Hello, I'm looking for step by step advice on how to remove this. It showed up in a NOD32 scan a few days ago. It seems I'll have to remove it manually, as NOD32 will not remove it

This seems to be a virsus a lot of people are having trouble with.

Thanks :red:

Hi

I think you missed BEFORE you POST(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) topic. Create DDS logs and post their contents in your reply :)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by El Squido at 12:14:44.51 on 02/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1843 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Edimax\Common\RaRegistry.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Razer\Reclusa\razerhid.exe
D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBOE.EXE
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Edimax\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\Users\El Squido\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Save Tube Video: {f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} - c:\program files\save tube video company\savetubevideo\SaveTubeVideo.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [EPSON Stylus Photo R360 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "c:\windows\temp\E_S69DA.tmp" /EF "HKCU"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Blotiqoh] rundll32.exe "c:\users\el squido\appdata\local\wlALeSLe.dll",Startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [NPSStartup]
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [Corel File Shell Monitor] d:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Mxinaquzac] rundll32.exe "c:\users\el squido\appdata\local\ivoqatuzaruqe.dll",Startup
StartupFolder: c:\users\elsqui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\el squido\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: gmecoss - c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elsqui~1\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: XULRunner: {BD750CB4-280D-4166-B403-ED32053F331F} - c:\users\el squido\appdata\local\{BD750CB4-280D-4166-B403-ED32053F331F}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-6-21 15328]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-22 95592]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-17 237984]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2010-10-15 185632]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-6-21 220128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-17 36608]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-10-15 616960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2009-11-4 41984]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]
.
=============== Created Last 30 ================
.
2011-04-02 11:13:49 -------- d-----w- c:\users\elsqui~1\appdata\local\{BD750CB4-280D-4166-B403-ED32053F331F}
2011-03-29 16:18:00 0 ----a-w- c:\users\elsqui~1\appdata\local\Pxidov.bin
2011-03-26 14:13:28 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 11:27:50 -------- d-----w- c:\users\elsqui~1\appdata\local\Google
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Deployment
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Apps
2011-03-25 14:26:58 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:36:44 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:36:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:36:44 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:36:35 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:36:35 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:36:35 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:36:35 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:36:23 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:36:22 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-03-26 14:02:50 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 14:02:50 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 13:57:16 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-12 19:52:00 3140 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 12:15:15.84 ===============

Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 12:48:21
-----------------------------
12:48:21.441 OS Version: Windows 6.1.7600
12:48:21.441 Number of processors: 4 586 0x402
12:48:21.441 ComputerName: ELSQUIDO-PC UserName: El Squido
12:49:15.993 Initialize success
12:49:47.899 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
12:49:47.899 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ100E4 Size: 953869MB BusType: 3
12:49:47.899 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-6
12:49:47.899 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
12:49:47.899 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
12:49:47.899 Disk 2 Vendor: ST3200820AS 3.AAD Size: 190782MB BusType: 3
12:49:50.049 Disk 0 MBR read successfully
12:49:50.059 Disk 0 MBR scan
12:49:50.059 Disk 0 TDL4@MBR code has been found
12:49:50.059 Disk 0 MBR [TDL4] **ROOTKIT**
12:49:50.069 Disk 0 scanning C:\windows\system32\drivers
12:50:00.799 Service scanning
12:50:09.949 Disk 0 trace - called modules:
12:50:09.969 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857791f8]<<
12:50:09.969 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866b79d8]
12:50:09.969 3 CLASSPNP.SYS[8ba5759e] -> nt!IofCallDriver -> [0x86572918]
12:50:09.979 5 ACPI.sys[8b3643b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x8653a908]
12:50:09.979 \Driver\atapi[0x8651c578] -> IRP_MJ_CREATE -> 0x857791f8
12:50:09.989 Scan finished successfully

Hi,

Re-Run aswMBR Click Scan On completion of the scan Click the Fix for TDL4. Save the log as before. Reboot when prompted. Post back the report.

Hi,

Re-Run aswMBR Click Scan On completion of the scan Click the Fix for TDL4. Save the log as before. Reboot when prompted. Post back the report.

It doesn't seen to want to let me fix after I've scanned. What could be the problem?

Hi,

What are the options offered after scan has finished?

Hi,

What are the options offered after scan has finished?

Fix MBR, Save Log and Exit

Hi

Let's leave that alone for now.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hey,

ComboFix 11-04-01.01 - El Squido 02/04/2011 15:24:30.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1734 [GMT 1:00]
Running from: c:\users\El Squido\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\save tube video company
c:\program files\save tube video company\SaveTubeVideo\BrowserStartPage.dll
c:\program files\save tube video company\SaveTubeVideo\Config.dat
c:\program files\save tube video company\SaveTubeVideo\downloader.exe
c:\program files\save tube video company\SaveTubeVideo\FF\chrome.manifest
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\about.xul
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\settings.js
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.js
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.xul
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\locale\en-US\toolbar.properties
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\about.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\aboutDlg.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\bigbutton.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\gripper.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\savevideo.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\savevideo2.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\search.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\settings.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\showstatus.png
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\skin\skysearchtoolbar.css
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\anti-viruses.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\archivators.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\auto credit.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\auto insurance.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\baccarat.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\bingo.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\body-building.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\casino.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\credit.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\free downloaders.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\general health.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\health and life.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\home.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\keno.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\men`s health.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\mp3 dvd players.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\pain relief.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\pets.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\poker.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\weight loss.txt
c:\program files\save tube video company\SaveTubeVideo\FF\chrome\words\women`s health.txt
c:\program files\save tube video company\SaveTubeVideo\FF\components\ISwslib.xpt
c:\program files\save tube video company\SaveTubeVideo\FF\components\nsIRdsHistoryService.js
c:\program files\save tube video company\SaveTubeVideo\FF\components\nsIRdsHistoryService.xpt
c:\program files\save tube video company\SaveTubeVideo\FF\components\rdstb-autocomplete.js
c:\program files\save tube video company\SaveTubeVideo\FF\components\swslib.dll
c:\program files\save tube video company\SaveTubeVideo\FF\install.rdf
c:\program files\save tube video company\SaveTubeVideo\FF\tmp
c:\program files\save tube video company\SaveTubeVideo\InstallHelper.exe
c:\program files\save tube video company\SaveTubeVideo\new_update.zip
c:\program files\save tube video company\SaveTubeVideo\SaveTubeVideo.dll
c:\program files\save tube video company\SaveTubeVideo\ToolbarUpdate.exe
c:\program files\save tube video company\SaveTubeVideo\transport_dll.dll
c:\program files\save tube video company\SaveTubeVideo\unins000.dat
c:\program files\save tube video company\SaveTubeVideo\unins000.exe
c:\program files\save tube video company\SaveTubeVideo\update.dat
c:\program files\save tube video company\SaveTubeVideo\update.dll
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\chrome.manifest
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\chrome\content\_cfg.js
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\chrome\content\overlay.xul
c:\users\El Squido\AppData\Local\{BD750CB4-280D-4166-B403-ED32053F331F}\install.rdf
c:\users\El Squido\AppData\Local\ivoqatuzaruqe.dll
c:\users\El Squido\AppData\Local\wlALeSLe.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 14:32 . 2011-04-02 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 14:21 . 2011-04-02 14:21 -------- d-----w- C:\32788R22FWJFW
2011-03-29 16:18 . 2011-04-02 11:13 0 ----a-w- c:\users\El Squido\AppData\Local\Pxidov.bin
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\users\El Squido\AppData\Roaming\SystemRequirementsLab
2011-03-26 11:27 . 2011-03-26 11:59 -------- d-----w- c:\users\El Squido\AppData\Local\Google
2011-03-26 11:27 . 2011-03-26 11:28 -------- d-----w- c:\program files\Google
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Deployment
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Apps
2011-03-25 14:26 . 2011-03-25 14:26 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:36 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:36 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:36 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:36 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:36 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:36 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:36 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:36 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:36 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 14:03 . 2009-11-04 21:13 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-26 14:02 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 14:02 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 13:57 . 2009-11-04 21:12 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-09 12:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-12 19:52 . 2009-12-16 14:33 3140 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-03 05:45 . 2011-02-09 20:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-07 07:31 . 2011-02-23 11:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 11:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 20:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 20:55 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37 . 2011-02-09 20:56 2329088 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-23 2980248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2009-11-04 151552]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13683816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2009-03-10 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
.
c:\users\El Squido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler V3.exe [2009-11-9 225280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-10-15 1576960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmecoss]
2011-03-29 19:08 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\gmecoss.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 cpuz130;cpuz130;c:\users\ELSQUI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2008-09-01 104320]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-06-21 15328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 95592]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-06-21 220128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [2009-08-12 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\El Squido\AppData\Roaming\Mozilla\Firefox\Profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Blotiqoh - c:\users\El Squido\AppData\Local\wlALeSLe.dll
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Mxinaquzac - c:\users\El Squido\AppData\Local\ivoqatuzaruqe.dll
AddRemove-SaveTubeVideo_is1 - c:\program files\Save Tube Video Company\SaveTubeVideo\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,a1,df,27,b4,01,42,d0,c8,94,47,33,d5,e1,56,07,ca,68,47,91,1f,
33,b9,1a,f1,0b,c2,87,3a,59,10,9b,5b,e6,85,2c,41,1c,45,c1,a1,f1,55,f4,fa,71,\
"rkeysecu"=hex:13,ec,d2,01,42,c3,60,5c,63,09,d4,70,13,78,4d,f5
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\¬ ÿ*3*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-02 15:33:38
ComboFix-quarantined-files.txt 2011-04-02 14:33
.
Pre-Run: 700,234,035,200 bytes free
Post-Run: 735,565,950,976 bytes free
.
- - End Of File - - 741B80E7A1F55F4270329C89D6D5766E

