waveking
2011-08-07, 19:26
Hi,
recently, ad popups started opening in my internet explorer and I knew something was wrong. I ran SpyBot and got the below issues found, but spybot is not able to clean them.
Win32.FraudLoad.edt: [SBI $666C83D9] Data (File, nothing done)
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.edt: [SBI $62B0666F] Autorun settings (INI File (Delete Key), nothing done)
For the moment I found a task added in my windows scheduler, which is executing an exe in Windows, which I have disabled in the task, but I would want to clean this mess up.
My dss logs are below and attached. Please help :(
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by saurabh at 21:38:43 on 2011-08-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3067.1456 [GMT 5.5:30]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\ChgService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\FsUsbExService.Exe
D:\Program Files\GBPVR\GBPVRRecordingService.exe
D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
D:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
D:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
D:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
uRun: [Google Update] "c:\users\saurabh\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [<NO NAME>]
uRun: [AdobeBridge]
uRun: [TouchFreeze] d:\program files\touchfreeze\TouchFreeze.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe
uRun: [8DDYX0ZBPZ] c:\users\saurabh\appdata\local\temp\Lsw.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [VMware hqtray] "d:\program files\vmware\vmware player\hqtray.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iCall Internet Phone] "d:\program files\icall\iCall.exe" /startup
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [HTC Sync Loader] "d:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [UnlockerAssistant] "d:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - c:\users\saurabh\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\saurabh\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: d:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: avanade.com\connect
Trusted Zone: microsoft.com\office
Trusted Zone: ultimatix.net\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\saurabh\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\saurabh\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\saurabh\appdata\local\temp\ixp000.tmp\InstallerControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://supportapj.dell.com/systemprofiler/SysProExe.CAB
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - c:\users\saurabh\appdata\local\temp\f5tmp\f5InspectionHost.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {84197FFA-D750-4B68-B80C-C3ECF1F1EEBF} - hxxps://mylearning.accenture.com/codebase/SDHHPXY.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://asia-ml03.asia.csc.com/dwa8W.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://access.humana.com/prx/000/http/rasweb.humana.com/rdp/TerminalSvcsTCS.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\saurabh\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\saurabh\appdata\local\temp\f5tmp\urxhost.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://apa-bang6-extranet.accenture.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} - hxxps://mylearning.accenture.com/codebase/SDWAPI.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\2435E4C4F51405 : DhcpNameServer = 10.7.111.230
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\84F6D656E45647 : DhcpNameServer = 208.67.222.222
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\B65736868616C637 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: d:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\saurabh\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\saurabh\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-20 47640]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\drivers\ITECIRfilter.sys [2011-3-22 23656]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-9 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-9 280096]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-8 29736]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-1-14 105984]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2011-4-30 13952]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2011-2-6 20080]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
.
=============== Created Last 30 ================
.
2011-08-07 05:36:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-07 05:31:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-08-07 02:32:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-07 02:32:01 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-06 06:09:32 181248 ----a-w- c:\windows\Ltohea.exe
2011-08-06 02:59:21 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b41a4226-edef-4c41-a47e-cbaad4455e23}\mpengine.dll
2011-07-31 04:15:16 -------- d-----w- c:\users\saurabh\appdata\roaming\Scooter Software
2011-07-26 12:59:02 -------- d-----w- c:\users\saurabh\appdata\local\TSVNCache
2011-07-26 12:50:42 -------- d-----w- c:\users\saurabh\appdata\roaming\TortoiseSVN
2011-07-26 12:47:18 -------- d-----w- c:\users\saurabh\appdata\roaming\Subversion
2011-07-26 12:17:23 -------- d-----w- c:\program files\common files\TortoiseOverlays
2011-07-26 04:56:36 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-07-26 04:56:36 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-07-26 04:54:55 -------- d-----w- c:\program files\Juniper Networks
2011-07-26 04:54:02 -------- d-----w- c:\users\saurabh\appdata\roaming\Juniper Networks
2011-07-25 13:34:04 -------- d-----w- C:\dell
2011-07-23 01:47:33 -------- d-----w- c:\users\saurabh\appdata\roaming\FLV Extract
2011-07-15 18:53:16 -------- d-----w- c:\program files\Sonic Foundry
2011-07-15 18:53:13 -------- d-----w- c:\program files\DebugMode
2011-07-14 00:44:46 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 09:57:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2011-06-20 01:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 13:44:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-12 07:38:14 22632 ----a-w- c:\windows\system32\drivers\TsLwWfF.sys
.
