View Full Version : Browser hijack? And anything else?
SHIRTSHAPPEN60
2011-06-03, 17:28
When I search and click on the results I get redirected to another page. I'm not sure what else is going on. Thanks for taking a look. Mike
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by MIKE at 7:46:51 on 2011-06-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2655 [GMT -4:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F837FC-E677-49B3-9E6F-55B5C4226DD5} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-28 1153368]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-5-28 917768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
.
=============== Created Last 30 ================
.
2011-06-02 19:54:40 388096 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 19:54:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-31 18:26:30 -------- d-----w- C:\Program Files (x86)\GCC
2011-05-31 14:24:49 28944 ----a-w- C:\Windows\SysWow64\msrecr40.dll
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Roaming\FreeFixer
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Local\FreeFixer
2011-05-30 21:01:17 -------- d-----w- C:\Program Files\FreeFixer
2011-05-30 13:05:46 -------- d-----w- C:\ProgramData\STOPzilla!
2011-05-30 11:01:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-05-30 11:01:53 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-05-30 11:01:53 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-30 11:01:53 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-05-30 11:01:53 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-05-30 11:01:53 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-05-30 11:01:53 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-05-30 11:01:53 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-30 11:01:53 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-05-30 11:01:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-29 12:54:12 -------- d-----w- C:\Windows\pss
2011-05-28 19:46:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-28 19:46:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-28 19:07:42 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Malwarebytes
2011-05-28 19:07:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 19:07:30 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-28 19:07:27 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 19:07:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 17:26:37 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-28 17:20:14 -------- d-----w- C:\Users\MIKE\AppData\Local\ElevatedDiagnostics
2011-05-28 15:13:50 -------- d-----w- C:\Windows\Lan
2011-05-28 15:13:11 431104 ----a-w- C:\Windows\WisMvImg.exe
2011-05-28 15:13:11 249856 ----a-w- C:\Windows\Wisi2Bat.exe
2011-05-28 15:13:11 159744 ----a-w- C:\Windows\PatchFul.exe
2011-05-28 15:13:10 382976 ----a-w- C:\Windows\WisGAPasx64.exe
2011-05-28 15:13:10 335872 ----a-w- C:\Windows\ParseModule_X64.exe
2011-05-28 15:13:09 322048 ----a-w- C:\Windows\WisGAPas.exe
2011-05-28 15:13:09 225280 ----a-w- C:\Windows\ParseModule_X86.exe
2011-05-28 14:56:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 14:28:21 -------- d-----w- C:\Users\MIKE\AppData\Local\Adobe
2011-05-28 14:24:05 -------- d-----w- C:\Program Files\CONEXANT
2011-05-28 14:07:33 -------- d-----w- C:\Users\MIKE\AppData\Roaming\EUROSYSTEMS
2011-05-28 14:07:02 191488 ----a-w- C:\Windows\SysWow64\hlvdd.dll
2011-05-28 14:06:56 314368 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2011-05-28 14:06:47 69632 ----a-w- C:\Windows\SysWow64\hasp_inst_help1.dll
2011-05-28 14:06:47 671112 ----a-w- C:\Windows\SysWow64\hdinst_windows.dll
2011-05-28 14:06:47 65024 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2011-05-28 14:06:47 28672 ----a-w- C:\Windows\SysWow64\hlduinst.exe
2011-05-28 14:06:46 3066968 ----a-w- C:\Windows\SysWow64\hinstd.dll
2011-05-28 14:06:46 2511360 ----a-w- C:\Windows\SysWow64\haspds_windows.dll
2011-05-28 14:06:46 153088 ----a-w- C:\Windows\SysWow64\UNWISE.EXE
2011-05-28 14:06:32 47104 ----a-w- C:\Windows\SysWow64\D2htls32.dll
2011-05-28 14:06:32 28976 ----a-w- C:\Windows\SysWow64\D2HTOOLS.DLL
2011-05-28 14:02:47 -------- d-----w- C:\Windows\Cache
2011-05-28 13:54:23 72192 ----a-w- C:\Windows\SysWow64\GC33_c30UI.dll
2011-05-28 13:54:23 60928 ----a-w- C:\Windows\SysWow64\GC33_c30.dll
2011-05-28 13:54:23 153088 ----a-w- C:\Program Files (x86)\UNWISE.EXE
2011-05-28 13:53:52 -------- d-----w- C:\Windows\SysWow64\gcctemp
2011-05-28 13:29:17 -------- d-----w- C:\ProgramData\QuestScan
2011-05-28 13:29:17 -------- d-----w- C:\Program Files (x86)\QuestScan
2011-05-28 13:23:40 65536 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Corel
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-05-28 13:06:52 309840 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys
2011-05-28 13:06:52 1988176 ----a-w- C:\Windows\System32\drivers\vsapint.sys
2011-05-28 13:06:51 42576 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin
2011-05-28 13:03:06 -------- d-----w- C:\ProgramData\Trend Micro
2011-05-28 13:01:11 -------- d-----w- C:\Program Files\Trend Micro
2011-05-28 12:54:34 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F88BF1C-3D63-4F28-A201-5C224D3D0F4D}\mpengine.dll
2011-05-28 12:54:28 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-28 12:47:40 -------- d-----w- C:\ProgramData\NetZero
2011-05-28 12:23:25 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Acer
2011-05-28 12:17:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-05-28 12:17:20 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-05-28 12:17:17 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-05-28 12:17:17 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-05-28 12:12:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-05-28 11:56:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-05-28 11:56:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-05-28 11:56:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-28 11:56:02 -------- d-----w- C:\Users\MIKE\AppData\Local\Diagnostics
2011-05-28 11:55:21 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-28 11:55:04 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-05-28 11:54:18 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DSETUP.dll
2011-05-28 11:54:18 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DXSETUP.exe
2011-05-28 11:54:18 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\dsetup32.dll
2011-05-28 11:53:50 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc6A37.tmp
2011-05-28 11:53:42 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-05-28 11:53:24 -------- d-----w- C:\BOOK
2011-05-28 11:52:47 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2011-05-28 11:52:47 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-05-28 11:52:47 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
2011-05-28 11:52:44 -------- d-----w- C:\Users\MIKE\AppData\Local\Google
2011-05-28 11:51:50 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-28 11:51:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-28 11:51:50 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-05-28 11:51:50 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-28 11:51:49 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-05-28 11:48:12 -------- d-----w- C:\Users\MIKE\AppData\Local\ATI
2011-05-28 11:39:09 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-28 11:38:54 8362 ----a-w- C:\Windows\Suyin.reg
2011-05-28 11:38:54 626688 ----a-w- C:\Windows\Image.dll
2011-05-28 11:38:54 20480 ----a-w- C:\Windows\USB_VIDEO_REG.exe
2011-05-28 11:38:54 200704 ----a-w- C:\Windows\PLFSetI.exe
2011-05-28 11:38:54 1658880 ----a-w- C:\Windows\Acer Crystal Eye webcam.EXE
2011-05-28 11:38:15 -------- d-----w- C:\Program Files\Synaptics
2011-05-28 11:35:41 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-05-28 11:34:52 -------- d-----w- C:\Program Files\ATI
2011-05-28 11:34:49 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-05-28 11:33:31 -------- d-----w- C:\Users\MIKE\AppData\Local\EgisTec
2011-05-28 11:33:31 -------- d-----w- C:\ProgramData\EgisTec
.
==================== Find3M ====================
.