Please post fresh dds.txt log too :)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by El Squido at 20:12:01.50 on 02/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1880 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\windows\system32\taskeng.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Edimax\Common\RaRegistry.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Razer\Reclusa\razerhid.exe
D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Edimax\Common\RaUI.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\Users\El Squido\Downloads\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [Corel File Shell Monitor] d:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
StartupFolder: c:\users\elsqui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\el squido\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: gmecoss - c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elsqui~1\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-6-21 15328]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-22 95592]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-17 237984]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2010-10-15 185632]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-6-21 220128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-17 36608]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-10-15 616960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2009-11-4 41984]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]
.
=============== Created Last 30 ================
.
2011-04-02 14:33:40 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-02 14:22:00 98816 ----a-w- c:\windows\sed.exe
2011-04-02 14:22:00 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 14:22:00 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 14:22:00 161792 ----a-w- c:\windows\SWREG.exe
2011-03-29 16:18:00 0 ----a-w- c:\users\elsqui~1\appdata\local\Pxidov.bin
2011-03-26 14:13:28 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 11:27:50 -------- d-----w- c:\users\elsqui~1\appdata\local\Google
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Deployment
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Apps
2011-03-25 14:26:58 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:36:44 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:36:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:36:44 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:36:35 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:36:35 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:36:35 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:36:35 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:36:23 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:36:22 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-03-26 14:02:50 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 14:02:50 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 13:57:16 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-12 19:52:00 3140 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:13:00.60 ===============

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?p=399849#post399849
Suspect::[76]
c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
File::
c:\users\El Squido\AppData\Local\Pxidov.bin
DDS::
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Update MBAM and run a full scan with it. Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

ComboFix 11-04-03.03 - El Squido 04/04/2011 13:14:26.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1955 [GMT 1:00]
Running from: c:\users\El Squido\Downloads\ComboFix.exe
Command switches used :: c:\users\El Squido\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\El Squido\AppData\Local\Pxidov.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\El Squido\AppData\Local\Pxidov.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-04 12:21 . 2011-04-04 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\users\El Squido\AppData\Roaming\SystemRequirementsLab
2011-03-26 11:27 . 2011-03-26 11:59 -------- d-----w- c:\users\El Squido\AppData\Local\Google
2011-03-26 11:27 . 2011-03-26 11:28 -------- d-----w- c:\program files\Google
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Deployment
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Apps
2011-03-25 14:26 . 2011-03-25 14:26 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:36 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:36 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:36 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:36 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:36 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:36 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:36 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:36 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:36 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 14:03 . 2009-11-04 21:13 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-26 14:02 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 14:02 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 13:57 . 2009-11-04 21:12 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-09 12:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-12 19:52 . 2009-12-16 14:33 3140 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-03 05:45 . 2011-02-09 20:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-07 07:31 . 2011-02-23 11:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 11:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 20:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 20:55 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37 . 2011-02-09 20:56 2329088 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-23 2980248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2009-11-04 151552]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13683816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2009-03-10 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
.
c:\users\El Squido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler V3.exe [2009-11-9 225280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-10-15 1576960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmecoss]
2011-03-29 19:08 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\gmecoss.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 cpuz130;cpuz130;c:\users\ELSQUI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2008-09-01 104320]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-06-21 15328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 95592]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-06-21 220128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [2009-08-12 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\El Squido\AppData\Roaming\Mozilla\Firefox\Profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,a1,df,27,b4,01,42,d0,c8,94,47,33,d5,e1,56,07,ca,68,47,91,1f,
33,b9,1a,f1,0b,c2,87,3a,59,10,9b,5b,e6,85,2c,41,1c,45,c1,a1,f1,55,f4,fa,71,\
"rkeysecu"=hex:13,ec,d2,01,42,c3,60,5c,63,09,d4,70,13,78,4d,f5
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\¬ ÿ*3*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-04 13:22:47
ComboFix-quarantined-files.txt 2011-04-04 12:22
ComboFix2.txt 2011-04-02 14:33
.
Pre-Run: 735,677,460,480 bytes free
Post-Run: 735,526,481,920 bytes free
.
- - End Of File - - C094C50512526A9C7105558E025C3AEE

Hi,

Open notepad and copy/paste the text in the codebox below into it:



@echo off
for %%g in (
c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
) do zip Files_for_submission %%g
del %0


Save this as grab.bat
Choose to Save type as - All Files
Save it on your desktop.
It should look like this: http://www.techsupportforum.com/sectools/tetonbob/bat_icon.gif
Double click on grab.bat & allow it to run

A file, Files_for_submission.zip should be created on your desktop. Please upload it to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=76).

