zenapp
2011-08-01, 18:43
Hello guys,
MY other message was closed - I hope this one is OK :> Edit: http://forums.spybot.info/showthread.php?t=63508
Im struggling with this I have one or two rootkit types / malware trojans that i cant get rid of.
- I use tried Mcafee, im registered through sky they give me it with the internet sub
- I have tried Spybot S&D
- I have tried Malwarebytes programme too
Some symptoms -
1) win32.FraudLoad.edt (S&D found it)
2) win32.Palevo (S&D found it)
3) windows security centre disabled (S&D found it)
4) There is something in internet explorer because it often opens up a random page instead of the one ive clicked on, often when I look in history the computers been using the internet to visit sites that I havent been to mainly casino adverts and banner sites etc..
5) When I try and load Spybot S&D it sometimes tells me there is no Disk, please insert disk into drive!, I eventually manage to get around it but looks like somethings messing with it.
6) Mcaffee often switches itself off completely
7) Mcaffee sometimes switches off parts of the programme not completely just some parts
8)Ive found now to my misery that ebay is been interfered with by the Spybot S&D! Maybe just a side effect of using the software but its annoying because it blocks me selling anything.
OK, here are the log files.
Thanks so much in advance
ZEN
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Trebonia at 17:37:05 on 2011-08-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1024.225 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe
C:\Users\Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110725094451.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ANT Agent] c:\program files\garmin\ant agent\ant_agent\ANT Agent.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 9\MMReminderService.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\trebonia\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\trebonia\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1E095882-6C1B-4F26-BBEB-6779D0024595} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30C4CED7-C025-4E07-BF43-92DCEF3AE692} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-25 165032]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-7-30 20216]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-25 64584]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-8-1 38504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-24 148520]
R2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-8-1 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-8-1 1060272]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-8-1 909224]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-25 56064]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-5-13 35776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-25 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-25 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-25 314088]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-7-24 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-8-1 169624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-25 84488]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-26 1343400]
.
=============== Created Last 30 ================
.
2011-08-01 15:22:50 -------- d-----w- c:\program files\MSXML 4.0
2011-08-01 14:43:18 -------- d-----w- C:\ProcAlyzer Dumps
2011-08-01 12:17:11 -------- d-----w- c:\users\trebonia\appdata\roaming\Malwarebytes
2011-08-01 12:17:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 12:17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 12:16:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 12:16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 11:09:36 -------- d-----w- c:\windows\system32\RTCOM
2011-08-01 11:05:28 -------- d--h--w- c:\program files\Temp
2011-08-01 11:05:26 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-01 11:05:14 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-08-01 11:05:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-08-01 11:05:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-08-01 11:05:14 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-08-01 11:05:14 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-08-01 11:05:14 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-08-01 11:05:08 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-08-01 11:05:07 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-08-01 10:48:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 10:47:26 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-08-01 10:47:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-08-01 10:43:10 -------- d-----w- c:\program files\Safer Networking
2011-08-01 09:50:06 -------- d-----w- c:\users\trebonia\appdata\local\Apps
2011-08-01 09:26:48 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 09:06:25 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-07-31 20:02:32 -------- d-----w- c:\windows\AutoKMS
2011-07-31 19:48:10 183296 ----a-w- c:\windows\Shiwya.exe
2011-07-31 19:47:49 75776 --sha-r- c:\windows\system32\credwizq.dll
2011-07-31 19:31:24 -------- d-----w- c:\users\trebonia\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 19:22:57 -------- d-----w- c:\program files\BitTorrent
2011-07-31 19:22:23 -------- d-----w- c:\users\trebonia\appdata\roaming\BitTorrent
2011-07-31 17:36:02 -------- d-----w- c:\users\trebonia\appdata\local\Nero_AG
2011-07-31 17:35:17 -------- d-----w- c:\users\trebonia\appdata\local\Nero
2011-07-31 17:22:31 -------- d-----w- c:\program files\Nero
2011-07-31 17:22:10 -------- d-----w- c:\programdata\Nero