2011-05-28 17:26:37 902656 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 7:48:21.67 ===============
Hi,
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
SHIRTSHAPPEN60
2011-06-09, 15:24
Blade, thanks for the help. When I ran GMER with files unchecked, the scan result found no system modifications detected. I ran a scan with GMER with files selected, it also found no system modifications detected. Mike
Hello Mike,
Download http://public.avast.com/~gmerek/aswMBR.exe to your desktop. Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
SHIRTSHAPPEN60
2011-06-09, 20:23
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-09 13:17:03
-----------------------------
13:17:03.016 OS Version: Windows x64 6.1.7600
13:17:03.017 Number of processors: 2 586 0x602
13:17:03.017 ComputerName: MIKE-PC UserName: MIKE
13:17:06.015 Initialize success
13:17:36.684 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
13:17:36.687 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 11
13:17:36.689 Device \Driver\amdsata -> MajorFunction fffffa80046796c0
13:17:38.691 Disk 0 MBR read successfully
13:17:38.693 Disk 0 MBR scan
13:17:38.696 Disk 0 unknown MBR code
13:17:38.698 Service scanning
13:17:39.675 Disk 0 trace - called modules:
13:17:39.678 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys >>UNKNOWN [0xfffffa80046796c0]<<
13:17:39.682 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045e2060]
13:17:39.685 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800453d920]
13:17:39.689 5 amdxata.sys[fffff880011448b9] -> nt!IofCallDriver -> [0xfffffa800453b6e0]
13:17:39.693 7 ACPI.sys[fffff88000eff781] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8004539700]
13:17:39.697 \Driver\amdsata[0xfffffa80045e8860] -> IRP_MJ_CREATE -> 0xfffffa80046796c0
13:17:39.704 Scan finished successfully
13:19:10.111 Disk 0 MBR has been saved successfully to "C:\Users\MIKE\Desktop\MBR.dat"
13:19:10.116 The log file has been saved successfully to "C:\Users\MIKE\Desktop\aswMBR.txt"
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
SHIRTSHAPPEN60
2011-06-09, 23:07
This is the combofix log
ComboFix 11-06-09.04 - MIKE 06/09/2011 15:37:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2482 [GMT -4:00]
Running from: c:\users\MIKE\Downloads\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\UNWISE.EXE
c:\programdata\Acer\sp.Dll
c:\windows\SysWow64\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 19:43 . 2011-06-09 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-09 19:35 . 2011-06-09 19:36 -------- d-----w- C:\32788R22FWJFW
2011-06-09 11:05 . 1999-03-06 01:15 74000 ----a-w- c:\windows\SysWow64\msrclr40.dll
2011-06-08 11:26 . 2011-06-08 15:31 -------- d-----w- c:\windows\system32\Wat
2011-06-08 11:03 . 2011-06-08 11:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-06-08 10:56 . 2011-06-08 10:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-07 23:53 . 2011-06-08 15:31 -------- d-----w- C:\e0134bf8781801ff23
2011-06-07 17:05 . 2011-05-24 23:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6DA6E57-38B5-4BC9-B067-28BF8499E122}\mpengine.dll
2011-06-06 21:09 . 2011-06-07 14:46 -------- d-----w- C:\FONTZ
2011-06-05 12:49 . 2011-06-05 12:49 55816 ----a-w- c:\windows\CompGenCompGen2-uninstall.exe
2011-06-04 13:25 . 2011-06-04 13:25 952 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys
2011-06-04 13:24 . 2011-06-04 13:25 60423 ----a-w- c:\windows\TCompGenTCompGen-uninstall.exe
2011-06-03 13:22 . 2011-06-03 13:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-03 13:21 . 2011-06-03 13:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-03 13:20 . 2011-06-03 13:20 -------- d-----w- c:\program files (x86)\Java
2011-06-02 19:54 . 2011-06-02 19:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-31 18:26 . 2011-06-02 17:29 -------- d-----w- c:\program files (x86)\GCC
2011-05-31 14:24 . 1999-03-06 02:15 28944 ----a-w- c:\windows\SysWow64\msrecr40.dll
2011-05-30 21:01 . 2011-05-31 12:30 -------- d-----w- c:\program files\FreeFixer
2011-05-30 13:05 . 2011-05-30 14:32 -------- d-----w- c:\programdata\STOPzilla!
2011-05-30 11:01 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-30 11:01 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-30 11:01 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-30 11:01 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-30 11:01 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-30 11:01 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-30 11:01 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-30 11:01 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-30 11:01 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-30 11:01 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-29 11:19 . 2011-06-08 15:31 -------- d-----w- c:\users\MICHAEL
2011-05-28 19:46 . 2011-06-02 17:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-28 19:46 . 2011-05-29 11:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-28 19:07 . 2011-05-28 19:07 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 19:07 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 19:07 . 2011-06-02 17:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-28 19:07 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 17:26 . 2011-05-28 17:26 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-28 15:14 . 2009-08-21 18:31 347656 ----a-w- c:\windows\UNINST32.EXE
2011-05-28 15:13 . 2011-05-28 15:13 -------- d-----w- c:\windows\Lan
2011-05-28 15:13 . 2009-08-22 18:15 431104 ----a-w- c:\windows\WisMvImg.exe
2011-05-28 15:13 . 2009-08-04 13:52 159744 ----a-w- c:\windows\PatchFul.exe
2011-05-28 15:13 . 2009-02-13 08:33 249856 ----a-w- c:\windows\Wisi2Bat.exe
2011-05-28 15:13 . 2009-08-11 06:00 382976 ----a-w- c:\windows\WisGAPasx64.exe
2011-05-28 15:13 . 2009-05-25 18:27 335872 ----a-w- c:\windows\ParseModule_X64.exe
2011-05-28 15:13 . 2009-08-11 06:00 322048 ----a-w- c:\windows\WisGAPas.exe
2011-05-28 15:13 . 2009-05-25 18:27 225280 ----a-w- c:\windows\ParseModule_X86.exe
2011-05-28 14:56 . 2011-05-28 14:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 14:24 . 2011-05-28 14:24 -------- d-----w- c:\program files\CONEXANT
2011-05-28 14:07 . 2006-10-18 23:12 191488 ----a-w- c:\windows\SysWow64\hlvdd.dll
2011-05-28 14:06 . 2006-12-04 14:44 314368 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-05-28 14:06 . 2006-12-20 14:00 671112 ----a-w- c:\windows\SysWow64\hdinst_windows.dll
2011-05-28 14:06 . 2006-12-13 22:14 65024 ----a-w- c:\windows\system32\drivers\aksdf.sys
2011-05-28 14:06 . 2006-11-30 15:06 69632 ----a-w- c:\windows\SysWow64\hasp_inst_help1.dll
2011-05-28 14:06 . 2005-09-06 21:06 28672 ----a-w- c:\windows\SysWow64\hlduinst.exe
2011-05-28 14:06 . 2006-12-20 15:55 3066968 ----a-w- c:\windows\SysWow64\hinstd.dll
2011-05-28 14:06 . 2006-12-20 14:00 2511360 ----a-w- c:\windows\SysWow64\haspds_windows.dll
2011-05-28 14:06 . 1996-05-08 06:59 47104 ----a-w- c:\windows\SysWow64\D2htls32.dll
2011-05-28 14:06 . 1996-02-28 23:47 28976 ----a-w- c:\windows\SysWow64\D2HTOOLS.DLL
2011-05-28 14:02 . 2011-05-28 14:02 -------- d-----w- c:\windows\Cache
2011-05-28 13:54 . 2009-08-20 18:40 72192 ----a-w- c:\windows\SysWow64\GC33_c30UI.dll
2011-05-28 13:54 . 2009-08-20 18:39 60928 ----a-w- c:\windows\SysWow64\GC33_c30.dll
2011-05-28 13:53 . 2011-05-31 18:24 -------- d-----w- c:\windows\SysWow64\gcctemp
2011-05-28 13:29 . 2011-05-28 19:29 -------- d-----w- c:\program files (x86)\QuestScan
2011-05-28 13:29 . 2011-05-28 19:28 -------- d-----w- c:\programdata\QuestScan
2011-05-28 13:23 . 2011-05-28 13:23 -------- d-----w- c:\programdata\InstallShield
2011-05-28 13:20 . 2011-05-28 13:20 -------- d-----w- c:\program files (x86)\Corel
2011-05-28 13:20 . 2011-05-28 13:20 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-05-28 13:06 . 2010-07-30 17:30 309840 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-05-28 13:06 . 2010-07-30 17:24 1988176 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-05-28 13:06 . 2010-07-30 17:30 42576 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-05-28 13:05 . 2011-05-29 17:29 434670 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2011-05-28 13:05 . 2011-05-29 17:26 434670 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
2011-05-28 13:03 . 2011-05-28 13:03 -------- d-----w- c:\programdata\Trend Micro
2011-05-28 13:01 . 2011-05-28 13:03 -------- d-----w- c:\program files\Trend Micro
2011-05-28 12:54 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-28 12:47 . 2011-05-28 12:47 -------- d-----w- c:\programdata\NetZero
2011-05-28 12:17 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-05-28 12:17 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-05-28 12:17 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-05-28 12:17 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-28 12:12 . 2011-05-28 12:12 -------- d-----w- c:\programdata\OEM_E471269A730D
2011-05-28 11:56 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-05-28 11:56 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-05-28 11:56 . 2011-05-28 11:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-05-28 11:55 . 2011-05-28 11:55 -------- d-----w- c:\program files (x86)\Microsoft
2011-05-28 11:55 . 2011-05-28 11:55 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-05-28 11:54 . 2011-05-28 11:57 -------- d-----w- c:\program files (x86)\Windows Live
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- C:\BOOK
2011-05-28 11:52 . 2009-08-04 02:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2011-05-28 11:52 . 2009-08-04 02:34 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-05-28 11:52 . 2009-08-04 02:34 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2011-05-28 11:48 . 2011-05-28 11:48 -------- d-----w- c:\programdata\ATI
2011-05-28 11:42 . 2011-05-28 11:51 -------- d-----w- c:\programdata\CyberLink
2011-05-28 11:39 . 2011-05-28 11:39 -------- d-----w- c:\program files (x86)\Launch Manager
2011-05-28 11:38 . 2009-07-24 22:08 1658880 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE
2011-05-28 11:38 . 2009-07-24 19:44 8362 ----a-w- c:\windows\Suyin.reg
2011-05-28 11:38 . 2008-12-30 17:42 626688 ----a-w- c:\windows\Image.dll
2011-05-28 11:38 . 2008-07-29 23:29 200704 ----a-w- c:\windows\PLFSetI.exe
2011-05-28 11:38 . 2008-06-25 18:22 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe
2011-05-28 11:38 . 2011-05-28 11:38 -------- d-----w- c:\program files\Synaptics
2011-05-28 11:35 . 2011-05-28 11:35 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-05-28 11:34 . 2011-05-28 11:34 -------- d-----w- c:\program files\ATI
2011-05-28 11:34 . 2011-05-28 11:36 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-05-28 11:33 . 2011-05-28 11:33 -------- d-----w- c:\programdata\EgisTec
2011-05-28 11:30 . 2011-05-28 11:30 -------- d-----w- c:\program files\Preload
2011-05-28 11:30 . 2011-06-08 15:31 -------- d-----w- c:\users\MIKE
2011-05-28 11:30 . 2011-05-28 11:30 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-07-29 917768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF1271.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-USB & Printer Driver Install - c:\progra~2\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
.