Kindly include a link to this topic in the message.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by El Squido at 15:35:41.71 on 04/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1127 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\FsUsbExService.Exe
C:\windows\system32\taskhost.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Edimax\Common\RaRegistry.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Razer\Reclusa\razerhid.exe
D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Windows\tsnp2std.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\windows\system32\taskeng.exe
C:\Users\El Squido\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [Corel File Shell Monitor] d:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\elsqui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\el squido\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: gmecoss - c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elsqui~1\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-6-21 15328]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-22 95592]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-17 237984]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2010-10-15 185632]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-6-21 220128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-17 36608]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-10-15 616960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2009-11-4 41984]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]
.
=============== Created Last 30 ================
.
2011-04-04 14:32:53 54016 ----a-w- c:\windows\system32\drivers\gsij.sys
2011-04-04 12:22:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-02 14:22:00 98816 ----a-w- c:\windows\sed.exe
2011-04-02 14:22:00 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 14:22:00 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 14:22:00 161792 ----a-w- c:\windows\SWREG.exe
2011-03-26 14:13:28 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 11:27:50 -------- d-----w- c:\users\elsqui~1\appdata\local\Google
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Deployment
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Apps
2011-03-25 14:26:58 -------- d-----w- c:\program files\Microsoft
2011-03-09 10:36:44 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 10:36:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 10:36:44 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 10:36:35 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:36:35 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 10:36:35 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:36:35 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:36:23 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:36:22 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-03-26 14:02:50 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 14:02:50 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 13:57:16 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-12 19:52:00 3140 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 15:36:25.64 ===============

Hi,

Was Files_for_submission.zip file created to your desktop when you ran the batch? Please see if this file exists c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll.

Hi,

Was Files_for_submission.zip file created to your desktop when you ran the batch? Please see if this file exists c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll.

Nope, nothing.

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
DIR /a/s C:\gmecoss.dll >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

Volume in drive C has no label.

Hi,

Does ESET still alert about that item or/and are there any other symptoms there?

Nothing no. But there is still two items that come up red in aswMBR.

Hi,

Please run aswMBR, scan and then fix mbr (reboot when prompted). It should create a log. Post that back here.

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-13 11:01:46
-----------------------------
11:01:46.264 OS Version: Windows 6.1.7600
11:01:46.265 Number of processors: 4 586 0x402
11:01:46.265 ComputerName: ELSQUIDO-PC UserName: El Squido
11:01:46.825 Initialize success
11:01:48.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
11:01:48.015 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ100E4 Size: 953869MB BusType: 3
11:01:48.017 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-6
11:01:48.019 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
11:01:48.021 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
11:01:48.023 Disk 2 Vendor: ST3200820AS 3.AAD Size: 190782MB BusType: 3
11:01:50.029 Disk 0 MBR read successfully
11:01:50.031 Disk 0 MBR scan
11:01:52.034 Disk 0 scanning sectors +1953520065
11:01:52.063 Disk 0 scanning C:\windows\system32\drivers
11:01:56.672 Service scanning
11:01:57.648 Disk 0 trace - called modules:
11:01:57.658 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857791f8]<<
11:01:57.661 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866b85a0]
11:01:57.665 3 CLASSPNP.SYS[8baba59e] -> nt!IofCallDriver -> [0x86584918]
11:01:57.669 5 ACPI.sys[8b3413b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x8652b908]
11:01:57.673 \Driver\atapi[0x86529298] -> IRP_MJ_CREATE -> 0x857791f8
11:01:57.678 Scan finished successfully

Good. Please run ComboFix one more time and post back its log.

Argh! It's come back up in NOD32 again.

Does ESET show what item it flags as bad? Did you run ComboFix as requested, yet?

Does ESET show what item it flags as bad? Did you run ComboFix as requested, yet?

19/04/2011 11:35:58 Startup scanner boot sector MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan ElSquido-PC\El Squido


It seems to be messing up my graphic drivers, crashing the internet (Firefox) and my brother said NOD was trying to block an I.P from a website.

I'll run ComboFix after your reply, maybe I should reformat.

Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

After that run ComboFix and post back its report + fresh dds logs.

ComboFix 11-04-18.04 - El Squido 19/04/2011 15:18:38.3.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1972 [GMT 1:00]
Running from: c:\users\El Squido\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\El Squido\AppData\Local\{81D7CC2C-D8C2-4900-AF6C-3B6FEB5F51B1}
c:\users\El Squido\AppData\Local\{81D7CC2C-D8C2-4900-AF6C-3B6FEB5F51B1}\chrome.manifest
c:\users\El Squido\AppData\Local\{81D7CC2C-D8C2-4900-AF6C-3B6FEB5F51B1}\chrome\content\_cfg.js
c:\users\El Squido\AppData\Local\{81D7CC2C-D8C2-4900-AF6C-3B6FEB5F51B1}\chrome\content\overlay.xul
c:\users\El Squido\AppData\Local\{81D7CC2C-D8C2-4900-AF6C-3B6FEB5F51B1}\install.rdf
c:\users\El Squido\AppData\Local\iwebazukohoma.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-19 14:24 . 2011-04-19 14:24 -------- d-----w- c:\users\El Squido\AppData\Local\temp
2011-04-19 14:24 . 2011-04-19 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-18 16:01 . 2011-04-18 16:01 -------- d-----w- c:\programdata\Nikon
2011-04-17 22:50 . 2011-04-19 10:32 0 ----a-w- c:\users\El Squido\AppData\Local\Pxidov.bin
2011-04-17 22:29 . 2011-04-17 22:29 -------- d-----w- c:\users\El Squido\AppData\Roaming\DiskAid
2011-04-17 22:29 . 2011-04-17 22:29 -------- d-----w- c:\program files\DigiDNA
2011-04-17 18:18 . 2011-04-17 18:18 -------- d-----w- c:\users\El Squido\AppData\Local\Nikon
2011-04-17 18:10 . 2011-04-17 18:10 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-04-17 18:10 . 2011-04-17 18:10 -------- d-----w- c:\programdata\Command Line Utility
2011-04-17 18:10 . 2011-04-17 18:10 -------- d-----w- c:\programdata\Clips
2011-04-17 18:10 . 2011-04-17 18:10 -------- d-----w- c:\programdata\Carbon
2011-04-17 17:03 . 2011-04-17 17:03 -------- d-----w- c:\users\El Squido\AppData\Local\{3BB2FC13-4567-475D-96AF-3E114DE7D994}
2011-04-14 21:17 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 21:17 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 21:17 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 21:16 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 21:16 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 21:16 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 21:16 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 21:16 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 21:16 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 21:15 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 21:15 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 21:15 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:15 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:15 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:15 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:15 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 21:15 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 18:07 . 2011-04-13 18:07 -------- d-----w- c:\users\El Squido\AppData\Local\{1B19E555-1D85-4732-B9D3-F0E30A524B45}
2011-04-13 17:15 . 2011-04-19 14:10 -------- d-----w- c:\programdata\NVIDIA
2011-04-12 21:30 . 2011-04-12 21:30 3707144 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.0.614.0oemBingBarSetup-Partner.EXE
2011-04-12 21:27 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-12 21:24 . 2011-04-12 21:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-12 21:24 . 2011-04-12 21:24 -------- d-----w- c:\program files\ConduitEngine
2011-04-12 21:24 . 2011-04-12 21:24 -------- d-----w- c:\users\El Squido\AppData\Local\Conduit
2011-04-12 14:24 . 2011-04-12 14:24 -------- d-----w- c:\users\El Squido\AppData\Local\{5F87BF3D-A071-47FE-AFF0-3DEC032ECE3A}
2011-04-11 20:07 . 2011-04-11 20:07 -------- d-----w- c:\users\El Squido\AppData\Local\{61F89A1E-7868-469A-A3F5-1C6BE1B20B49}
2011-04-10 11:11 . 2011-04-10 11:11 837192 ----a-w- c:\windows\system32\pbsvc(2).exe
2011-04-10 10:15 . 2010-12-02 09:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-04-10 10:15 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-04-10 10:15 . 2010-11-11 23:10 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-04-10 10:15 . 2010-11-11 23:10 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-04-07 14:19 . 2011-04-07 14:19 -------- d-----w- c:\users\El Squido\AppData\Local\{1DFEB829-1142-4418-BAFC-D1E5FA563B04}
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\users\El Squido\AppData\Roaming\SystemRequirementsLab
2011-03-26 11:27 . 2011-03-26 11:59 -------- d-----w- c:\users\El Squido\AppData\Local\Google
2011-03-26 11:27 . 2011-03-26 11:28 -------- d-----w- c:\program files\Google
2011-03-26 11:27 . 2011-04-07 14:23 -------- d-----w- c:\users\El Squido\AppData\Local\Deployment
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Apps
2011-03-25 14:26 . 2011-03-25 14:26 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 19:40 . 2009-11-04 21:13 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-17 19:40 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-17 19:40 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-17 19:04 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-17 18:11 . 2010-02-12 18:10 57344 ----a-r- c:\users\El Squido\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-04-10 11:11 . 2010-01-22 19:38 138056 ----a-w- c:\users\El Squido\AppData\Roaming\PnkBstrK.sys
2011-04-10 11:11 . 2009-11-04 21:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 12:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33 . 2011-03-09 10:36 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 10:36 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:36 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-12 19:52 . 2009-12-16 14:33 3140 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-03 05:45 . 2011-02-09 20:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-23 2980248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
"Blotiqoh"="c:\users\El Squido\AppData\Local\wlALeSLe.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2009-11-04 151552]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2009-03-10 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Mxinaquzac"="c:\users\El Squido\AppData\Local\iwebazukohoma.dll" [BU]
.
c:\users\El Squido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler V3.exe [2009-11-9 225280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-10-15 1576960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]
R3 cpuz130;cpuz130;c:\users\ELSQUI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2008-09-01 104320]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-06-21 15328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 95592]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-06-21 220128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [2009-08-12 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\El Squido\AppData\Roaming\Mozilla\Firefox\Profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,09,c6,49,c1,a2,74,ff,eb,1f,1c,3c,3b,28,9f,67,73,80,b1,1a,db,
6f,ba,06,59,43,5b,6e,a0,74,c6,8a,ed,2f,83,13,ba,18,53,0a,94,e8,a9,de,6a,e4,\
"rkeysecu"=hex:95,bb,b9,60,b7,40,ac,45,12,52,4b,23,7c,3f,40,54
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\¬ ÿ*3*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-19 15:25:46
ComboFix-quarantined-files.txt 2011-04-19 14:25
ComboFix2.txt 2011-04-04 12:22
ComboFix3.txt 2011-04-02 14:33
.
Pre-Run: 730,720,419,840 bytes free
Post-Run: 733,113,774,080 bytes free
.
- - End Of File - - E5A43CC3041AE51964DBF42E061E7DFB