2011-07-31 17:21:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-31 17:20:53 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-31 17:20:31 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-31 17:20:08 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-07-31 17:19:44 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-07-31 09:46:22 -------- d-----w- c:\users\trebonia\appdata\roaming\Foxit Software
2011-07-30 19:30:10 -------- d-----w- c:\users\trebonia\appdata\roaming\Dropbox
2011-07-30 19:25:29 -------- d-----w- c:\users\trebonia\appdata\local\Google
2011-07-30 19:22:13 -------- d-----w- c:\program files\HWiNFO32
2011-07-30 18:06:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-30 18:06:42 50688 ----a-w- c:\windows\system32\ff_acm.acm
2011-07-30 18:06:40 -------- d-----w- c:\program files\ffdshow
2011-07-30 18:03:26 -------- d-----w- c:\program files\TVersity Codec Pack
2011-07-30 18:02:23 -------- d-----w- c:\programdata\TVersity
2011-07-30 18:00:53 -------- d-----w- c:\program files\VideoLAN
2011-07-30 17:59:08 70984 ----a-r- c:\users\trebonia\appdata\roaming\microsoft\installer\{72d56900-e9ab-4fb5-9f61-b70f89c0f16d}\ARPPRODUCTICON.exe
2011-07-30 17:58:54 -------- d-----w- c:\users\trebonia\appdata\local\Downloaded Installations
2011-07-30 17:55:26 -------- d-----w- c:\users\trebonia\appdata\local\Mindjet
2011-07-30 17:54:41 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2011-07-30 17:54:38 258352 ----a-w- c:\windows\system32\unicows.dll
2011-07-30 17:53:17 -------- d-----w- c:\programdata\Mindjet
2011-07-30 17:52:29 -------- d-----w- c:\program files\Mindjet
2011-07-30 17:51:37 -------- d-----w- c:\program files\CONEXANT
2011-07-30 17:51:04 -------- d-----w- c:\users\trebonia\appdata\local\{B466D993-193A-4641-BD61-AA0DBB63C1F1}
2011-07-30 17:50:26 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-07-30 17:50:26 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-30 17:50:26 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-07-30 17:44:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-30 17:39:41 -------- d-----w- c:\programdata\Credant
2011-07-30 10:41:37 -------- d-----w- c:\programdata\Ant
2011-07-30 09:58:41 -------- d-----w- c:\users\trebonia\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-07-30 09:49:12 -------- d-----w- c:\users\trebonia\appdata\local\Adobe
2011-07-26 05:52:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-26 05:14:55 -------- d-----w- c:\windows\system32\Wat
2011-07-25 18:58:57 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-25 18:54:12 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-25 18:54:11 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-25 18:54:11 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-25 18:54:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-25 18:54:07 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-25 18:53:02 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-25 18:52:44 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-25 18:52:44 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-25 18:52:35 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-25 18:51:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-25 18:50:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-25 18:50:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-25 18:43:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-07-25 18:43:22 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-07-25 18:43:21 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-07-25 18:39:39 -------- d-----w- c:\windows\PCHEALTH
2011-07-25 18:37:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-25 18:36:33 -------- d-----w- c:\users\trebonia\appdata\local\Microsoft Help
2011-07-25 18:34:59 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-07-25 18:34:59 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-07-25 18:34:55 850944 ----a-w- c:\windows\system32\sbe.dll
2011-07-25 18:34:55 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-07-25 18:34:51 2616320 ----a-w- c:\windows\explorer.exe
2011-07-25 18:34:47 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-25 18:34:45 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-25 18:34:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-25 18:34:42 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-25 18:34:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-25 18:34:23 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-07-25 18:33:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-25 18:33:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-25 18:33:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-25 18:33:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-25 18:33:35 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-25 18:26:15 -------- d-----w- c:\windows\system32\appmgmt
2011-07-25 14:38:37 -------- d-----w- c:\users\trebonia\appdata\local\Diagnostics
2011-07-25 08:58:57 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-07-25 08:51:52 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-25 08:47:33 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-25 08:44:50 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-07-25 08:44:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-07-25 08:44:16 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-07-25 08:44:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-07-25 08:44:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-07-25 08:44:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-07-25 08:44:16 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-07-25 08:44:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-07-25 08:44:08 -------- d-----w- c:\program files\common files\Mcafee
2011-07-25 08:44:07 -------- d-----w- c:\program files\McAfee.com
2011-07-25 08:44:05 -------- d-----w- c:\program files\McAfee
2011-07-25 06:15:09 -------- d-----w- c:\windows\Panther
2011-07-24 23:03:03 -------- d-----w- c:\program files\Foxit Software