**************************************************************************
.
Completion time: 2011-06-09 15:53:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 19:53
.
Pre-Run: 273,471,442,944 bytes free
Post-Run: 272,845,271,040 bytes free
.
- - End Of File - - CAD8AB4C6BAF2D26ABEF92D922952135
And my dds
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by MIKE at 16:02:16 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2444 [GMT -4:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F837FC-E677-49B3-9E6F-55B5C4226DD5} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-28 1153368]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-5-28 917768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
.
=============== Created Last 30 ================
.
2011-06-09 19:46:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-09 19:36:26 98816 ----a-w- C:\Windows\sed.exe
2011-06-09 19:36:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-09 19:36:26 256512 ----a-w- C:\Windows\PEV.exe
2011-06-09 19:36:26 208896 ----a-w- C:\Windows\MBR.exe
2011-06-09 11:05:16 74000 ----a-w- C:\Windows\SysWow64\msrclr40.dll
2011-06-08 11:26:11 -------- d-----w- C:\Windows\System32\Wat
2011-06-08 11:03:58 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-06-08 10:56:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-06-07 23:53:13 -------- d-----w- C:\e0134bf8781801ff23
2011-06-07 17:05:33 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-07 17:05:25 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6DA6E57-38B5-4BC9-B067-28BF8499E122}\mpengine.dll
2011-06-06 21:09:53 -------- d-----w- C:\FONTZ
2011-06-05 12:49:28 55816 ----a-w- C:\Windows\CompGenCompGen2-uninstall.exe
2011-06-04 13:25:35 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-06-04 13:24:41 60423 ----a-w- C:\Windows\TCompGenTCompGen-uninstall.exe
2011-06-03 13:21:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-02 19:54:40 388096 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 19:54:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-31 18:26:30 -------- d-----w- C:\Program Files (x86)\GCC
2011-05-31 14:24:49 28944 ----a-w- C:\Windows\SysWow64\msrecr40.dll
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Roaming\FreeFixer
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Local\FreeFixer
2011-05-30 21:01:17 -------- d-----w- C:\Program Files\FreeFixer
2011-05-30 13:05:46 -------- d-----w- C:\ProgramData\STOPzilla!
2011-05-30 11:01:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-05-30 11:01:53 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-05-30 11:01:53 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-30 11:01:53 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-05-30 11:01:53 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-05-30 11:01:53 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-05-30 11:01:53 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-05-30 11:01:53 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-30 11:01:53 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-05-30 11:01:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-29 12:54:12 -------- d-----w- C:\Windows\pss
2011-05-28 19:46:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-28 19:46:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-28 19:07:42 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Malwarebytes
2011-05-28 19:07:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 19:07:30 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-28 19:07:27 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 19:07:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 17:26:37 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-28 17:20:14 -------- d-----w- C:\Users\MIKE\AppData\Local\ElevatedDiagnostics
2011-05-28 15:13:50 -------- d-----w- C:\Windows\Lan
2011-05-28 15:13:11 431104 ----a-w- C:\Windows\WisMvImg.exe
2011-05-28 15:13:11 249856 ----a-w- C:\Windows\Wisi2Bat.exe
2011-05-28 15:13:11 159744 ----a-w- C:\Windows\PatchFul.exe
2011-05-28 15:13:10 382976 ----a-w- C:\Windows\WisGAPasx64.exe
2011-05-28 15:13:10 335872 ----a-w- C:\Windows\ParseModule_X64.exe
2011-05-28 15:13:09 322048 ----a-w- C:\Windows\WisGAPas.exe
2011-05-28 15:13:09 225280 ----a-w- C:\Windows\ParseModule_X86.exe
2011-05-28 14:56:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 14:28:21 -------- d-----w- C:\Users\MIKE\AppData\Local\Adobe
2011-05-28 14:24:05 -------- d-----w- C:\Program Files\CONEXANT
2011-05-28 14:07:33 -------- d-----w- C:\Users\MIKE\AppData\Roaming\EUROSYSTEMS
2011-05-28 14:07:02 191488 ----a-w- C:\Windows\SysWow64\hlvdd.dll
2011-05-28 14:06:56 314368 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2011-05-28 14:06:47 69632 ----a-w- C:\Windows\SysWow64\hasp_inst_help1.dll
2011-05-28 14:06:47 671112 ----a-w- C:\Windows\SysWow64\hdinst_windows.dll
2011-05-28 14:06:47 65024 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2011-05-28 14:06:47 28672 ----a-w- C:\Windows\SysWow64\hlduinst.exe
2011-05-28 14:06:46 3066968 ----a-w- C:\Windows\SysWow64\hinstd.dll
2011-05-28 14:06:46 2511360 ----a-w- C:\Windows\SysWow64\haspds_windows.dll
2011-05-28 14:06:32 47104 ----a-w- C:\Windows\SysWow64\D2htls32.dll
2011-05-28 14:06:32 28976 ----a-w- C:\Windows\SysWow64\D2HTOOLS.DLL
2011-05-28 14:02:47 -------- d-----w- C:\Windows\Cache
2011-05-28 13:54:23 72192 ----a-w- C:\Windows\SysWow64\GC33_c30UI.dll
2011-05-28 13:54:23 60928 ----a-w- C:\Windows\SysWow64\GC33_c30.dll
2011-05-28 13:53:52 -------- d-----w- C:\Windows\SysWow64\gcctemp
2011-05-28 13:29:17 -------- d-----w- C:\ProgramData\QuestScan
2011-05-28 13:29:17 -------- d-----w- C:\Program Files (x86)\QuestScan
2011-05-28 13:23:40 65536 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Corel
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-05-28 13:06:52 309840 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys
2011-05-28 13:06:52 1988176 ----a-w- C:\Windows\System32\drivers\vsapint.sys
2011-05-28 13:06:51 42576 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin
2011-05-28 13:03:06 -------- d-----w- C:\ProgramData\Trend Micro
2011-05-28 13:01:11 -------- d-----w- C:\Program Files\Trend Micro
2011-05-28 12:54:28 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-28 12:47:40 -------- d-----w- C:\ProgramData\NetZero
2011-05-28 12:23:25 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Acer
2011-05-28 12:17:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-05-28 12:17:20 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-05-28 12:17:17 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-05-28 12:17:17 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-05-28 12:12:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-05-28 11:56:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-05-28 11:56:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-05-28 11:56:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-28 11:56:02 -------- d-----w- C:\Users\MIKE\AppData\Local\Diagnostics
2011-05-28 11:55:21 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-28 11:55:04 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-05-28 11:54:18 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DSETUP.dll
2011-05-28 11:54:18 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DXSETUP.exe
2011-05-28 11:54:18 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\dsetup32.dll
2011-05-28 11:53:50 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc6A37.tmp
2011-05-28 11:53:42 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-05-28 11:53:24 -------- d-----w- C:\BOOK
2011-05-28 11:52:47 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2011-05-28 11:52:47 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-05-28 11:52:47 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
2011-05-28 11:52:44 -------- d-----w- C:\Users\MIKE\AppData\Local\Google
2011-05-28 11:51:50 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-28 11:51:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-28 11:51:50 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-05-28 11:51:50 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-28 11:51:49 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-05-28 11:48:12 -------- d-----w- C:\Users\MIKE\AppData\Local\ATI
2011-05-28 11:39:09 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-28 11:38:54 8362 ----a-w- C:\Windows\Suyin.reg
2011-05-28 11:38:54 626688 ----a-w- C:\Windows\Image.dll
2011-05-28 11:38:54 20480 ----a-w- C:\Windows\USB_VIDEO_REG.exe
2011-05-28 11:38:54 200704 ----a-w- C:\Windows\PLFSetI.exe
2011-05-28 11:38:54 1658880 ----a-w- C:\Windows\Acer Crystal Eye webcam.EXE
2011-05-28 11:38:15 -------- d-----w- C:\Program Files\Synaptics
2011-05-28 11:35:41 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-05-28 11:34:52 -------- d-----w- C:\Program Files\ATI
2011-05-28 11:34:49 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-05-28 11:33:31 -------- d-----w- C:\Users\MIKE\AppData\Local\EgisTec
2011-05-28 11:33:31 -------- d-----w- C:\ProgramData\EgisTec
.
