 10:00:16.0810 3432 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/02 10:00:16.0949 3432 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/02 10:00:17.0063 3432 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/02 10:00:17.0171 3432 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/02 10:00:17.0291 3432 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/02 10:00:17.0386 3432 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/02 10:00:17.0487 3432 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/02 10:00:17.0529 3432 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/02 10:00:17.0582 3432 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/02 10:00:17.0649 3432 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/02 10:00:17.0743 3432 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/04/02 10:00:17.0808 3432 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/02 10:00:17.0890 3432 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/02 10:00:17.0982 3432 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/02 10:00:18.0052 3432 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/02 10:00:18.0123 3432 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/02 10:00:18.0233 3432 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/02 10:00:18.0367 3432 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/02 10:00:18.0496 3432 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/02 10:00:18.0569 3432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/02 10:00:18.0630 3432 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/02 10:00:18.0696 3432 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/02 10:00:18.0751 3432 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/02 10:00:18.0831 3432 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/02 10:00:18.0908 3432 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/02 10:00:18.0968 3432 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/02 10:00:19.0045 3432 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/02 10:00:19.0125 3432 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/02 10:00:19.0176 3432 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/02 10:00:19.0259 3432 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/02 10:00:19.0359 3432 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/02 10:00:19.0430 3432 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/02 10:00:19.0509 3432 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/02 10:00:19.0587 3432 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/02 10:00:19.0666 3432 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/02 10:00:19.0780 3432 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
2011/04/02 10:00:19.0871 3432 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/02 10:00:19.0969 3432 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/02 10:00:20.0027 3432 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/02 10:00:20.0097 3432 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/02 10:00:20.0170 3432 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/02 10:00:20.0272 3432 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/02 10:00:20.0363 3432 tbhsd (ea02d11234c29e3af778081498072131) C:\Windows\system32\drivers\tbhsd.sys
2011/04/02 10:00:20.0472 3432 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/02 10:00:20.0573 3432 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/02 10:00:20.0665 3432 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/02 10:00:20.0749 3432 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/02 10:00:20.0821 3432 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/02 10:00:20.0888 3432 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/02 10:00:20.0989 3432 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/02 10:00:21.0149 3432 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/02 10:00:21.0221 3432 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/02 10:00:21.0336 3432 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/02 10:00:21.0396 3432 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/02 10:00:21.0497 3432 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/02 10:00:21.0598 3432 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/02 10:00:21.0675 3432 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/02 10:00:21.0736 3432 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/02 10:00:21.0829 3432 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/02 10:00:21.0900 3432 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/02 10:00:22.0020 3432 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/02 10:00:22.0088 3432 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/02 10:00:22.0179 3432 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/02 10:00:22.0256 3432 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/02 10:00:22.0382 3432 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/02 10:00:22.0445 3432 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/02 10:00:22.0517 3432 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/02 10:00:22.0600 3432 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/02 10:00:22.0736 3432 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/02 10:00:22.0835 3432 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/02 10:00:22.0909 3432 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/02 10:00:23.0047 3432 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/02 10:00:23.0129 3432 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/02 10:00:23.0177 3432 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/02 10:00:23.0245 3432 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/02 10:00:23.0304 3432 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/04/02 10:00:23.0404 3432 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/02 10:00:23.0478 3432 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/02 10:00:23.0554 3432 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/02 10:00:23.0640 3432 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/02 10:00:23.0782 3432 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/02 10:00:23.0846 3432 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 10:00:23.0862 3432 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 10:00:23.0970 3432 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/02 10:00:24.0063 3432 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/02 10:00:24.0243 3432 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/02 10:00:24.0412 3432 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/02 10:00:24.0520 3432 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/02 10:00:24.0646 3432 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/02 10:00:24.0722 3432 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/02 10:00:26.0077 3432 ================================================================================
2011/04/02 10:00:26.0077 3432 Scan finished
2011/04/02 10:00:26.0077 3432 ================================================================================
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Any symptoms left?