2011-07-24 22:43:23 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-07-24 22:43:23 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-07-24 22:33:05 -------- d-----w- c:\users\trebonia\appdata\roaming\GARMIN
2011-07-24 22:28:42 -------- d-----w- c:\program files\Garmin
2011-07-24 22:28:36 -------- d-sh--w- c:\windows\Installer
2011-07-24 22:27:11 -------- d-----w- c:\program files\Audacity
2011-07-24 22:26:28 -------- d-----w- c:\program files\XemiComputers
2011-07-24 21:49:16 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4fc1cad6-8dcf-49fd-9483-b2037c953706}\mpengine.dll
2011-07-24 21:49:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-24 21:39:10 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-07-24 21:29:44 -------- d-----w- C:\Open University
2011-07-24 21:24:01 215040 ----a-w- c:\windows\system32\drivers\sis163u.sys
2011-07-24 21:17:41 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-07-07 18:46:16 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 16:39:06 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-06 20:42:46 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 12:27:00 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-01 13:05:42 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 15:14:54 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 13:53:36 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 13:53:30 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-17 18:45:12 41984 ----a-w- c:\windows\system32\AntUsbCIv1.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-31 08:42:06 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 08:42:06 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 08:42:06 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 08:42:06 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 08:42:06 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 08:42:06 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 08:42:06 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 08:42:06 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 08:42:06 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 08:42:06 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-13 19:35:22 67008 ----a-w- c:\windows\system32\libusb0.dll
2011-05-13 19:35:22 35776 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-05-05 14:24:00 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
============= FINISH: 17:38:44.71 ===============
MY other message was closed - I hope this one is OK :> Edit: http://forums.spybot.info/showthread.php?t=63508
Im struggling with this I have one or two rootkit types / malware trojans that i cant get rid of.
- I use tried Mcafee, im registered through sky they give me it with the internet sub
- I have tried Spybot S&D
- I have tried Malwarebytes programme too
Some symptoms -
1) win32.FraudLoad.edt (S&D found it)
2) win32.Palevo (S&D found it)
3) windows security centre disabled (S&D found it)
4) There is something in internet explorer because it often opens up a random page instead of the one ive clicked on, often when I look in history the computers been using the internet to visit sites that I havent been to mainly casino adverts and banner sites etc..
5) When I try and load Spybot S&D it sometimes tells me there is no Disk, please insert disk into drive!, I eventually manage to get around it but looks like somethings messing with it.
6) Mcaffee often switches itself off completely
7) Mcaffee sometimes switches off parts of the programme not completely just some parts
8)Ive found now to my misery that ebay is been interfered with by the Spybot S&D! Maybe just a side effect of using the software but its annoying because it blocks me selling anything.
OK, here are the log files.
Thanks so much in advance
ZEN
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Trebonia at 17:37:05 on 2011-08-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1024.225 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mindjet\MindManager 9\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe
C:\Users\Trebonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110725094451.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ANT Agent] c:\program files\garmin\ant agent\ant_agent\ANT Agent.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 9\MMReminderService.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\trebonia\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\trebonia\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1E095882-6C1B-4F26-BBEB-6779D0024595} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30C4CED7-C025-4E07-BF43-92DCEF3AE692} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-7-25 165032]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-7-30 20216]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-25 64584]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-8-1 38504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-24 148520]
R2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-8-1 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-8-1 1060272]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-8-1 909224]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-25 56064]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-5-13 35776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-25 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-25 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-25 314088]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-7-24 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-8-1 169624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-25 84488]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-26 1343400]
.
=============== Created Last 30 ================
.