==================== Find3M ====================
.
2011-05-28 17:26:37 902656 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 16:03:15.30 ===============
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
SHIRTSHAPPEN60
2011-06-09, 23:43
2011/06/09 16:38:36.0540 3324 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 16:38:38.0100 3324 ================================================================================
2011/06/09 16:38:38.0100 3324 SystemInfo:
2011/06/09 16:38:38.0100 3324
2011/06/09 16:38:38.0100 3324 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/09 16:38:38.0100 3324 Product type: Workstation
2011/06/09 16:38:38.0100 3324 ComputerName: MIKE-PC
2011/06/09 16:38:38.0100 3324 UserName: MIKE
2011/06/09 16:38:38.0100 3324 Windows directory: C:\Windows
2011/06/09 16:38:38.0100 3324 System windows directory: C:\Windows
2011/06/09 16:38:38.0100 3324 Running under WOW64
2011/06/09 16:38:38.0100 3324 Processor architecture: Intel x64
2011/06/09 16:38:38.0100 3324 Number of processors: 2
2011/06/09 16:38:38.0100 3324 Page size: 0x1000
2011/06/09 16:38:38.0100 3324 Boot type: Normal boot
2011/06/09 16:38:38.0100 3324 ================================================================================
2011/06/09 16:38:39.0457 3324 Initialize success
2011/06/09 16:39:54.0836 0328 ================================================================================
2011/06/09 16:39:54.0836 0328 Scan started
2011/06/09 16:39:54.0836 0328 Mode: Manual;
2011/06/09 16:39:54.0836 0328 ================================================================================
2011/06/09 16:39:55.0413 0328 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/09 16:39:55.0679 0328 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/09 16:39:55.0710 0328 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/09 16:39:55.0835 0328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/09 16:39:55.0959 0328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/09 16:39:56.0022 0328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/09 16:39:56.0209 0328 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/09 16:39:56.0318 0328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/09 16:39:56.0412 0328 aksdf (bc569a6c209d94f6643ee35710aec1f6) C:\Windows\system32\DRIVERS\aksdf.sys
2011/06/09 16:39:56.0521 0328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/09 16:39:56.0615 0328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/09 16:39:56.0677 0328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/09 16:39:56.0755 0328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/09 16:39:56.0802 0328 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/09 16:39:56.0849 0328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/09 16:39:56.0927 0328 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/09 16:39:57.0005 0328 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/09 16:39:57.0129 0328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/09 16:39:57.0176 0328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/09 16:39:57.0239 0328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 16:39:57.0317 0328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/09 16:39:57.0410 0328 athr (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
2011/06/09 16:39:57.0660 0328 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/09 16:39:57.0863 0328 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/09 16:39:58.0783 0328 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/09 16:39:58.0923 0328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/09 16:39:59.0048 0328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/09 16:39:59.0251 0328 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/09 16:39:59.0438 0328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/09 16:39:59.0610 0328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/09 16:39:59.0657 0328 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 16:39:59.0735 0328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/09 16:39:59.0797 0328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/09 16:39:59.0859 0328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/09 16:39:59.0922 0328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/09 16:39:59.0984 0328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/09 16:40:00.0015 0328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/09 16:40:00.0078 0328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/09 16:40:00.0218 0328 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/06/09 16:40:00.0296 0328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 16:40:00.0374 0328 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/09 16:40:00.0468 0328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/09 16:40:00.0546 0328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/09 16:40:00.0733 0328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/09 16:40:00.0780 0328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/09 16:40:00.0827 0328 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/09 16:40:00.0983 0328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/09 16:40:01.0029 0328 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/09 16:40:01.0092 0328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/09 16:40:01.0310 0328 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 16:40:01.0404 0328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/09 16:40:01.0809 0328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/09 16:40:02.0246 0328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 16:40:02.0496 0328 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 16:40:02.0714 0328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/09 16:40:03.0089 0328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/09 16:40:03.0198 0328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/09 16:40:03.0291 0328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/09 16:40:03.0369 0328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 16:40:03.0479 0328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 16:40:03.0541 0328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 16:40:03.0588 0328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 16:40:03.0666 0328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 16:40:03.0744 0328 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 16:40:03.0806 0328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/09 16:40:03.0837 0328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 16:40:03.0915 0328 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/09 16:40:03.0993 0328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/09 16:40:04.0134 0328 Hardlock (d8bf3c594bd17a37960362e6c6739b90) C:\Windows\system32\drivers\hardlock.sys
2011/06/09 16:40:04.0227 0328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/09 16:40:04.0337 0328 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 16:40:04.0415 0328 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/09 16:40:04.0461 0328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/09 16:40:04.0493 0328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/09 16:40:04.0555 0328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/09 16:40:04.0633 0328 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 16:40:04.0758 0328 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/09 16:40:05.0070 0328 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/06/09 16:40:05.0382 0328 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 16:40:05.0491 0328 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/09 16:40:05.0538 0328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/09 16:40:05.0616 0328 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/09 16:40:05.0834 0328 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/09 16:40:06.0209 0328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/09 16:40:06.0365 0328 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/09 16:40:06.0427 0328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/09 16:40:06.0552 0328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 16:40:06.0723 0328 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 16:40:06.0786 0328 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/09 16:40:06.0848 0328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/09 16:40:06.0926 0328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/09 16:40:06.0973 0328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/09 16:40:07.0020 0328 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/09 16:40:07.0113 0328 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/06/09 16:40:07.0207 0328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/09 16:40:07.0285 0328 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/09 16:40:07.0332 0328 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 16:40:07.0394 0328 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/09 16:40:07.0472 0328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/09 16:40:07.0550 0328 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/06/09 16:40:07.0628 0328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 16:40:07.0706 0328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/09 16:40:07.0847 0328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/09 16:40:07.0956 0328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/09 16:40:07.0987 0328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/09 16:40:08.0065 0328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/09 16:40:08.0143 0328 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/09 16:40:08.0190 0328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/09 16:40:08.0237 0328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/09 16:40:08.0330 0328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/09 16:40:08.0361 0328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 16:40:08.0408 0328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 16:40:08.0471 0328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 16:40:08.0502 0328 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 16:40:08.0549 0328 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/09 16:40:08.0627 0328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 16:40:08.0673 0328 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 16:40:08.0736 0328 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 16:40:08.0798 0328 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 16:40:08.0876 0328 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 16:40:08.0923 0328 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/09 16:40:08.0985 0328 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/09 16:40:09.0063 0328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 16:40:09.0110 0328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/09 16:40:09.0141 0328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/09 16:40:09.0219 0328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 16:40:09.0266 0328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 16:40:09.0313 0328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 16:40:09.0360 0328 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 16:40:09.0422 0328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/09 16:40:09.0453 0328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 16:40:09.0485 0328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/09 16:40:09.0531 0328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/09 16:40:09.0641 0328 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/06/09 16:40:09.0703 0328 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/06/09 16:40:09.0750 0328 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/06/09 16:40:09.0859 0328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 16:40:09.0999 