============= FINISH: 21:40:25.32 ===============
recently, ad popups started opening in my internet explorer and I knew something was wrong. I ran SpyBot and got the below issues found, but spybot is not able to clean them.
Win32.FraudLoad.edt: [SBI $666C83D9] Data (File, nothing done)
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.edt: [SBI $62B0666F] Autorun settings (INI File (Delete Key), nothing done)
For the moment I found a task added in my windows scheduler, which is executing an exe in Windows, which I have disabled in the task, but I would want to clean this mess up.
My dss logs are below and attached. Please help :(
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by saurabh at 21:38:43 on 2011-08-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3067.1456 [GMT 5.5:30]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\ChgService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\FsUsbExService.Exe
D:\Program Files\GBPVR\GBPVRRecordingService.exe
D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
D:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
D:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
D:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
uRun: [Google Update] "c:\users\saurabh\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [<NO NAME>]
uRun: [AdobeBridge]
uRun: [TouchFreeze] d:\program files\touchfreeze\TouchFreeze.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe
uRun: [8DDYX0ZBPZ] c:\users\saurabh\appdata\local\temp\Lsw.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [VMware hqtray] "d:\program files\vmware\vmware player\hqtray.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iCall Internet Phone] "d:\program files\icall\iCall.exe" /startup
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [HTC Sync Loader] "d:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [UnlockerAssistant] "d:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - c:\users\saurabh\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\saurabh\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: d:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: avanade.com\connect
Trusted Zone: microsoft.com\office
Trusted Zone: ultimatix.net\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\saurabh\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\saurabh\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\saurabh\appdata\local\temp\ixp000.tmp\InstallerControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://supportapj.dell.com/systemprofiler/SysProExe.CAB
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - c:\users\saurabh\appdata\local\temp\f5tmp\f5InspectionHost.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {84197FFA-D750-4B68-B80C-C3ECF1F1EEBF} - hxxps://mylearning.accenture.com/codebase/SDHHPXY.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://asia-ml03.asia.csc.com/dwa8W.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://access.humana.com/prx/000/http/rasweb.humana.com/rdp/TerminalSvcsTCS.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\saurabh\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\saurabh\appdata\local\temp\f5tmp\urxhost.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://apa-bang6-extranet.accenture.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} - hxxps://mylearning.accenture.com/codebase/SDWAPI.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\2435E4C4F51405 : DhcpNameServer = 10.7.111.230
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\84F6D656E45647 : DhcpNameServer = 208.67.222.222
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\B65736868616C637 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: d:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\saurabh\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\saurabh\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-20 47640]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\drivers\ITECIRfilter.sys [2011-3-22 23656]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-9 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-9 280096]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-8 29736]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-1-14 105984]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2011-4-30 13952]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2011-2-6 20080]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
.
=============== Created Last 30 ================
.
2011-08-07 05:36:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-07 05:31:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-08-07 02:32:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-07 02:32:01 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-06 06:09:32 181248 ----a-w- c:\windows\Ltohea.exe
2011-08-06 02:59:21 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b41a4226-edef-4c41-a47e-cbaad4455e23}\mpengine.dll
2011-07-31 04:15:16 -------- d-----w- c:\users\saurabh\appdata\roaming\Scooter Software
2011-07-26 12:59:02 -------- d-----w- c:\users\saurabh\appdata\local\TSVNCache
2011-07-26 12:50:42 -------- d-----w- c:\users\saurabh\appdata\roaming\TortoiseSVN
2011-07-26 12:47:18 -------- d-----w- c:\users\saurabh\appdata\roaming\Subversion
2011-07-26 12:17:23 -------- d-----w- c:\program files\common files\TortoiseOverlays
2011-07-26 04:56:36 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-07-26 04:56:36 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-07-26 04:54:55 -------- d-----w- c:\program files\Juniper Networks
2011-07-26 04:54:02 -------- d-----w- c:\users\saurabh\appdata\roaming\Juniper Networks
2011-07-25 13:34:04 -------- d-----w- C:\dell
2011-07-23 01:47:33 -------- d-----w- c:\users\saurabh\appdata\roaming\FLV Extract
2011-07-15 18:53:16 -------- d-----w- c:\program files\Sonic Foundry
2011-07-15 18:53:13 -------- d-----w- c:\program files\DebugMode
2011-07-14 00:44:46 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 09:57:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2011-06-20 01:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 13:44:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-12 07:38:14 22632 ----a-w- c:\windows\system32\drivers\TsLwWfF.sys
.
============= FINISH: 21:40:25.32 ===============