2011/04/19 15:08:47.0859 4452 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/19 15:08:48.0623 4452 ================================================================================
2011/04/19 15:08:48.0623 4452 SystemInfo:
2011/04/19 15:08:48.0623 4452
2011/04/19 15:08:48.0623 4452 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/19 15:08:48.0623 4452 Product type: Workstation
2011/04/19 15:08:48.0623 4452 ComputerName: ELSQUIDO-PC
2011/04/19 15:08:48.0624 4452 UserName: El Squido
2011/04/19 15:08:48.0624 4452 Windows directory: C:\windows
2011/04/19 15:08:48.0624 4452 System windows directory: C:\windows
2011/04/19 15:08:48.0624 4452 Processor architecture: Intel x86
2011/04/19 15:08:48.0624 4452 Number of processors: 4
2011/04/19 15:08:48.0624 4452 Page size: 0x1000
2011/04/19 15:08:48.0624 4452 Boot type: Normal boot
2011/04/19 15:08:48.0624 4452 ================================================================================
2011/04/19 15:08:48.0976 4452 Initialize success
2011/04/19 15:08:50.0763 3004 ================================================================================
2011/04/19 15:08:50.0763 3004 Scan started
2011/04/19 15:08:50.0763 3004 Mode: Manual;
2011/04/19 15:08:50.0763 3004 ================================================================================
2011/04/19 15:08:52.0748 3004 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/04/19 15:08:52.0808 3004 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\windows\system32\DRIVERS\61883.sys
2011/04/19 15:08:52.0864 3004 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/04/19 15:08:52.0890 3004 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/04/19 15:08:52.0930 3004 ADIHdAudAddService (23f78687cbf3972704650a799420bfa8) C:\windows\system32\drivers\ADIHdAud.sys
2011/04/19 15:08:52.0981 3004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/04/19 15:08:53.0001 3004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/04/19 15:08:53.0022 3004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/04/19 15:08:53.0069 3004 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/04/19 15:08:53.0088 3004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/04/19 15:08:53.0106 3004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/04/19 15:08:53.0132 3004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/04/19 15:08:53.0148 3004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/04/19 15:08:53.0157 3004 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/04/19 15:08:53.0169 3004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/04/19 15:08:53.0187 3004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/04/19 15:08:53.0200 3004 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/04/19 15:08:53.0217 3004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/04/19 15:08:53.0232 3004 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/04/19 15:08:53.0249 3004 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/04/19 15:08:53.0279 3004 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/04/19 15:08:53.0287 3004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/04/19 15:08:53.0336 3004 asusgsb (b6e6b264e9c4d0ad0e97af8434c8754d) C:\windows\system32\drivers\asusgsb.sys
2011/04/19 15:08:53.0392 3004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/19 15:08:53.0412 3004 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/04/19 15:08:53.0503 3004 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
2011/04/19 15:08:53.0546 3004 atkdisplf (409aafbd2642813f2c1bb446c816e354) C:\windows\system32\drivers\ATKDispLowFilter.sys
2011/04/19 15:08:53.0615 3004 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\windows\system32\DRIVERS\avc.sys
2011/04/19 15:08:53.0638 3004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/04/19 15:08:53.0670 3004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/04/19 15:08:53.0709 3004 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/04/19 15:08:53.0752 3004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/04/19 15:08:53.0792 3004 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/04/19 15:08:53.0801 3004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/04/19 15:08:53.0815 3004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/04/19 15:08:53.0839 3004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/04/19 15:08:53.0872 3004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/04/19 15:08:53.0887 3004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/04/19 15:08:53.0903 3004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/04/19 15:08:53.0946 3004 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/04/19 15:08:53.0956 3004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/04/19 15:08:53.0987 3004 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/04/19 15:08:54.0022 3004 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/04/19 15:08:54.0040 3004 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/04/19 15:08:54.0174 3004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/04/19 15:08:54.0186 3004 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/04/19 15:08:54.0208 3004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/04/19 15:08:54.0258 3004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/04/19 15:08:54.0274 3004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/04/19 15:08:54.0290 3004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/04/19 15:08:54.0308 3004 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/04/19 15:08:54.0323 3004 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/04/19 15:08:54.0342 3004 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/04/19 15:08:54.0394 3004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/04/19 15:08:54.0465 3004 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
2011/04/19 15:08:54.0509 3004 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/04/19 15:08:54.0531 3004 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/04/19 15:08:54.0593 3004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/04/19 15:08:54.0619 3004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/04/19 15:08:54.0667 3004 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/04/19 15:08:54.0742 3004 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\windows\system32\DRIVERS\eamon.sys
2011/04/19 15:08:54.0822 3004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/04/19 15:08:54.0879 3004 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\windows\system32\DRIVERS\ehdrv.sys
2011/04/19 15:08:54.0937 3004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/04/19 15:08:54.0957 3004 epfwwfpr (8700eadc8bdfa27d948fcc43ee0ae434) C:\windows\system32\DRIVERS\epfwwfpr.sys
2011/04/19 15:08:54.0985 3004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/04/19 15:08:55.0023 3004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/04/19 15:08:55.0035 3004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/04/19 15:08:55.0091 3004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/04/19 15:08:55.0106 3004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/04/19 15:08:55.0125 3004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/04/19 15:08:55.0143 3004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/19 15:08:55.0161 3004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/04/19 15:08:55.0188 3004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/04/19 15:08:55.0222 3004 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/04/19 15:08:55.0248 3004 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/19 15:08:55.0274 3004 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/04/19 15:08:55.0314 3004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/04/19 15:08:55.0368 3004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/19 15:08:55.0460 3004 HabuFltr (e93b6412142db8b8c68a209459213d5e) C:\windows\system32\drivers\habu.sys
2011/04/19 15:08:55.0473 3004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/04/19 15:08:55.0497 3004 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/04/19 15:08:55.0554 3004 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/04/19 15:08:55.0576 3004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/04/19 15:08:55.0605 3004 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/04/19 15:08:55.0633 3004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/04/19 15:08:55.0688 3004 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/04/19 15:08:55.0711 3004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/04/19 15:08:55.0732 3004 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/04/19 15:08:55.0751 3004 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/04/19 15:08:55.0809 3004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/04/19 15:08:55.0834 3004 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/04/19 15:08:55.0875 3004 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/04/19 15:08:55.0903 3004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/04/19 15:08:55.0952 3004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/19 15:08:55.0968 3004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/19 15:08:55.0989 3004 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/04/19 15:08:56.0005 3004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/04/19 15:08:56.0061 3004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/04/19 15:08:56.0074 3004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/04/19 15:08:56.0095 3004 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/04/19 15:08:56.0123 3004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/04/19 15:08:56.0133 3004 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/04/19 15:08:56.0175 3004 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/04/19 15:08:56.0200 3004 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/04/19 15:08:56.0242 3004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/04/19 15:08:56.0269 3004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/04/19 15:08:56.0280 3004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/04/19 15:08:56.0306 3004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/04/19 15:08:56.0319 3004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/04/19 15:08:56.0332 3004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/04/19 15:08:56.0354 3004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/04/19 15:08:56.0372 3004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/04/19 15:08:56.0393 3004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/04/19 15:08:56.0430 3004 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/04/19 15:08:56.0450 3004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/04/19 15:08:56.0464 3004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/19 15:08:56.0479 3004 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/04/19 15:08:56.0495 3004 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/04/19 15:08:56.0550 3004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/04/19 15:08:56.0570 3004 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/04/19 15:08:56.0612 3004 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/19 15:08:56.0636 3004 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/04/19 15:08:56.0680 3004 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/04/19 15:08:56.0708 3004 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/04/19 15:08:56.0725 3004 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/04/19 15:08:56.0795 3004 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\windows\system32\DRIVERS\msdv.sys
2011/04/19 15:08:56.0805 3004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/04/19 15:08:56.0828 3004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/04/19 15:08:56.0844 3004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/04/19 15:08:56.0882 3004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/19 15:08:56.0900 3004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/19 15:08:56.0922 3004 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/04/19 15:08:56.0935 3004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/04/19 15:08:56.0955 3004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/04/19 15:08:56.0972 3004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/04/19 15:08:56.0987 3004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/04/19 15:08:57.0059 3004 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\windows\system32\DRIVERS\ASACPI.sys
2011/04/19 15:08:57.0082 3004 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/04/19 15:08:57.0203 3004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/04/19 15:08:57.0256 3004 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/04/19 15:08:57.0277 3004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/04/19 15:08:57.0304 3004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/19 15:08:57.0317 3004 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/19 15:08:57.0334 3004 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/19 15:08:57.0372 3004 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/04/19 15:08:57.0383 3004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/04/19 15:08:57.0411 3004 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/04/19 15:08:57.0513 3004 netr28 (a03fe2ea906e7172290d9888b894903a) C:\windows\system32\DRIVERS\netr28.sys