0328 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/09 16:40:10.0093 0328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/09 16:40:10.0140 0328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 16:40:10.0187 0328 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 16:40:10.0218 0328 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 16:40:10.0265 0328 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 16:40:10.0311 0328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 16:40:10.0358 0328 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 16:40:10.0452 0328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/09 16:40:10.0499 0328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 16:40:10.0545 0328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 16:40:10.0670 0328 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 16:40:10.0857 0328 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/06/09 16:40:10.0920 0328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/09 16:40:10.0967 0328 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/09 16:40:11.0029 0328 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/09 16:40:11.0076 0328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/09 16:40:11.0138 0328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/09 16:40:11.0185 0328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/09 16:40:11.0232 0328 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 16:40:11.0279 0328 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/09 16:40:11.0325 0328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/09 16:40:11.0372 0328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/09 16:40:11.0450 0328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/09 16:40:11.0497 0328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/09 16:40:11.0653 0328 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 16:40:11.0700 0328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/09 16:40:11.0778 0328 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 16:40:11.0856 0328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/09 16:40:12.0059 0328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/09 16:40:12.0121 0328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 16:40:12.0168 0328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 16:40:12.0261 0328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/09 16:40:12.0324 0328 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 16:40:12.0371 0328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 16:40:12.0433 0328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 16:40:12.0495 0328 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 16:40:12.0620 0328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/09 16:40:12.0683 0328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 16:40:12.0745 0328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 16:40:12.0792 0328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/09 16:40:12.0839 0328 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 16:40:12.0948 0328 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/09 16:40:13.0073 0328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 16:40:13.0166 0328 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
2011/06/09 16:40:13.0275 0328 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/09 16:40:13.0338 0328 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/09 16:40:13.0400 0328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 16:40:13.0478 0328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/09 16:40:13.0541 0328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/09 16:40:13.0619 0328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/09 16:40:13.0712 0328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/09 16:40:13.0759 0328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/09 16:40:13.0806 0328 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/09 16:40:13.0868 0328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/09 16:40:13.0946 0328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/09 16:40:14.0009 0328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/09 16:40:14.0055 0328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 16:40:14.0149 0328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/09 16:40:14.0243 0328 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 16:40:14.0321 0328 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 16:40:14.0430 0328 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/09 16:40:14.0555 0328 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/09 16:40:14.0757 0328 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/09 16:40:14.0867 0328 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 16:40:14.0945 0328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/09 16:40:15.0007 0328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/09 16:40:15.0085 0328 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/09 16:40:15.0225 0328 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 16:40:15.0335 0328 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 16:40:15.0413 0328 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 16:40:15.0459 0328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 16:40:15.0506 0328 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 16:40:15.0569 0328 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 16:40:15.0631 0328 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 16:40:15.0725 0328 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/06/09 16:40:15.0787 0328 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/06/09 16:40:15.0834 0328 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/06/09 16:40:15.0927 0328 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 16:40:15.0974 0328 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 16:40:16.0037 0328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/09 16:40:16.0083 0328 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/06/09 16:40:16.0146 0328 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 16:40:16.0224 0328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/09 16:40:16.0286 0328 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 16:40:16.0349 0328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/09 16:40:16.0411 0328 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 16:40:16.0489 0328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/09 16:40:16.0520 0328 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 16:40:16.0583 0328 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/09 16:40:16.0645 0328 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 16:40:16.0707 0328 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/09 16:40:16.0770 0328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 16:40:16.0817 0328 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/09 16:40:16.0863 0328 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 16:40:16.0941 0328 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/09 16:40:17.0035 0328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/09 16:40:17.0113 0328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 16:40:17.0144 0328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/09 16:40:17.0207 0328 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/09 16:40:17.0269 0328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/09 16:40:17.0316 0328 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/09 16:40:17.0363 0328 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 16:40:17.0425 0328 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/09 16:40:17.0581 0328 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
2011/06/09 16:40:17.0659 0328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/09 16:40:17.0737 0328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/09 16:40:17.0768 0328 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/09 16:40:17.0846 0328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/09 16:40:17.0893 0328 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 16:40:17.0955 0328 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 16:40:18.0018 0328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/09 16:40:18.0080 0328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 16:40:18.0205 0328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/09 16:40:18.0267 0328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/09 16:40:18.0392 0328 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/06/09 16:40:18.0689 0328 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/09 16:40:18.0782 0328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/09 16:40:18.0860 0328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 16:40:18.0923 0328 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/09 16:40:18.0985 0328 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 16:40:19.0079 0328 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/06/09 16:40:19.0157 0328 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/09 16:40:19.0172 0328 ================================================================================
2011/06/09 16:40:19.0172 0328 Scan finished
2011/06/09 16:40:19.0172 0328 ================================================================================
2011/06/09 16:40:19.0188 3272 Detected object count: 0
2011/06/09 16:40:19.0188 3272 Actual detected object count: 0
SHIRTSHAPPEN60
2011-06-10, 00:02
Blade, thanks so much. My browser does not redirect anymore after I ran the TDSS KILLER. Mike
Hi,
Please post fresh dds.txt log. Shall see how it looks.
SHIRTSHAPPEN60
2011-06-10, 13:17
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by MIKE at 6:11:15 on 2011-06-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2555 [GMT -4:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F837FC-E677-49B3-9E6F-55B5C4226DD5} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-28 1153368]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-5-28 917768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
.
=============== Created Last 30 ================
.
2011-06-09 20:26:11 -------- d-----w- C:\tdsskiller
2011-06-09 19:46:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-09 19:36:26 98816 ----a-w- C:\Windows\sed.exe
2011-06-09 19:36:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-09 19:36:26 256512 ----a-w- C:\Windows\PEV.exe
2011-06-09 19:36:26 208896 ----a-w- C:\Windows\MBR.exe
2011-06-09 11:05:16 74000 ----a-w- C:\Windows\SysWow64\msrclr40.dll
2011-06-08 11:26:11 -------- d-----w- C:\Windows\System32\Wat
2011-06-08 11:03:58 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-06-08 10:56:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-06-07 23:53:13 -------- d-----w- C:\e0134bf8781801ff23
2011-06-07 17:05:33 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-07 17:05:25 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6DA6E57-38B5-4BC9-B067-28BF8499E122}\mpengine.dll
2011-06-06 21:09:53 -------- d-----w- C:\FONTZ
2011-06-05 12:49:28 55816 ----a-w- C:\Windows\CompGenCompGen2-uninstall.exe
2011-06-04 13:25:35 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-06-04 13:24:41 60423 ----a-w- C:\Windows\TCompGenTCompGen-uninstall.exe
2011-06-03 13:21:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-02 19:54:40 388096 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 19:54:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-31 18:26:30 -------- d-----w- C:\Program Files (x86)\GCC
2011-05-31 14:24:49 28944 ----a-w- C:\Windows\SysWow64\msrecr40.dll
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Roaming\FreeFixer
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Local\FreeFixer
2011-05-30 21:01:17 -------- d-----w- C:\Program Files\FreeFixer
2011-05-30 13:05:46 -------- d-----w- C:\ProgramData\STOPzilla!