2011-08-01 15:22:50 -------- d-----w- c:\program files\MSXML 4.0
2011-08-01 14:43:18 -------- d-----w- C:\ProcAlyzer Dumps
2011-08-01 12:17:11 -------- d-----w- c:\users\trebonia\appdata\roaming\Malwarebytes
2011-08-01 12:17:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 12:17:02 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 12:16:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 12:16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 11:09:36 -------- d-----w- c:\windows\system32\RTCOM
2011-08-01 11:05:28 -------- d--h--w- c:\program files\Temp
2011-08-01 11:05:26 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-01 11:05:14 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-08-01 11:05:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-08-01 11:05:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-08-01 11:05:14 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-08-01 11:05:14 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-08-01 11:05:14 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-08-01 11:05:08 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-08-01 11:05:07 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-08-01 10:48:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 10:47:26 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-08-01 10:47:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-08-01 10:43:10 -------- d-----w- c:\program files\Safer Networking
2011-08-01 09:50:06 -------- d-----w- c:\users\trebonia\appdata\local\Apps
2011-08-01 09:26:48 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 09:06:25 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-07-31 20:02:32 -------- d-----w- c:\windows\AutoKMS
2011-07-31 19:48:10 183296 ----a-w- c:\windows\Shiwya.exe
2011-07-31 19:47:49 75776 --sha-r- c:\windows\system32\credwizq.dll
2011-07-31 19:31:24 -------- d-----w- c:\users\trebonia\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 19:22:57 -------- d-----w- c:\program files\BitTorrent
2011-07-31 19:22:23 -------- d-----w- c:\users\trebonia\appdata\roaming\BitTorrent
2011-07-31 17:36:02 -------- d-----w- c:\users\trebonia\appdata\local\Nero_AG
2011-07-31 17:35:17 -------- d-----w- c:\users\trebonia\appdata\local\Nero
2011-07-31 17:22:31 -------- d-----w- c:\program files\Nero
2011-07-31 17:22:10 -------- d-----w- c:\programdata\Nero
2011-07-31 17:21:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-31 17:20:53 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-31 17:20:31 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-31 17:20:08 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-07-31 17:19:44 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-07-31 09:46:22 -------- d-----w- c:\users\trebonia\appdata\roaming\Foxit Software
2011-07-30 19:30:10 -------- d-----w- c:\users\trebonia\appdata\roaming\Dropbox
2011-07-30 19:25:29 -------- d-----w- c:\users\trebonia\appdata\local\Google
2011-07-30 19:22:13 -------- d-----w- c:\program files\HWiNFO32
2011-07-30 18:06:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-30 18:06:42 50688 ----a-w- c:\windows\system32\ff_acm.acm
2011-07-30 18:06:40 -------- d-----w- c:\program files\ffdshow
2011-07-30 18:03:26 -------- d-----w- c:\program files\TVersity Codec Pack
2011-07-30 18:02:23 -------- d-----w- c:\programdata\TVersity
2011-07-30 18:00:53 -------- d-----w- c:\program files\VideoLAN
2011-07-30 17:59:08 70984 ----a-r- c:\users\trebonia\appdata\roaming\microsoft\installer\{72d56900-e9ab-4fb5-9f61-b70f89c0f16d}\ARPPRODUCTICON.exe
2011-07-30 17:58:54 -------- d-----w- c:\users\trebonia\appdata\local\Downloaded Installations
2011-07-30 17:55:26 -------- d-----w- c:\users\trebonia\appdata\local\Mindjet
2011-07-30 17:54:41 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2011-07-30 17:54:38 258352 ----a-w- c:\windows\system32\unicows.dll
2011-07-30 17:53:17 -------- d-----w- c:\programdata\Mindjet
2011-07-30 17:52:29 -------- d-----w- c:\program files\Mindjet
2011-07-30 17:51:37 -------- d-----w- c:\program files\CONEXANT
2011-07-30 17:51:04 -------- d-----w- c:\users\trebonia\appdata\local\{B466D993-193A-4641-BD61-AA0DBB63C1F1}
2011-07-30 17:50:26 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-07-30 17:50:26 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-30 17:50:26 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-07-30 17:44:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-30 17:39:41 -------- d-----w- c:\programdata\Credant
2011-07-30 10:41:37 -------- d-----w- c:\programdata\Ant
2011-07-30 09:58:41 -------- d-----w- c:\users\trebonia\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-07-30 09:49:12 -------- d-----w- c:\users\trebonia\appdata\local\Adobe
2011-07-26 05:52:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-26 05:14:55 -------- d-----w- c:\windows\system32\Wat
2011-07-25 18:58:57 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-25 18:54:12 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-25 18:54:11 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-25 18:54:11 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-25 18:54:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-25 18:54:07 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-25 18:53:02 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-25 18:52:44 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-25 18:52:44 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-25 18:52:35 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-25 18:51:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-25 18:50:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-25 18:50:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-25 18:43:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-07-25 18:43:22 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-07-25 18:43:21 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-07-25 18:39:39 -------- d-----w- c:\windows\PCHEALTH