2011/04/19 15:08:57.0553 3004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/04/19 15:08:57.0606 3004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/04/19 15:08:57.0620 3004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/04/19 15:08:57.0652 3004 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/04/19 15:08:57.0676 3004 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/04/19 15:08:57.0724 3004 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\windows\system32\drivers\nvhda32v.sys
2011/04/19 15:08:57.0895 3004 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/04/19 15:08:57.0952 3004 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/04/19 15:08:57.0989 3004 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\windows\system32\DRIVERS\nvsmu.sys
2011/04/19 15:08:58.0004 3004 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/04/19 15:08:58.0040 3004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/04/19 15:08:58.0071 3004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/04/19 15:08:58.0137 3004 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/04/19 15:08:58.0151 3004 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/04/19 15:08:58.0165 3004 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/04/19 15:08:58.0215 3004 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\windows\system32\DRIVERS\pccsmcfd.sys
2011/04/19 15:08:58.0251 3004 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/04/19 15:08:58.0265 3004 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/04/19 15:08:58.0281 3004 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/04/19 15:08:58.0301 3004 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/04/19 15:08:58.0323 3004 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/04/19 15:08:58.0394 3004 pfc (444f122e68db44c0589227781f3c8b3f) C:\windows\system32\drivers\pfc.sys
2011/04/19 15:08:58.0457 3004 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/19 15:08:58.0504 3004 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/04/19 15:08:58.0539 3004 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/04/19 15:08:58.0603 3004 pssnap (d38bfcbab2b0106284427a46cd5355c0) C:\windows\system32\DRIVERS\pssnap.sys
2011/04/19 15:08:58.0634 3004 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/04/19 15:08:58.0664 3004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/04/19 15:08:58.0706 3004 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/04/19 15:08:58.0721 3004 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/19 15:08:58.0755 3004 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/04/19 15:08:58.0778 3004 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/19 15:08:58.0799 3004 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/19 15:08:58.0812 3004 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/04/19 15:08:58.0834 3004 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/19 15:08:58.0854 3004 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/04/19 15:08:58.0866 3004 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/19 15:08:58.0930 3004 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
2011/04/19 15:08:58.0948 3004 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/04/19 15:08:58.0963 3004 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/04/19 15:08:58.0976 3004 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/04/19 15:08:59.0009 3004 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/04/19 15:08:59.0049 3004 RecFltr (81d24dccdb05290491e246b8d49c20e9) C:\windows\system32\Drivers\RecFltr.sys
2011/04/19 15:08:59.0086 3004 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/04/19 15:08:59.0215 3004 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/04/19 15:08:59.0326 3004 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/04/19 15:08:59.0435 3004 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\windows\system32\DRIVERS\s115bus.sys
2011/04/19 15:08:59.0516 3004 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\windows\system32\DRIVERS\s115mdfl.sys
2011/04/19 15:08:59.0542 3004 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\windows\system32\DRIVERS\s115mdm.sys
2011/04/19 15:08:59.0566 3004 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\windows\system32\DRIVERS\s115mgmt.sys
2011/04/19 15:08:59.0624 3004 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\windows\system32\DRIVERS\s115obex.sys
2011/04/19 15:08:59.0717 3004 s116bus (815445f4676cc96bc9aeec303c727e19) C:\windows\system32\DRIVERS\s116bus.sys
2011/04/19 15:08:59.0919 3004 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\windows\system32\DRIVERS\s116mdfl.sys
2011/04/19 15:09:00.0057 3004 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\windows\system32\DRIVERS\s116mdm.sys
2011/04/19 15:09:00.0179 3004 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\windows\system32\DRIVERS\s116mgmt.sys
2011/04/19 15:09:00.0231 3004 s116nd5 (306f85733671fe507470f0273025e768) C:\windows\system32\DRIVERS\s116nd5.sys
2011/04/19 15:09:00.0289 3004 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\windows\system32\DRIVERS\s116obex.sys
2011/04/19 15:09:00.0314 3004 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\windows\system32\DRIVERS\s116unic.sys
2011/04/19 15:09:00.0337 3004 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
2011/04/19 15:09:00.0455 3004 SbieDrv (0e5a3d6b8362d7b44dbf56acd2c090ce) C:\Program Files\Sandboxie\SbieDrv.sys
2011/04/19 15:09:00.0488 3004 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/04/19 15:09:00.0515 3004 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/04/19 15:09:00.0773 3004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/04/19 15:09:00.0860 3004 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/04/19 15:09:00.0996 3004 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/04/19 15:09:01.0024 3004 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/04/19 15:09:01.0074 3004 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/04/19 15:09:01.0124 3004 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/04/19 15:09:01.0181 3004 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/04/19 15:09:01.0213 3004 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/04/19 15:09:01.0279 3004 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/04/19 15:09:01.0302 3004 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/04/19 15:09:01.0332 3004 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/04/19 15:09:01.0399 3004 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/04/19 15:09:01.0611 3004 SNP2STD (01b4b8b721345692d53f10b584b3d5d8) C:\windows\system32\DRIVERS\snp2sxp.sys
2011/04/19 15:09:01.0735 3004 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/04/19 15:09:01.0868 3004 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/04/19 15:09:01.0868 3004 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/19 15:09:01.0872 3004 sptd - detected Locked file (1)
2011/04/19 15:09:01.0986 3004 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/04/19 15:09:02.0021 3004 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/04/19 15:09:02.0082 3004 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/04/19 15:09:02.0130 3004 StarPortLite (61b8922afc74f1ebb31e34f43320d2cc) C:\windows\system32\DRIVERS\StarPortLite.sys
2011/04/19 15:09:02.0167 3004 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/04/19 15:09:02.0268 3004 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/04/19 15:09:02.0552 3004 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
2011/04/19 15:09:02.0892 3004 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/04/19 15:09:03.0160 3004 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/04/19 15:09:03.0264 3004 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/19 15:09:03.0303 3004 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/04/19 15:09:03.0370 3004 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/04/19 15:09:03.0431 3004 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/04/19 15:09:03.0485 3004 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/04/19 15:09:03.0556 3004 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/04/19 15:09:03.0757 3004 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/04/19 15:09:03.0835 3004 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/04/19 15:09:03.0888 3004 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/04/19 15:09:03.0938 3004 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/04/19 15:09:04.0044 3004 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/04/19 15:09:04.0152 3004 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/04/19 15:09:04.0260 3004 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/04/19 15:09:04.0351 3004 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
2011/04/19 15:09:04.0573 3004 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
2011/04/19 15:09:04.0739 3004 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/04/19 15:09:04.0797 3004 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/04/19 15:09:04.0840 3004 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/19 15:09:04.0941 3004 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\windows\system32\DRIVERS\usbhub.sys
2011/04/19 15:09:05.0057 3004 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/04/19 15:09:05.0125 3004 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/19 15:09:05.0174 3004 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/19 15:09:05.0234 3004 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/19 15:09:05.0301 3004 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/04/19 15:09:05.0376 3004 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/04/19 15:09:05.0485 3004 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/04/19 15:09:05.0544 3004 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/04/19 15:09:05.0637 3004 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/04/19 15:09:05.0698 3004 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/04/19 15:09:05.0760 3004 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/04/19 15:09:05.0832 3004 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
2011/04/19 15:09:05.0911 3004 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/04/19 15:09:05.0952 3004 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/04/19 15:09:06.0087 3004 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/04/19 15:09:06.0170 3004 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/04/19 15:09:06.0273 3004 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/04/19 15:09:06.0341 3004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/04/19 15:09:06.0505 3004 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/04/19 15:09:06.0679 3004 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/04/19 15:09:06.0746 3004 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/04/19 15:09:06.0827 3004 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/19 15:09:06.0849 3004 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/19 15:09:06.0965 3004 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/04/19 15:09:07.0044 3004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/04/19 15:09:07.0140 3004 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/04/19 15:09:07.0221 3004 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/04/19 15:09:07.0404 3004 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/04/19 15:09:07.0566 3004 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\windows\system32\drivers\WmBEnum.sys
2011/04/19 15:09:07.0717 3004 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\windows\system32\drivers\WmFilter.sys
2011/04/19 15:09:07.0764 3004 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/04/19 15:09:07.0816 3004 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\windows\system32\drivers\WmVirHid.sys
2011/04/19 15:09:07.0883 3004 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\windows\system32\drivers\WmXlCore.sys
2011/04/19 15:09:07.0935 3004 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/04/19 15:09:08.0003 3004 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/04/19 15:09:08.0061 3004 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/04/19 15:09:08.0160 3004 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/04/19 15:09:08.0293 3004 zteusbser (6c8beb4e89bcf08b544afd3f91c24ee8) C:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
2011/04/19 15:09:08.0527 3004 \HardDisk2 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/19 15:09:08.0530 3004 ================================================================================
2011/04/19 15:09:08.0530 3004 Scan finished
2011/04/19 15:09:08.0530 3004 ================================================================================
2011/04/19 15:09:08.0537 1612 Detected object count: 2
2011/04/19 15:09:31.0371 1612 Locked file(sptd) - User select action: Skip
2011/04/19 15:09:31.0417 1612 \HardDisk2 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/19 15:09:31.0418 1612 \HardDisk2 - ok
2011/04/19 15:09:31.0418 1612 Rootkit.Win32.TDSS.tdl4(\HardDisk2) - User select action: Cure
2011/04/19 15:09:35.0335 1608 Deinitialize success