2011-05-30 11:01:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-05-30 11:01:53 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-05-30 11:01:53 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-30 11:01:53 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-05-30 11:01:53 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-05-30 11:01:53 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-05-30 11:01:53 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-05-30 11:01:53 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-30 11:01:53 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-05-30 11:01:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-29 12:54:12 -------- d-----w- C:\Windows\pss
2011-05-28 19:46:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-28 19:46:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-28 19:07:42 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Malwarebytes
2011-05-28 19:07:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 19:07:30 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-28 19:07:27 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 19:07:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 17:26:37 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-28 17:20:14 -------- d-----w- C:\Users\MIKE\AppData\Local\ElevatedDiagnostics
2011-05-28 15:13:50 -------- d-----w- C:\Windows\Lan
2011-05-28 15:13:11 431104 ----a-w- C:\Windows\WisMvImg.exe
2011-05-28 15:13:11 249856 ----a-w- C:\Windows\Wisi2Bat.exe
2011-05-28 15:13:11 159744 ----a-w- C:\Windows\PatchFul.exe
2011-05-28 15:13:10 382976 ----a-w- C:\Windows\WisGAPasx64.exe
2011-05-28 15:13:10 335872 ----a-w- C:\Windows\ParseModule_X64.exe
2011-05-28 15:13:09 322048 ----a-w- C:\Windows\WisGAPas.exe
2011-05-28 15:13:09 225280 ----a-w- C:\Windows\ParseModule_X86.exe
2011-05-28 14:56:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 14:28:21 -------- d-----w- C:\Users\MIKE\AppData\Local\Adobe
2011-05-28 14:24:05 -------- d-----w- C:\Program Files\CONEXANT
2011-05-28 14:07:33 -------- d-----w- C:\Users\MIKE\AppData\Roaming\EUROSYSTEMS
2011-05-28 14:07:02 191488 ----a-w- C:\Windows\SysWow64\hlvdd.dll
2011-05-28 14:06:56 314368 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2011-05-28 14:06:47 69632 ----a-w- C:\Windows\SysWow64\hasp_inst_help1.dll
2011-05-28 14:06:47 671112 ----a-w- C:\Windows\SysWow64\hdinst_windows.dll
2011-05-28 14:06:47 65024 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2011-05-28 14:06:47 28672 ----a-w- C:\Windows\SysWow64\hlduinst.exe
2011-05-28 14:06:46 3066968 ----a-w- C:\Windows\SysWow64\hinstd.dll
2011-05-28 14:06:46 2511360 ----a-w- C:\Windows\SysWow64\haspds_windows.dll
2011-05-28 14:06:32 47104 ----a-w- C:\Windows\SysWow64\D2htls32.dll
2011-05-28 14:06:32 28976 ----a-w- C:\Windows\SysWow64\D2HTOOLS.DLL
2011-05-28 14:02:47 -------- d-----w- C:\Windows\Cache
2011-05-28 13:54:23 72192 ----a-w- C:\Windows\SysWow64\GC33_c30UI.dll
2011-05-28 13:54:23 60928 ----a-w- C:\Windows\SysWow64\GC33_c30.dll
2011-05-28 13:53:52 -------- d-----w- C:\Windows\SysWow64\gcctemp
2011-05-28 13:29:17 -------- d-----w- C:\ProgramData\QuestScan
2011-05-28 13:29:17 -------- d-----w- C:\Program Files (x86)\QuestScan
2011-05-28 13:23:40 65536 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Corel
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-05-28 13:06:52 309840 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys
2011-05-28 13:06:52 1988176 ----a-w- C:\Windows\System32\drivers\vsapint.sys
2011-05-28 13:06:51 42576 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin
2011-05-28 13:03:06 -------- d-----w- C:\ProgramData\Trend Micro
2011-05-28 13:01:11 -------- d-----w- C:\Program Files\Trend Micro
2011-05-28 12:54:28 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-28 12:47:40 -------- d-----w- C:\ProgramData\NetZero
2011-05-28 12:23:25 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Acer
2011-05-28 12:17:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-05-28 12:17:20 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-05-28 12:17:17 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-05-28 12:17:17 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-05-28 12:12:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-05-28 11:56:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-05-28 11:56:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-05-28 11:56:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-28 11:56:02 -------- d-----w- C:\Users\MIKE\AppData\Local\Diagnostics
2011-05-28 11:55:21 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-28 11:55:04 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-05-28 11:54:18 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DSETUP.dll
2011-05-28 11:54:18 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DXSETUP.exe
2011-05-28 11:54:18 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\dsetup32.dll
2011-05-28 11:53:50 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc6A37.tmp
2011-05-28 11:53:42 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-05-28 11:53:24 -------- d-----w- C:\BOOK
2011-05-28 11:52:47 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2011-05-28 11:52:47 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-05-28 11:52:47 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
2011-05-28 11:52:44 -------- d-----w- C:\Users\MIKE\AppData\Local\Google
2011-05-28 11:51:50 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-28 11:51:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-28 11:51:50 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-05-28 11:51:50 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-28 11:51:49 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-05-28 11:48:12 -------- d-----w- C:\Users\MIKE\AppData\Local\ATI
2011-05-28 11:39:09 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-28 11:38:54 8362 ----a-w- C:\Windows\Suyin.reg
2011-05-28 11:38:54 626688 ----a-w- C:\Windows\Image.dll
2011-05-28 11:38:54 20480 ----a-w- C:\Windows\USB_VIDEO_REG.exe
2011-05-28 11:38:54 200704 ----a-w- C:\Windows\PLFSetI.exe
2011-05-28 11:38:54 1658880 ----a-w- C:\Windows\Acer Crystal Eye webcam.EXE
2011-05-28 11:38:15 -------- d-----w- C:\Program Files\Synaptics
2011-05-28 11:35:41 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-05-28 11:34:52 -------- d-----w- C:\Program Files\ATI
2011-05-28 11:34:49 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-05-28 11:33:31 -------- d-----w- C:\Users\MIKE\AppData\Local\EgisTec
2011-05-28 11:33:31 -------- d-----w- C:\ProgramData\EgisTec
.
==================== Find3M ====================
.
2011-05-28 17:26:37 902656 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 6:12:53.83 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Firefox::
FF - ProfilePath - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 26 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
SHIRTSHAPPEN60
2011-06-10, 14:54
Would I need the x86 download of Java, being that I have a 64 bit machine? The version you suggested says it's a 32 bit version. Mike
SHIRTSHAPPEN60
2011-06-10, 19:20
ComboFix 11-06-10.02 - MIKE 06/10/2011 9:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2550 [GMT -4:00]
Running from: c:\users\MIKE\Downloads\ComboFix.exe
Command switches used :: c:\users\MIKE\Desktop\CFSCRIPT.TXT.txt
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\tdsskiller\tdsskiller.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 13:35 . 2011-06-10 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 12:37 . 2011-06-10 12:37 -------- d-----w- c:\program files (x86)\ESET
2011-06-10 12:33 . 2011-06-10 12:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-10 12:31 . 2011-06-10 12:33 -------- d-----w- c:\program files (x86)\Java
2011-06-10 11:20 . 2011-05-24 23:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{861546F5-FF11-4B27-933F-C3217B314443}\mpengine.dll
2011-06-09 20:26 . 2011-06-10 13:30 -------- d-----w- C:\tdsskiller
2011-06-09 11:05 . 1999-03-06 01:15 74000 ----a-w- c:\windows\SysWow64\msrclr40.dll
2011-06-08 11:26 . 2011-06-08 15:31 -------- d-----w- c:\windows\system32\Wat
2011-06-08 11:03 . 2011-06-08 11:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-06-08 10:56 . 2011-06-08 10:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-07 23:53 . 2011-06-08 15:31 -------- d-----w- C:\e0134bf8781801ff23
2011-06-06 21:09 . 2011-06-07 14:46 -------- d-----w- C:\FONTZ
2011-06-05 12:49 . 2011-06-05 12:49 55816 ----a-w- c:\windows\CompGenCompGen2-uninstall.exe
2011-06-04 13:25 . 2011-06-04 13:25 952 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys
2011-06-04 13:24 . 2011-06-04 13:25 60423 ----a-w- c:\windows\TCompGenTCompGen-uninstall.exe
2011-06-03 13:21 . 2011-06-10 12:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-02 19:54 . 2011-06-02 19:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-31 18:26 . 2011-06-02 17:29 -------- d-----w- c:\program files (x86)\GCC
2011-05-31 14:24 . 1999-03-06 02:15 28944 ----a-w- c:\windows\SysWow64\msrecr40.dll
2011-05-30 21:01 . 2011-05-31 12:30 -------- d-----w- c:\program files\FreeFixer
2011-05-30 13:05 . 2011-05-30 14:32 -------- d-----w- c:\programdata\STOPzilla!