2011-07-25 18:37:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-25 18:36:33 -------- d-----w- c:\users\trebonia\appdata\local\Microsoft Help
2011-07-25 18:34:59 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-07-25 18:34:59 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-07-25 18:34:55 850944 ----a-w- c:\windows\system32\sbe.dll
2011-07-25 18:34:55 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-07-25 18:34:51 2616320 ----a-w- c:\windows\explorer.exe
2011-07-25 18:34:47 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-25 18:34:45 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-25 18:34:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-25 18:34:42 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-25 18:34:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-25 18:34:23 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-07-25 18:33:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-25 18:33:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-25 18:33:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-25 18:33:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-25 18:33:35 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-07-25 18:26:15 -------- d-----w- c:\windows\system32\appmgmt
2011-07-25 14:38:37 -------- d-----w- c:\users\trebonia\appdata\local\Diagnostics
2011-07-25 08:58:57 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-07-25 08:51:52 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-25 08:47:33 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-25 08:44:50 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-07-25 08:44:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-07-25 08:44:16 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-07-25 08:44:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-07-25 08:44:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-07-25 08:44:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-07-25 08:44:16 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-07-25 08:44:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-07-25 08:44:08 -------- d-----w- c:\program files\common files\Mcafee
2011-07-25 08:44:07 -------- d-----w- c:\program files\McAfee.com
2011-07-25 08:44:05 -------- d-----w- c:\program files\McAfee
2011-07-25 06:15:09 -------- d-----w- c:\windows\Panther
2011-07-24 23:03:03 -------- d-----w- c:\program files\Foxit Software
2011-07-24 22:43:23 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-07-24 22:43:23 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-07-24 22:33:05 -------- d-----w- c:\users\trebonia\appdata\roaming\GARMIN
2011-07-24 22:28:42 -------- d-----w- c:\program files\Garmin
2011-07-24 22:28:36 -------- d-sh--w- c:\windows\Installer
2011-07-24 22:27:11 -------- d-----w- c:\program files\Audacity
2011-07-24 22:26:28 -------- d-----w- c:\program files\XemiComputers
2011-07-24 21:49:16 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4fc1cad6-8dcf-49fd-9483-b2037c953706}\mpengine.dll
2011-07-24 21:49:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-24 21:39:10 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-07-24 21:29:44 -------- d-----w- C:\Open University
2011-07-24 21:24:01 215040 ----a-w- c:\windows\system32\drivers\sis163u.sys
2011-07-24 21:17:41 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-07-07 18:46:16 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 16:39:06 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-06 20:42:46 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 12:27:00 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-01 13:05:42 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 15:14:54 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 13:53:36 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 13:53:30 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-17 18:45:12 41984 ----a-w- c:\windows\system32\AntUsbCIv1.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-31 08:42:06 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 08:42:06 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 08:42:06 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 08:42:06 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 08:42:06 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 08:42:06 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 08:42:06 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 08:42:06 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 08:42:06 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 08:42:06 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-13 19:35:22 67008 ----a-w- c:\windows\system32\libusb0.dll
2011-05-13 19:35:22 35776 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-05-05 14:24:00 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
============= FINISH: 17:38:44.71 ===============