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by El Squido at 15:46:32.52 on 19/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.2002 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Edimax\Common\RaRegistry.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Razer\Habu\razerhid.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Razer\Reclusa\razerhid.exe
D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Edimax\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\DllHost.exe
C:\Users\El Squido\Downloads\dds(2).scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Blotiqoh] rundll32.exe "c:\users\el squido\appdata\local\wlALeSLe.dll",Startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [Corel File Shell Monitor] d:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [Mxinaquzac] rundll32.exe "c:\users\el squido\appdata\local\iwebazukohoma.dll",Startup
StartupFolder: c:\users\elsqui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\el squido\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elsqui~1\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-6-21 15328]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-22 95592]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-17 237984]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2010-10-15 185632]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-6-21 220128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-17 36608]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-10-15 616960]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2009-11-4 41984]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-4-10 122984]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]
.
=============== Created Last 30 ================
.
2011-04-19 14:25:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-19 14:25:47 -------- d-----w- c:\users\elsqui~1\appdata\local\temp
2011-04-17 22:50:47 0 ----a-w- c:\users\elsqui~1\appdata\local\Pxidov.bin
2011-04-17 22:29:23 -------- d-----w- c:\users\elsqui~1\appdata\roaming\DiskAid
2011-04-17 22:29:10 -------- d-----w- c:\program files\DigiDNA
2011-04-17 18:18:52 -------- d-----w- c:\users\elsqui~1\appdata\local\Nikon
2011-04-17 18:10:33 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-04-17 18:10:31 -------- d-----w- c:\progra~2\Command Line Utility
2011-04-17 18:10:31 -------- d-----w- c:\progra~2\Clips
2011-04-17 18:10:31 -------- d-----w- c:\progra~2\Carbon
2011-04-17 17:03:12 -------- d-----w- c:\users\elsqui~1\appdata\local\{3BB2FC13-4567-475D-96AF-3E114DE7D994}
2011-04-14 21:17:00 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 21:17:00 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 21:17:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 21:16:52 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 21:16:52 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 21:16:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 21:16:45 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 21:16:13 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 21:16:05 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 21:15:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 21:15:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 21:15:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:15:44 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:15:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:15:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 21:15:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:15:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 18:07:41 -------- d-----w- c:\users\elsqui~1\appdata\local\{1B19E555-1D85-4732-B9D3-F0E30A524B45}
2011-04-12 21:30:44 3707144 ----a-w- c:\progra~2\microsoft\bingbar\bbsvc\7.0.614.0oemBingBarSetup-Partner.EXE
2011-04-12 21:27:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-12 21:24:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-12 21:24:57 -------- d-----w- c:\program files\ConduitEngine
2011-04-12 21:24:56 -------- d-----w- c:\users\elsqui~1\appdata\local\Conduit
2011-04-12 14:24:04 -------- d-----w- c:\users\elsqui~1\appdata\local\{5F87BF3D-A071-47FE-AFF0-3DEC032ECE3A}
2011-04-11 20:07:17 -------- d-----w- c:\users\elsqui~1\appdata\local\{61F89A1E-7868-469A-A3F5-1C6BE1B20B49}
2011-04-10 11:11:31 837192 ----a-w- c:\windows\system32\pbsvc(2).exe
2011-04-10 10:15:55 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-04-10 10:15:55 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-04-10 10:15:55 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-04-10 10:15:55 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-04-07 14:19:46 -------- d-----w- c:\users\elsqui~1\appdata\local\{1DFEB829-1142-4418-BAFC-D1E5FA563B04}
2011-04-02 14:22:00 98816 ----a-w- c:\windows\sed.exe
2011-04-02 14:22:00 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 14:22:00 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 14:22:00 161792 ----a-w- c:\windows\SWREG.exe
2011-03-26 14:13:28 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 11:27:50 -------- d-----w- c:\users\elsqui~1\appdata\local\Google
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Deployment
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Apps
2011-03-25 14:26:58 -------- d-----w- c:\program files\Microsoft
.
==================== Find3M ====================
.
2011-04-17 19:40:27 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-17 19:40:27 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-17 19:04:35 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-10 11:11:56 138056 ----a-w- c:\users\elsqui~1\appdata\roaming\PnkBstrK.sys
2011-04-10 11:11:32 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-12 19:52:00 3140 --sha-w- c:\progra~2\KGyGaAvL.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 15:48:27.45 ===============