dwill60513
2011-04-02, 18:58
ComboFix 11-04-01.01 - Dave 04/02/2011 11:44:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1183 [GMT -4:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 15:53 . 2011-04-02 15:53 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-04-02 15:53 . 2011-04-02 15:53 -------- d-----w- c:\users\Nellie O. Stone\AppData\Local\temp
2011-04-02 15:53 . 2011-04-02 15:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-02 15:53 . 2011-04-02 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 15:37 . 2011-04-02 15:37 28752 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{7263DC82-978F-458C-AC70-12294C2333D4}\MpKsl87a49307.sys
2011-04-02 13:24 . 2011-03-15 01:05 6792528 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{7263DC82-978F-458C-AC70-12294C2333D4}\mpengine.dll
2011-03-30 14:21 . 2011-03-30 14:21 -------- d-----w- c:\program files\ERUNT
2011-03-29 19:34 . 2011-03-29 19:34 -------- d-----w- c:\users\Dave\AppData\Roaming\SourceTec
2011-03-29 19:34 . 2011-03-29 19:34 -------- d-----w- c:\program files\Common Files\SourceTec
2011-03-29 19:33 . 2011-03-29 19:33 -------- d-----w- c:\program files\Sothink Web Video Downloader Stand-alone
2011-03-29 14:26 . 2011-03-29 14:24 439632 ------w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-29 14:26 . 2011-03-29 14:24 439632 ------w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{63FB66BD-CB5E-47FC-833F-5734E9EF69A6}\gapaengine.dll
2011-03-29 14:25 . 2011-03-15 01:05 6792528 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-29 14:15 . 2011-03-29 14:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-28 15:20 . 2011-03-28 15:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-28 13:10 . 2011-03-28 13:10 -------- d-----w- c:\program files\VS Revo Group
2011-03-23 12:34 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:34 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:34 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-10 01:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 01:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 01:34 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 01:34 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 01:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 01:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 20:03 . 2011-03-04 20:06 -------- d-----w- c:\users\Dave\AppData\Roaming\VTExtra
2011-03-04 20:00 . 2011-03-04 20:03 -------- d-----w- c:\users\Dave\AppData\Local\VTShared
2011-03-04 20:00 . 2011-04-02 01:18 -------- d-----w- c:\users\Dave\AppData\Local\EnglishHarbourCasino
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 19:57 . 2009-04-16 21:05 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-01-20 16:37 . 2011-02-09 08:48 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 08:48 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 08:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 08:48 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 08:48 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 08:48 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 08:48 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 08:48 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 08:48 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 08:48 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 08:48 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 08:48 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 08:48 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 08:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 08:48 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 08:48 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 08:48 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 08:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 08:48 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 08:48 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 08:48 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 08:48 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 08:48 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 08:48 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 08:48 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-09 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 08:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-18 17:53 . 2011-03-28 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Web Video Downloader"="c:\program files\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [2010-11-11 5387608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55 50520 ----a-w- c:\users\Dave\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD or CD Sharing]
2008-02-21 01:10 619832 ----a-w- c:\program files\DVD or CD Sharing\ODSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 21:14 133104 ----atw- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 21:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-12-12 04:35 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
R1 MpKsl01e2028a;MpKsl01e2028a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F64B1C59-3566-460D-BEA0-55A2EAB36AA2}\MpKsl01e2028a.sys [x]
R1 MpKsl85925626;MpKsl85925626;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF66AE33-8869-4152-98DD-67014400B098}\MpKsl85925626.sys [x]
R1 MpKslffd59198;MpKslffd59198;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3FC9DB2-2937-48AE-90A1-E76570BAE064}\MpKslffd59198.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Aldebaran;Aldebaran - Storage Filter Drivers;c:\windows\system32\Drivers\Aldebaran.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 MpKsl87a49307;MpKsl87a49307;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7263DC82-978F-458C-AC70-12294C2333D4}\MpKsl87a49307.sys [2011-04-02 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [2007-01-16 316256]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-12 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL87A49307
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087515188-20942962-1641699201-1000Core1cb6fb1c6c3d42d.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 21:14]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087515188-20942962-1641699201-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 21:14]
.
2009-11-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-03-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2009-11-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-03-10 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2010-10-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-16 04:35]
.
2011-04-02 c:\windows\Tasks\User_Feed_Synchronization-{444E6A6C-6AAC-4FFC-9F9B-ED6104AA48E1}.job
- c:\windows\system32\msfeedssync.exe [2011-03-28 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://broadband.zoomtown.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\shx0bqp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 11:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-02 11:55:47
ComboFix-quarantined-files.txt 2011-04-02 15:55
.
