Doron_xyz
2011-05-21, 18:54
Hi All,
I removed several malware that after a little while are coming back to my notebook. I used the Malwarebytes' Anti-Malware to remove them successfully. I use this computer in an home office, and Windows 7 enterprise version 64 bits.
These were the malwares: Malware.Trace, PUM.Bad.Proxy and Trojan.FakeAlertR.Gen.
Please see the DDS test and the attached zip file.
Also please refer to this link: http://forums.spybot.info/showthread.php?p=405154#post405154
Thanks,
Doron
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Doron at 11:36:01 on 2011-05-21
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4061.2431 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
d:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\UTILS\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\UTILS\McAfee\Common Framework\FrameworkService.exe
C:\UTILS\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\UTILS\McAfee\Common Framework\naPrdMgr.exe
D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\UTILS\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\UTILS\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
D:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
D:\Program Files\Canon Printer\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\UTILS\McAfee\Common Framework\UdaterUI.exe
C:\UTILS\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
D:\Program Files\Diskeeper\DkService.exe
C:\Windows\system32\sppsvc.exe
D:\Junk\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - D:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - D:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\UTILS\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - D:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [McAfeeUpdaterUI] "C:\UTILS\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\UTILS\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\UTILS\McAfee\VirusScan Enterprise\x64\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [LogMeIn GUI] "D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [CanonMyPrinter] D:\Program Files\Canon Printer\BJMyPrt.exe /logon
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doron\AppData\Roaming\Mozilla\Firefox\Profiles\qylworx6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: D:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Doron\AppData\Roaming\Mozilla\Firefox\Profiles\qylworx6.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: D:\Program Files\Canon Printer\Photo Print\NPEZFFPI.DLL
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin7.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - D:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - D:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - D:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: http://forums.spybot.info/misc.php?do=email_dev&email=TG9nTWVJbkNsaWVudEBsb2dtZWluLmNvbQ== - %profile%\extensions\LogMeInClient@logmein.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-8-25 93872]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 McAfeeEngineService;McAfee Engine Service;C:\UTILS\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-9-29 17920]
R2 McAfeeFramework;McAfee Framework Service;C:\UTILS\McAfee\Common Framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;C:\UTILS\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-9-29 175072]
R2 McTaskManager;McAfee Task Manager;C:\UTILS\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R2 MsDtsServer100;SQL Server Integration Services 10.0;D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-5 1153368]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-14 2253688]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\system32\DRIVERS\lvsels64.sys --> C:\Windows\system32\DRIVERS\lvsels64.sys [?]
S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
.
=============== Created Last 30 ================
.
2011-05-20 04:57:06 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-20 04:04:06 -------- d-----w- C:\Users\Doron\AppData\Local\temp
2011-05-17 16:39:08 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-17 16:39:08 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 21:52:53 -------- d-----w- C:\ProgramData\MicroFour
2011-05-10 18:00:31 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-10 18:00:30 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:00:30 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-10 18:00:29 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-10 18:00:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-10 18:00:28 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-10 18:00:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-10 18:00:28 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-10 18:00:28 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-04-27 01:30:39 -------- d-----w- C:\182b852d4a22afc859
2011-04-26 21:53:05 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-26 21:53:04 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-26 21:53:01 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 21:53:01 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-22 14:13:55 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49FEE7D0-6694-44DC-B3BB-78BC63E28957}\mpengine.dll
.
==================== Find3M ====================
.
2011-04-17 04:01:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-17 04:01:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
.
============= FINISH: 11:37:54.01 ===============
I removed several malware that after a little while are coming back to my notebook. I used the Malwarebytes' Anti-Malware to remove them successfully. I use this computer in an home office, and Windows 7 enterprise version 64 bits.
These were the malwares: Malware.Trace, PUM.Bad.Proxy and Trojan.FakeAlertR.Gen.
Please see the DDS test and the attached zip file.
Also please refer to this link: http://forums.spybot.info/showthread.php?p=405154#post405154
Thanks,
Doron
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Doron at 11:36:01 on 2011-05-21
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4061.2431 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
d:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\UTILS\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\UTILS\McAfee\Common Framework\FrameworkService.exe
C:\UTILS\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\UTILS\McAfee\Common Framework\naPrdMgr.exe
D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\UTILS\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\UTILS\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
D:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
D:\Program Files\Canon Printer\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\UTILS\McAfee\Common Framework\UdaterUI.exe
C:\UTILS\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
D:\Program Files\Diskeeper\DkService.exe
C:\Windows\system32\sppsvc.exe
D:\Junk\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - D:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - D:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\UTILS\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - D:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [McAfeeUpdaterUI] "C:\UTILS\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\UTILS\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\UTILS\McAfee\VirusScan Enterprise\x64\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [LogMeIn GUI] "D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [CanonMyPrinter] D:\Program Files\Canon Printer\BJMyPrt.exe /logon
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doron\AppData\Roaming\Mozilla\Firefox\Profiles\qylworx6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: D:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Doron\AppData\Roaming\Mozilla\Firefox\Profiles\qylworx6.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: D:\Program Files\Canon Printer\Photo Print\NPEZFFPI.DLL
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files\Quicktime\Plugins\npqtplugin7.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - D:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - D:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - D:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: http://forums.spybot.info/misc.php?do=email_dev&email=TG9nTWVJbkNsaWVudEBsb2dtZWluLmNvbQ== - %profile%\extensions\LogMeInClient@logmein.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2010-8-25 93872]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 McAfeeEngineService;McAfee Engine Service;C:\UTILS\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-9-29 17920]
R2 McAfeeFramework;McAfee Framework Service;C:\UTILS\McAfee\Common Framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;C:\UTILS\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-9-29 175072]
R2 McTaskManager;McAfee Task Manager;C:\UTILS\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R2 MsDtsServer100;SQL Server Integration Services 10.0;D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-5 1153368]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-14 2253688]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\system32\DRIVERS\lvsels64.sys --> C:\Windows\system32\DRIVERS\lvsels64.sys [?]
S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
.
=============== Created Last 30 ================
.
2011-05-20 04:57:06 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-20 04:04:06 -------- d-----w- C:\Users\Doron\AppData\Local\temp
2011-05-17 16:39:08 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-17 16:39:08 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 21:52:53 -------- d-----w- C:\ProgramData\MicroFour
2011-05-10 18:00:31 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-10 18:00:30 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:00:30 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-10 18:00:29 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-10 18:00:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-10 18:00:28 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-10 18:00:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-10 18:00:28 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-10 18:00:28 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-04-27 01:30:39 -------- d-----w- C:\182b852d4a22afc859
2011-04-26 21:53:05 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-26 21:53:04 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-26 21:53:01 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 21:53:01 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-22 14:13:55 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49FEE7D0-6694-44DC-B3BB-78BC63E28957}\mpengine.dll
.
==================== Find3M ====================
.
2011-04-17 04:01:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-17 04:01:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
.
============= FINISH: 11:37:54.01 ===============