Open notepad and copy/paste the text in the quotebox below into it:



File::
c:\users\El Squido\AppData\Local\Pxidov.bin
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mxinaquzac"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Post back fresh dds.txt contents.

The link seems broken. I'll update later. Here is the CF log.

ComboFix 11-04-18.04 - El Squido 19/04/2011 16:53:44.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.2065 [GMT 1:00]
Running from: c:\users\El Squido\Downloads\ComboFix.exe
Command switches used :: c:\users\El Squido\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\El Squido\AppData\Local\Pxidov.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\El Squido\AppData\Local\Pxidov.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-19 16:00 . 2011-04-19 16:00 -------- d-----w- c:\users\El Squido\AppData\Local\temp
2011-04-19 16:00 . 2011-04-19 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-18 16:01 . 2011-04-18 16:01 -------- d-----w- c:\programdata\Nikon
2011-04-17 22:29 . 2011-04-17 22:29 -------- d-----w- c:\users\El Squido\AppData\Roaming\DiskAid
2011-04-17 22:29 . 2011-04-17 22:29 -------- d-----w- c:\program files\DigiDNA
2011-04-17 18:18 . 2011-04-17 18:18 -------- d-----w- c:\users\El Squido\AppData\Local\Nikon
2011-04-17 18:10 . 2011-04-17 18:10 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-04-17 18:10 . 2011-04-17 18:10 -------- d-----w- c:\programdata\Command Line Utility
2011-04-17 18:10 . 2011-04-17 18:10 -------- d-----w- c:\programdata\Clips
2011-04-17 18:10 . 2011-04-17 18:10 -------- d-----w- c:\programdata\Carbon
2011-04-17 17:03 . 2011-04-17 17:03 -------- d-----w- c:\users\El Squido\AppData\Local\{3BB2FC13-4567-475D-96AF-3E114DE7D994}
2011-04-14 21:17 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 21:17 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 21:17 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 21:16 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 21:16 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 21:16 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 21:16 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 21:16 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 21:16 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 21:15 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 21:15 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 21:15 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:15 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:15 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:15 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:15 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 21:15 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 18:07 . 2011-04-13 18:07 -------- d-----w- c:\users\El Squido\AppData\Local\{1B19E555-1D85-4732-B9D3-F0E30A524B45}
2011-04-13 17:15 . 2011-04-19 15:46 -------- d-----w- c:\programdata\NVIDIA
2011-04-12 21:30 . 2011-04-12 21:30 3707144 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.0.614.0oemBingBarSetup-Partner.EXE
2011-04-12 21:27 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-12 21:24 . 2011-04-12 21:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-12 21:24 . 2011-04-12 21:24 -------- d-----w- c:\program files\ConduitEngine
2011-04-12 21:24 . 2011-04-12 21:24 -------- d-----w- c:\users\El Squido\AppData\Local\Conduit
2011-04-12 14:24 . 2011-04-12 14:24 -------- d-----w- c:\users\El Squido\AppData\Local\{5F87BF3D-A071-47FE-AFF0-3DEC032ECE3A}
2011-04-11 20:07 . 2011-04-11 20:07 -------- d-----w- c:\users\El Squido\AppData\Local\{61F89A1E-7868-469A-A3F5-1C6BE1B20B49}
2011-04-10 11:11 . 2011-04-10 11:11 837192 ----a-w- c:\windows\system32\pbsvc(2).exe
2011-04-10 10:15 . 2010-12-02 09:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-04-10 10:15 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-04-10 10:15 . 2010-11-11 23:10 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-04-10 10:15 . 2010-11-11 23:10 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-04-07 14:19 . 2011-04-07 14:19 -------- d-----w- c:\users\El Squido\AppData\Local\{1DFEB829-1142-4418-BAFC-D1E5FA563B04}
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 14:13 . 2011-03-26 14:13 -------- d-----w- c:\users\El Squido\AppData\Roaming\SystemRequirementsLab
2011-03-26 11:27 . 2011-03-26 11:59 -------- d-----w- c:\users\El Squido\AppData\Local\Google
2011-03-26 11:27 . 2011-03-26 11:28 -------- d-----w- c:\program files\Google
2011-03-26 11:27 . 2011-04-07 14:23 -------- d-----w- c:\users\El Squido\AppData\Local\Deployment
2011-03-26 11:27 . 2011-03-26 11:27 -------- d-----w- c:\users\El Squido\AppData\Local\Apps
2011-03-25 14:26 . 2011-03-25 14:26 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-19 15:27 . 2009-11-04 21:13 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-19 15:27 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-19 15:27 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-17 19:40 . 2009-11-04 21:12 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-17 18:11 . 2010-02-12 18:10 57344 ----a-r- c:\users\El Squido\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-04-10 11:11 . 2010-01-22 19:38 138056 ----a-w- c:\users\El Squido\AppData\Roaming\PnkBstrK.sys
2011-04-10 11:11 . 2009-11-04 21:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 12:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33 . 2011-03-09 10:36 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 10:36 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 10:36 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-12 19:52 . 2009-12-16 14:33 3140 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-03 05:45 . 2011-02-09 20:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-08-14 106904]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-23 2980248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
"Blotiqoh"="c:\users\El Squido\AppData\Local\wlALeSLe.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2009-11-04 151552]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tsnp2std"="c:\windows\tsnp2std.exe" [2009-03-10 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
.
c:\users\El Squido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler V3.exe [2009-11-9 225280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-10-15 1576960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]
R3 cpuz130;cpuz130;c:\users\ELSQUI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2008-09-01 104320]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-06-21 15328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 95592]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-06-21 220128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-16 36608]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\Drivers\RecFltr.sys [2009-08-12 41984]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\El Squido\AppData\Roaming\Mozilla\Firefox\Profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,47,da,90,ee,b7,ed,4a,64,11,54,b0,3b,62,45,4d,9a,49,0e,a3,7c,
ba,a9,09,a7,f2,e6,e6,f8,9d,89,15,c1,0a,2b,ad,34,b5,38,24,4b,e0,fd,12,66,67,\
"rkeysecu"=hex:99,cc,b9,10,a1,5f,43,e8,f7,04,a1,2c,5b,8a,36,3c
.
[HKEY_USERS\S-1-5-21-3175929246-1742711037-3771426543-1000\¬ ÿ*3*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-19 17:01:25
ComboFix-quarantined-files.txt 2011-04-19 16:01
ComboFix2.txt 2011-04-19 14:25
ComboFix3.txt 2011-04-04 12:22
ComboFix4.txt 2011-04-02 14:33
.
Pre-Run: 733,170,761,728 bytes free
Post-Run: 733,110,304,768 bytes free
.
- - End Of File - - 683365C5066E7A02DF3864BB6E37BDA2