Pre-Run: 72,678,027,264 bytes free
Post-Run: 72,646,721,536 bytes free
.
- - End Of File - - 5F7772DAABE4FF6B4A45070B8123C53E
Hi,
Do those original symptoms still exist?
dwill60513
2011-04-02, 19:39
Spybot is still reporting that click.giftload is still there...
Does it still re-appear if you let Spybot fix it and then reboot?
dwill60513
2011-04-02, 19:48
no, just the same spybot report...
dwill60513
2011-04-02, 19:49
was responding to the wrong thread, hold on...
dwill60513
2011-04-02, 19:50
spybot is not finished yet, will be finished in a moment
dwill60513
2011-04-02, 20:03
spybot says it can't remove it, should I reboot anyway?
Hi,
Update MBAM and run a full scan with it removing found items. Post back the report. If Spybot still finds the item post back its report too.
dwill60513
2011-04-02, 20:21
is aswMBR.exe MBAM?
Malwarebytes Anti-Malware.
dwill60513
2011-04-02, 20:34
thanks so much, be in back with results...
dave
dwill60513
2011-04-02, 23:26
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6247
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
4/2/2011 3:02:41 PM
mbam-log-2011-04-02 (15-02-41).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 341564
Time elapsed: 1 hour(s), 27 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
________________________________________
SPYBOT SCAN RESULTS:
Click.Giftload
(SBI $89783858)User settings
HKEY_USERS\DEFAULT\Software\Microsoft\InternetExplorer\Main\featuredcontrol\FEATURE_BROWSER_EMULATION\svchost.exe
SPYBOTS WARNING AFTER TRYING TO REMOVE:
Some problems couldn't be fixed; the reason could be
that the associated files are still in use (in memory).
This could be fixed after a restart.
May Spybot - S&&D run on your next system startup?
I've tried to run spybot after the next startup many time but still does the same thing..
Dave
Please download the Registry Search tool by clicking on the
hard drive icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for FEATURE_BROWSER_EMULATION and click OK. Post the logfile from the tool here for me.
dwill60513
2011-04-03, 19:50
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "FEATURE_BROWSER_EMULATION" 4/3/2011 12:41:09 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Please run Spybot again.
dwill60513
2011-04-03, 19:57
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "FEATURE_BROWSER_EMULATION" 4/3/2011 12:41:09 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
Hi,
Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Please run Spybot again.
Kindly follow those steps in my previous post.
dwill60513
2011-04-03, 20:34
Sorry, I don't understand what "quote box" you want me to post the registry search results in...
Hi,
Just create CFScript.txt file with contents of this code box:
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
Then drag'n'drop it to ComboFix. You did it earlier so shouldn't be difficult to do now either :)
dwill60513
2011-04-03, 21:05
ComboFix 11-04-03.01 - Dave 04/03/2011 13:46:50.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1263 [GMT -4:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-03 17:54 . 2011-04-03 17:58 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-04-03 17:54 . 2011-04-03 17:54 -------- d-----w- c:\users\Nellie O. Stone\AppData\Local\temp
2011-04-03 17:54 . 2011-04-03 17:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-03 17:54 . 2011-04-03 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-03 16:45 . 2011-03-15 01:05 6792528 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{4A3A1EDF-0971-45C3-8A74-7A3597E9ECCE}\mpengine.dll
2011-03-30 14:21 . 2011-03-30 14:21 -------- d-----w- c:\program files\ERUNT
2011-03-29 19:34 . 2011-03-29 19:34 -------- d-----w- c:\users\Dave\AppData\Roaming\SourceTec
2011-03-29 19:34 . 2011-03-29 19:34 -------- d-----w- c:\program files\Common Files\SourceTec
2011-03-29 19:33 . 2011-03-29 19:33 -------- d-----w- c:\program files\Sothink Web Video Downloader Stand-alone
2011-03-29 14:26 . 2011-03-29 14:24 439632 ------w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-29 14:26 . 2011-03-29 14:24 439632 ------w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\{63FB66BD-CB5E-47FC-833F-5734E9EF69A6}\gapaengine.dll
2011-03-29 14:25 . 2011-03-15 01:05 6792528 ----a-w- c:\progra~2\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-29 14:15 . 2011-03-29 14:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-28 15:20 . 2011-03-28 15:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-28 13:10 . 2011-03-28 13:10 -------- d-----w- c:\program files\VS Revo Group
2011-03-23 12:34 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:34 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:34 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-10 01:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 01:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 01:34 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 01:34 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 01:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 01:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 20:03 . 2011-03-04 20:06 -------- d-----w- c:\users\Dave\AppData\Roaming\VTExtra
2011-03-04 20:00 . 2011-03-04 20:03 -------- d-----w- c:\users\Dave\AppData\Local\VTShared
2011-03-04 20:00 . 2011-04-02 01:18 -------- d-----w- c:\users\Dave\AppData\Local\EnglishHarbourCasino