2011-05-30 11:01 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-30 11:01 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-30 11:01 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-30 11:01 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-30 11:01 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-30 11:01 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-30 11:01 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-30 11:01 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-30 11:01 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-30 11:01 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-29 11:19 . 2011-06-08 15:31 -------- d-----w- c:\users\MICHAEL
2011-05-28 19:46 . 2011-06-02 17:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-28 19:46 . 2011-05-29 11:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-28 19:07 . 2011-05-28 19:07 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 19:07 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 19:07 . 2011-06-02 17:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-28 19:07 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 17:26 . 2011-05-28 17:26 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-28 15:14 . 2009-08-21 18:31 347656 ----a-w- c:\windows\UNINST32.EXE
2011-05-28 15:13 . 2011-05-28 15:13 -------- d-----w- c:\windows\Lan
2011-05-28 15:13 . 2009-08-22 18:15 431104 ----a-w- c:\windows\WisMvImg.exe
2011-05-28 15:13 . 2009-08-04 13:52 159744 ----a-w- c:\windows\PatchFul.exe
2011-05-28 15:13 . 2009-02-13 08:33 249856 ----a-w- c:\windows\Wisi2Bat.exe
2011-05-28 15:13 . 2009-08-11 06:00 382976 ----a-w- c:\windows\WisGAPasx64.exe
2011-05-28 15:13 . 2009-05-25 18:27 335872 ----a-w- c:\windows\ParseModule_X64.exe
2011-05-28 15:13 . 2009-08-11 06:00 322048 ----a-w- c:\windows\WisGAPas.exe
2011-05-28 15:13 . 2009-05-25 18:27 225280 ----a-w- c:\windows\ParseModule_X86.exe
2011-05-28 14:56 . 2011-05-28 14:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 14:24 . 2011-05-28 14:24 -------- d-----w- c:\program files\CONEXANT
2011-05-28 14:07 . 2006-10-18 23:12 191488 ----a-w- c:\windows\SysWow64\hlvdd.dll
2011-05-28 14:06 . 2006-12-04 14:44 314368 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-05-28 14:06 . 2006-12-20 14:00 671112 ----a-w- c:\windows\SysWow64\hdinst_windows.dll
2011-05-28 14:06 . 2006-12-13 22:14 65024 ----a-w- c:\windows\system32\drivers\aksdf.sys
2011-05-28 14:06 . 2006-11-30 15:06 69632 ----a-w- c:\windows\SysWow64\hasp_inst_help1.dll
2011-05-28 14:06 . 2005-09-06 21:06 28672 ----a-w- c:\windows\SysWow64\hlduinst.exe
2011-05-28 14:06 . 2006-12-20 15:55 3066968 ----a-w- c:\windows\SysWow64\hinstd.dll
2011-05-28 14:06 . 2006-12-20 14:00 2511360 ----a-w- c:\windows\SysWow64\haspds_windows.dll
2011-05-28 14:06 . 1996-05-08 06:59 47104 ----a-w- c:\windows\SysWow64\D2htls32.dll
2011-05-28 14:06 . 1996-02-28 23:47 28976 ----a-w- c:\windows\SysWow64\D2HTOOLS.DLL
2011-05-28 14:02 . 2011-05-28 14:02 -------- d-----w- c:\windows\Cache
2011-05-28 13:54 . 2009-08-20 18:40 72192 ----a-w- c:\windows\SysWow64\GC33_c30UI.dll
2011-05-28 13:54 . 2009-08-20 18:39 60928 ----a-w- c:\windows\SysWow64\GC33_c30.dll
2011-05-28 13:53 . 2011-05-31 18:24 -------- d-----w- c:\windows\SysWow64\gcctemp
2011-05-28 13:29 . 2011-05-28 19:29 -------- d-----w- c:\program files (x86)\QuestScan
2011-05-28 13:29 . 2011-05-28 19:28 -------- d-----w- c:\programdata\QuestScan
2011-05-28 13:23 . 2011-05-28 13:23 -------- d-----w- c:\programdata\InstallShield
2011-05-28 13:20 . 2011-05-28 13:20 -------- d-----w- c:\program files (x86)\Corel
2011-05-28 13:20 . 2011-05-28 13:20 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-05-28 13:06 . 2010-07-30 17:30 309840 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-05-28 13:06 . 2010-07-30 17:24 1988176 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-05-28 13:06 . 2010-07-30 17:30 42576 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-05-28 13:05 . 2011-05-29 17:29 434670 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2011-05-28 13:05 . 2011-05-29 17:26 434670 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
2011-05-28 13:03 . 2011-05-28 13:03 -------- d-----w- c:\programdata\Trend Micro
2011-05-28 13:01 . 2011-05-28 13:03 -------- d-----w- c:\program files\Trend Micro
2011-05-28 12:54 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-28 12:47 . 2011-05-28 12:47 -------- d-----w- c:\programdata\NetZero
2011-05-28 12:17 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-05-28 12:17 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-05-28 12:17 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-05-28 12:17 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-28 12:12 . 2011-05-28 12:12 -------- d-----w- c:\programdata\OEM_E471269A730D
2011-05-28 11:56 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-05-28 11:56 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-05-28 11:56 . 2011-05-28 11:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-05-28 11:55 . 2011-05-28 11:55 -------- d-----w- c:\program files (x86)\Microsoft
2011-05-28 11:55 . 2011-05-28 11:55 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-05-28 11:54 . 2011-05-28 11:57 -------- d-----w- c:\program files (x86)\Windows Live
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- C:\BOOK
2011-05-28 11:52 . 2009-08-04 02:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2011-05-28 11:52 . 2009-08-04 02:34 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-05-28 11:52 . 2009-08-04 02:34 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2011-05-28 11:48 . 2011-05-28 11:48 -------- d-----w- c:\programdata\ATI
2011-05-28 11:42 . 2011-05-28 11:51 -------- d-----w- c:\programdata\CyberLink
2011-05-28 11:39 . 2011-05-28 11:39 -------- d-----w- c:\program files (x86)\Launch Manager
2011-05-28 11:38 . 2009-07-24 22:08 1658880 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE
2011-05-28 11:38 . 2009-07-24 19:44 8362 ----a-w- c:\windows\Suyin.reg
2011-05-28 11:38 . 2008-12-30 17:42 626688 ----a-w- c:\windows\Image.dll
2011-05-28 11:38 . 2008-07-29 23:29 200704 ----a-w- c:\windows\PLFSetI.exe
2011-05-28 11:38 . 2008-06-25 18:22 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe
2011-05-28 11:38 . 2011-05-28 11:38 -------- d-----w- c:\program files\Synaptics
2011-05-28 11:35 . 2011-05-28 11:35 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-05-28 11:34 . 2011-05-28 11:34 -------- d-----w- c:\program files\ATI
2011-05-28 11:34 . 2011-05-28 11:36 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-05-28 11:33 . 2011-05-28 11:33 -------- d-----w- c:\programdata\EgisTec
2011-05-28 11:30 . 2011-05-28 11:30 -------- d-----w- c:\program files\Preload
2011-05-28 11:30 . 2011-06-08 15:31 -------- d-----w- c:\users\MIKE
2011-05-28 11:30 . 2011-05-28 11:30 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-09_19.46.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 05:15 . 2011-06-10 12:17 40574 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-10 12:17 48372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-28 14:25 . 2011-06-09 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-28 14:25 . 2011-06-09 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-28 14:25 . 2011-06-09 10:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-28 14:25 . 2011-06-09 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-09 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-09 10:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-28 11:47 . 2011-06-10 12:17 5646 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4046252095-813805612-884677489-1000_UserData.bin
+ 2011-06-10 13:37 . 2011-06-10 13:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-09 19:45 . 2011-06-09 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-10 13:37 . 2011-06-10 13:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-09 19:45 . 2011-06-09 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-03 13:21 . 2011-06-03 13:20 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-06-10 12:33 . 2011-06-10 12:33 157472 c:\windows\SysWOW64\javaws.exe
- 2011-06-03 13:21 . 2011-06-03 13:20 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-06-10 12:33 . 2011-06-10 12:33 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-06-10 12:33 . 2011-06-10 12:33 145184 c:\windows\SysWOW64\java.exe
- 2011-06-03 13:21 . 2011-06-03 13:20 145184 c:\windows\SysWOW64\java.exe
+ 2009-07-14 05:12 . 2011-06-09 19:45 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-06-09 10:26 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-06-10 13:36 310956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-06-09 19:44 310956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-10 12:33 . 2011-06-10 12:33 183808 c:\windows\Installer\f818a.msi
+ 2011-06-10 12:30 . 2011-06-10 12:30 533504 c:\windows\Installer\f8181.msi
- 2011-05-29 18:26 . 2011-06-09 19:44 21314940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4046252095-813805612-884677489-1000-12288.dat
+ 2011-05-29 18:26 . 2011-06-10 13:36 21314940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4046252095-813805612-884677489-1000-12288.dat
+ 2011-04-14 10:53 . 2011-04-14 10:53 13818368 c:\windows\Installer\f8185.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-07-29 917768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-06-10 09:59:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 13:59
ComboFix2.txt 2011-06-09 19:53
.
Pre-Run: 269,376,548,864 bytes free
Post-Run: 269,056,667,648 bytes free
.
- - End Of File - - A445C7AD9566B614F95ED1D511A80F87
ESET LOG
C:\Qoobox\Quarantine\C\ProgramData\Acer\sp.Dll.vir a variant of Win32/TrojanProxy.Agent.NHB trojan
DDS
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by MIKE at 12:16:31 on 2011-06-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2095 [GMT -4:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5542&r=27360511g826l03f8z1h5t4881y738
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94F837FC-E677-49B3-9E6F-55B5C4226DD5} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\y6exvil2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-28 1153368]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-5-28 917768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
.
=============== Created Last 30 ================
.
