PDA

View Full Version : Win32.FraudLoad.edt found, and SpyBot not able to remove.



waveking
2011-08-07, 19:26
Hi,
recently, ad popups started opening in my internet explorer and I knew something was wrong. I ran SpyBot and got the below issues found, but spybot is not able to clean them.

Win32.FraudLoad.edt: [SBI $666C83D9] Data (File, nothing done)
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


Win32.FraudLoad.edt: [SBI $62B0666F] Autorun settings (INI File (Delete Key), nothing done)

For the moment I found a task added in my windows scheduler, which is executing an exe in Windows, which I have disabled in the task, but I would want to clean this mess up.

My dss logs are below and attached. Please help :(




.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by saurabh at 21:38:43 on 2011-08-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3067.1456 [GMT 5.5:30]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\ChgService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\FsUsbExService.Exe
D:\Program Files\GBPVR\GBPVRRecordingService.exe
D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
D:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saurabh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
D:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
D:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
uRun: [Google Update] "c:\users\saurabh\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [<NO NAME>]
uRun: [AdobeBridge]
uRun: [TouchFreeze] d:\program files\touchfreeze\TouchFreeze.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe
uRun: [8DDYX0ZBPZ] c:\users\saurabh\appdata\local\temp\Lsw.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [VMware hqtray] "d:\program files\vmware\vmware player\hqtray.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iCall Internet Phone] "d:\program files\icall\iCall.exe" /startup
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [HTC Sync Loader] "d:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [UnlockerAssistant] "d:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - c:\users\saurabh\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\saurabh\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: d:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: avanade.com\connect
Trusted Zone: microsoft.com\office
Trusted Zone: ultimatix.net\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\saurabh\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\saurabh\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\saurabh\appdata\local\temp\ixp000.tmp\InstallerControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://supportapj.dell.com/systemprofiler/SysProExe.CAB
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - c:\users\saurabh\appdata\local\temp\f5tmp\f5InspectionHost.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {84197FFA-D750-4B68-B80C-C3ECF1F1EEBF} - hxxps://mylearning.accenture.com/codebase/SDHHPXY.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://asia-ml03.asia.csc.com/dwa8W.cab
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://access.humana.com/prx/000/http/rasweb.humana.com/rdp/TerminalSvcsTCS.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\saurabh\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\saurabh\appdata\local\temp\f5tmp\urxhost.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\saurabh\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://apa-bang6-extranet.accenture.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} - hxxps://mylearning.accenture.com/codebase/SDWAPI.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\2435E4C4F51405 : DhcpNameServer = 10.7.111.230
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\84F6D656E45647 : DhcpNameServer = 208.67.222.222
TCP: Interfaces\{2672FF05-8246-4E3E-BFFA-C87FAEFFA2CB}\B65736868616C637 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\vvt0kfrw.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: d:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\saurabh\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\saurabh\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-20 47640]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\drivers\ITECIRfilter.sys [2011-3-22 23656]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-9 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-9 280096]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-8 29736]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-1-14 105984]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2011-4-30 13952]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2011-2-6 20080]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
.
=============== Created Last 30 ================
.
2011-08-07 05:36:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-07 05:31:27 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-08-07 02:32:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-07 02:32:01 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-06 06:09:32 181248 ----a-w- c:\windows\Ltohea.exe
2011-08-06 02:59:21 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b41a4226-edef-4c41-a47e-cbaad4455e23}\mpengine.dll
2011-07-31 04:15:16 -------- d-----w- c:\users\saurabh\appdata\roaming\Scooter Software
2011-07-26 12:59:02 -------- d-----w- c:\users\saurabh\appdata\local\TSVNCache
2011-07-26 12:50:42 -------- d-----w- c:\users\saurabh\appdata\roaming\TortoiseSVN
2011-07-26 12:47:18 -------- d-----w- c:\users\saurabh\appdata\roaming\Subversion
2011-07-26 12:17:23 -------- d-----w- c:\program files\common files\TortoiseOverlays
2011-07-26 04:56:36 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-07-26 04:56:36 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-07-26 04:54:55 -------- d-----w- c:\program files\Juniper Networks
2011-07-26 04:54:02 -------- d-----w- c:\users\saurabh\appdata\roaming\Juniper Networks
2011-07-25 13:34:04 -------- d-----w- C:\dell
2011-07-23 01:47:33 -------- d-----w- c:\users\saurabh\appdata\roaming\FLV Extract
2011-07-15 18:53:16 -------- d-----w- c:\program files\Sonic Foundry
2011-07-15 18:53:13 -------- d-----w- c:\program files\DebugMode
2011-07-14 00:44:46 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 09:57:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2011-06-20 01:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 13:44:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-12 07:38:14 22632 ----a-w- c:\windows\system32\drivers\TsLwWfF.sys
.
============= FINISH: 21:40:25.32 ===============

Blade81
2011-08-17, 23:22
Hi,

If help still needed post fresh dds logs, please.

Blade81
2011-08-27, 18:55
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.