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 19:57 . 2009-04-16 21:05 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2011-01-20 16:37 . 2011-02-09 08:48 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 08:48 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 08:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 08:48 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 08:48 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 08:48 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 08:48 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 08:48 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 08:48 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 08:48 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 08:48 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 08:48 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 08:48 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 08:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 08:48 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 08:48 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 08:48 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 08:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 08:48 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 08:48 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 08:48 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 08:48 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 08:48 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 08:48 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 08:48 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-09 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 08:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-18 17:53 . 2011-03-28 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Web Video Downloader"="c:\program files\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe" [2010-11-11 5387608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55 50520 ----a-w- c:\users\Dave\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD or CD Sharing]
2008-02-21 01:10 619832 ----a-w- c:\program files\DVD or CD Sharing\ODSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 21:14 133104 ----atw- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 21:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-12-12 04:35 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
R1 MpKsl01e2028a;MpKsl01e2028a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F64B1C59-3566-460D-BEA0-55A2EAB36AA2}\MpKsl01e2028a.sys [x]
R1 MpKsl85925626;MpKsl85925626;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF66AE33-8869-4152-98DD-67014400B098}\MpKsl85925626.sys [x]
R1 MpKsla1223c18;MpKsla1223c18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A3A1EDF-0971-45C3-8A74-7A3597E9ECCE}\MpKsla1223c18.sys [x]
R1 MpKslffd59198;MpKslffd59198;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3FC9DB2-2937-48AE-90A1-E76570BAE064}\MpKslffd59198.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Aldebaran;Aldebaran - Storage Filter Drivers;c:\windows\system32\Drivers\Aldebaran.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [2007-01-16 316256]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-12 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087515188-20942962-1641699201-1000Core1cb6fb1c6c3d42d.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 21:14]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087515188-20942962-1641699201-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 21:14]
.
2009-11-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-03-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2009-11-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-03-10 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2010-10-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-16 04:35]
.
2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{444E6A6C-6AAC-4FFC-9F9B-ED6104AA48E1}.job
- c:\windows\system32\msfeedssync.exe [2011-03-28 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://broadband.zoomtown.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\shx0bqp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\ehome\ehmsas.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-04-03 14:02:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-03 18:02
ComboFix2.txt 2011-04-02 15:55
.
Pre-Run: 72,674,938,880 bytes free
Post-Run: 72,189,358,080 bytes free
.
- - End Of File - - 3E027FFF6748632E91F504B49DE4F4ED
Hi,
Does Spybot still detect anything?
dwill60513
2011-04-04, 15:52
the Click.giftload is now gone! Thank you so much! You're the greatest! Is there anything more I have to do now, if not... please tell me what you recommend for cleaning my registry in conjunction to running microsoft essentials as my virus program...
Again, Thanks so much, we need more people out there like you...
Great! Let's see the final steps next :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
dwill60513
2011-04-04, 18:14
Now, can I go into control panel and uninstall erant and the others we used and should I get rid of registry mechanic? if so, what should I use for my registry cleaner along with micro essentials virus protection?
Dave
Hi,
I don't recommend using any registry cleaners. Quite often those cause more trouble than give benefit.
dwill60513
2011-04-05, 16:06
what should I use?
what should I use?
If that question was about registry cleaners I say again that I don't recommend using any such tools. If question was not about registry cleaners please let me know.
I forgot to tell you that it's ok to uninstall Erunt now :)
dwill60513
2011-04-05, 17:06
I'm using micro essentials as my virus program, but just wanted to know if windows automatically keeps my registry in order or do I not worry about the registry?
Thanks again,
Dave
Hi,
Registry cleaners won't provide performance boost though some ads may say otherwise. In worst case registry cleaners clean off some vital info rendering whole system unbootable. I wouldn't worry about the registry.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.