2011-06-10 13:44:43 -------- d-----w- C:\$RECYCLE.BIN
2011-06-10 12:37:48 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-10 11:20:42 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{861546F5-FF11-4B27-933F-C3217B314443}\mpengine.dll
2011-06-09 20:26:11 -------- d-----w- C:\tdsskiller
2011-06-09 19:36:26 98816 ----a-w- C:\Windows\sed.exe
2011-06-09 19:36:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-09 19:36:26 256512 ----a-w- C:\Windows\PEV.exe
2011-06-09 19:36:26 208896 ----a-w- C:\Windows\MBR.exe
2011-06-09 11:05:16 74000 ----a-w- C:\Windows\SysWow64\msrclr40.dll
2011-06-08 11:26:11 -------- d-----w- C:\Windows\System32\Wat
2011-06-08 11:03:58 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-06-08 10:56:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-06-07 23:53:13 -------- d-----w- C:\e0134bf8781801ff23
2011-06-07 17:05:33 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-06 21:09:53 -------- d-----w- C:\FONTZ
2011-06-05 12:49:28 55816 ----a-w- C:\Windows\CompGenCompGen2-uninstall.exe
2011-06-04 13:25:35 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-06-04 13:24:41 60423 ----a-w- C:\Windows\TCompGenTCompGen-uninstall.exe
2011-06-03 13:21:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-02 19:54:40 388096 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-02 19:54:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-31 18:26:30 -------- d-----w- C:\Program Files (x86)\GCC
2011-05-31 14:24:49 28944 ----a-w- C:\Windows\SysWow64\msrecr40.dll
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Roaming\FreeFixer
2011-05-30 21:01:24 -------- d-----w- C:\Users\MIKE\AppData\Local\FreeFixer
2011-05-30 21:01:17 -------- d-----w- C:\Program Files\FreeFixer
2011-05-30 13:05:46 -------- d-----w- C:\ProgramData\STOPzilla!
2011-05-30 11:01:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-05-30 11:01:53 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-05-30 11:01:53 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-30 11:01:53 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-05-30 11:01:53 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-05-30 11:01:53 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-05-30 11:01:53 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-05-30 11:01:53 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-30 11:01:53 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-05-30 11:01:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-29 12:54:12 -------- d-----w- C:\Windows\pss
2011-05-28 19:46:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-28 19:46:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-28 19:07:42 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Malwarebytes
2011-05-28 19:07:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 19:07:30 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-28 19:07:27 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 19:07:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 17:26:37 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-28 17:20:14 -------- d-----w- C:\Users\MIKE\AppData\Local\ElevatedDiagnostics
2011-05-28 15:13:50 -------- d-----w- C:\Windows\Lan
2011-05-28 15:13:11 431104 ----a-w- C:\Windows\WisMvImg.exe
2011-05-28 15:13:11 249856 ----a-w- C:\Windows\Wisi2Bat.exe
2011-05-28 15:13:11 159744 ----a-w- C:\Windows\PatchFul.exe
2011-05-28 15:13:10 382976 ----a-w- C:\Windows\WisGAPasx64.exe
2011-05-28 15:13:10 335872 ----a-w- C:\Windows\ParseModule_X64.exe
2011-05-28 15:13:09 322048 ----a-w- C:\Windows\WisGAPas.exe
2011-05-28 15:13:09 225280 ----a-w- C:\Windows\ParseModule_X86.exe
2011-05-28 14:56:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 14:28:21 -------- d-----w- C:\Users\MIKE\AppData\Local\Adobe
2011-05-28 14:24:05 -------- d-----w- C:\Program Files\CONEXANT
2011-05-28 14:07:33 -------- d-----w- C:\Users\MIKE\AppData\Roaming\EUROSYSTEMS
2011-05-28 14:07:02 191488 ----a-w- C:\Windows\SysWow64\hlvdd.dll
2011-05-28 14:06:56 314368 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2011-05-28 14:06:47 69632 ----a-w- C:\Windows\SysWow64\hasp_inst_help1.dll
2011-05-28 14:06:47 671112 ----a-w- C:\Windows\SysWow64\hdinst_windows.dll
2011-05-28 14:06:47 65024 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2011-05-28 14:06:47 28672 ----a-w- C:\Windows\SysWow64\hlduinst.exe
2011-05-28 14:06:46 3066968 ----a-w- C:\Windows\SysWow64\hinstd.dll
2011-05-28 14:06:46 2511360 ----a-w- C:\Windows\SysWow64\haspds_windows.dll
2011-05-28 14:06:32 47104 ----a-w- C:\Windows\SysWow64\D2htls32.dll
2011-05-28 14:06:32 28976 ----a-w- C:\Windows\SysWow64\D2HTOOLS.DLL
2011-05-28 14:02:47 -------- d-----w- C:\Windows\Cache
2011-05-28 13:54:23 72192 ----a-w- C:\Windows\SysWow64\GC33_c30UI.dll
2011-05-28 13:54:23 60928 ----a-w- C:\Windows\SysWow64\GC33_c30.dll
2011-05-28 13:53:52 -------- d-----w- C:\Windows\SysWow64\gcctemp
2011-05-28 13:29:17 -------- d-----w- C:\ProgramData\QuestScan
2011-05-28 13:29:17 -------- d-----w- C:\Program Files (x86)\QuestScan
2011-05-28 13:23:40 65536 ----a-r- C:\Users\MIKE\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Corel
2011-05-28 13:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-05-28 13:06:52 309840 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys
2011-05-28 13:06:52 1988176 ----a-w- C:\Windows\System32\drivers\vsapint.sys
2011-05-28 13:06:51 42576 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin
2011-05-28 13:05:09 434670 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin
2011-05-28 13:03:06 -------- d-----w- C:\ProgramData\Trend Micro
2011-05-28 13:01:11 -------- d-----w- C:\Program Files\Trend Micro
2011-05-28 12:54:28 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-28 12:47:40 -------- d-----w- C:\ProgramData\NetZero
2011-05-28 12:23:25 -------- d-----w- C:\Users\MIKE\AppData\Roaming\Acer
2011-05-28 12:17:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-05-28 12:17:20 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-05-28 12:17:17 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-05-28 12:17:17 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-05-28 12:12:47 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-05-28 11:56:34 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-05-28 11:56:34 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-05-28 11:56:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-28 11:56:02 -------- d-----w- C:\Users\MIKE\AppData\Local\Diagnostics
2011-05-28 11:55:21 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-28 11:55:04 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-05-28 11:54:18 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DSETUP.dll
2011-05-28 11:54:18 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\DXSETUP.exe
2011-05-28 11:54:18 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f9a7e7661cc1d2d\dsetup32.dll
2011-05-28 11:53:50 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc6A37.tmp
2011-05-28 11:53:42 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-05-28 11:53:24 -------- d-----w- C:\BOOK
2011-05-28 11:52:47 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2011-05-28 11:52:47 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-05-28 11:52:47 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
2011-05-28 11:52:44 -------- d-----w- C:\Users\MIKE\AppData\Local\Google
2011-05-28 11:51:50 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-05-28 11:51:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-05-28 11:51:50 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-05-28 11:51:50 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-05-28 11:51:49 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-05-28 11:48:12 -------- d-----w- C:\Users\MIKE\AppData\Local\ATI
2011-05-28 11:39:09 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-28 11:38:54 8362 ----a-w- C:\Windows\Suyin.reg
2011-05-28 11:38:54 626688 ----a-w- C:\Windows\Image.dll
2011-05-28 11:38:54 20480 ----a-w- C:\Windows\USB_VIDEO_REG.exe
2011-05-28 11:38:54 200704 ----a-w- C:\Windows\PLFSetI.exe
2011-05-28 11:38:54 1658880 ----a-w- C:\Windows\Acer Crystal Eye webcam.EXE
2011-05-28 11:38:15 -------- d-----w- C:\Program Files\Synaptics
2011-05-28 11:35:41 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-05-28 11:34:52 -------- d-----w- C:\Program Files\ATI
2011-05-28 11:34:49 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-05-28 11:33:31 -------- d-----w- C:\Users\MIKE\AppData\Local\EgisTec
2011-05-28 11:33:31 -------- d-----w- C:\ProgramData\EgisTec
.
==================== Find3M ====================
.
2011-05-28 17:26:37 902656 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 12:17:40.21 ===============
Hi,
Would I need the x86 download of Java, being that I have a 64 bit machine? The version you suggested says it's a 32 bit version.
32-bit version is generally better supported. 64-bit version works only with 64-bit web browser. I recommend 32-bit version if you need to run Java applications in Firefox.
Hi,
Were you able to get Java installed? Please post fresh dds logs and let me know how's the system running.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.