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by El Squido at 17:05:26.31 on 19/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1658 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\FsUsbExService.Exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Edimax\Common\RaRegistry.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Razer\Reclusa\razerhid.exe
D:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Windows\tsnp2std.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\Users\El Squido\Downloads\dds(2).scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Blotiqoh] rundll32.exe "c:\users\el squido\appdata\local\wlALeSLe.dll",Startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [Corel File Shell Monitor] d:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
StartupFolder: c:\users\elsqui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\el squido\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elsqui~1\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\el squido\appdata\roaming\mozilla\firefox\profiles\rifkmvpq.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-6-21 15328]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2010-1-22 95592]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-17 237984]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2010-10-15 185632]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-6-21 220128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-11-17 36608]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-10-15 616960]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2009-11-4 41984]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-4-10 122984]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]
.
=============== Created Last 30 ================
.
2011-04-19 16:01:28 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-19 16:01:27 -------- d-----w- c:\users\elsqui~1\appdata\local\temp
2011-04-17 22:29:23 -------- d-----w- c:\users\elsqui~1\appdata\roaming\DiskAid
2011-04-17 22:29:10 -------- d-----w- c:\program files\DigiDNA
2011-04-17 18:18:52 -------- d-----w- c:\users\elsqui~1\appdata\local\Nikon
2011-04-17 18:10:33 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-04-17 18:10:31 -------- d-----w- c:\progra~2\Command Line Utility
2011-04-17 18:10:31 -------- d-----w- c:\progra~2\Clips
2011-04-17 18:10:31 -------- d-----w- c:\progra~2\Carbon
2011-04-17 17:03:12 -------- d-----w- c:\users\elsqui~1\appdata\local\{3BB2FC13-4567-475D-96AF-3E114DE7D994}
2011-04-14 21:17:00 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 21:17:00 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 21:17:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 21:16:52 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 21:16:52 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 21:16:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 21:16:45 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 21:16:13 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 21:16:05 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 21:15:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 21:15:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 21:15:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:15:44 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:15:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:15:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 21:15:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:15:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 18:07:41 -------- d-----w- c:\users\elsqui~1\appdata\local\{1B19E555-1D85-4732-B9D3-F0E30A524B45}
2011-04-12 21:30:44 3707144 ----a-w- c:\progra~2\microsoft\bingbar\bbsvc\7.0.614.0oemBingBarSetup-Partner.EXE
2011-04-12 21:27:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-12 21:24:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-12 21:24:57 -------- d-----w- c:\program files\ConduitEngine
2011-04-12 21:24:56 -------- d-----w- c:\users\elsqui~1\appdata\local\Conduit
2011-04-12 14:24:04 -------- d-----w- c:\users\elsqui~1\appdata\local\{5F87BF3D-A071-47FE-AFF0-3DEC032ECE3A}
2011-04-11 20:07:17 -------- d-----w- c:\users\elsqui~1\appdata\local\{61F89A1E-7868-469A-A3F5-1C6BE1B20B49}
2011-04-10 11:11:31 837192 ----a-w- c:\windows\system32\pbsvc(2).exe
2011-04-10 10:15:55 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-04-10 10:15:55 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-04-10 10:15:55 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-04-10 10:15:55 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-04-07 14:19:46 -------- d-----w- c:\users\elsqui~1\appdata\local\{1DFEB829-1142-4418-BAFC-D1E5FA563B04}
2011-04-02 14:22:00 98816 ----a-w- c:\windows\sed.exe
2011-04-02 14:22:00 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 14:22:00 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 14:22:00 161792 ----a-w- c:\windows\SWREG.exe
2011-03-26 14:13:28 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-26 11:27:50 -------- d-----w- c:\users\elsqui~1\appdata\local\Google
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Deployment
2011-03-26 11:27:37 -------- d-----w- c:\users\elsqui~1\appdata\local\Apps
2011-03-25 14:26:58 -------- d-----w- c:\program files\Microsoft
.
==================== Find3M ====================
.
2011-04-19 15:27:03 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-19 15:27:03 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-17 19:40:27 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-10 11:11:56 138056 ----a-w- c:\users\elsqui~1\appdata\roaming\PnkBstrK.sys
2011-04-10 11:11:32 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-12 19:52:00 3140 --sha-w- c:\progra~2\KGyGaAvL.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 17:05:37.88 ===============

Hi,

Please use this link (http://www.java.com/en/download/index.jsp) instead.

Updated, now what? :).

Good. Any issues left? If not let's see the final steps.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.