spot812
2011-08-21, 01:50
I am now working on getting my son's computer working again after a particularly nasty crash.
He couldn't give me much information other than he had shut down the computer, it went on to install "Windows Updates" and then closed.
It would get stuck in some sort of loop when booting up, and was never the same again.
I have finaly gotten it back to the point where it will boot up and connect and got IE8 to work.
I've run Spybot Search & Destroy and Malwarebytes Anti-Malware. However, I can not get Avira Anti-Vir Personal Free addition to re-install.
All of this leads me to believe that it started with a virus attack, and I just haven't cleaned it all out yet.
So, I need some help.
I have run ERUNT to back up the registry. Here is my DDS Log, and the DDS "Attachment" log is attached.
DDS.txt:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Adam Friese2 at 19:35:39 on 2011-08-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.638 [GMT -5:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\ERUNT\ERUNT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0B190563-01E9-416B-9F1B-AB915B681163} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D88D66A-DE83-4C6E-BDFE-EF09DF64A34A} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
.
=============== Created Last 30 ================
.
2011-08-20 07:46:41 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-20 07:46:35 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-20 07:46:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-20 07:46:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-20 07:46:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-20 07:46:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-20 07:46:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-08-20 07:46:24 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-08-20 07:46:21 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-08-20 07:45:06 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-20 07:43:18 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-20 07:43:08 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-20 05:01:58 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-08-20 05:00:58 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-08-20 04:59:51 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-08-20 04:58:57 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2011-08-20 04:57:58 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-08-20 04:56:53 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll
2011-08-20 04:55:59 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2011-08-20 04:54:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2011-08-20 04:53:58 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2011-08-20 04:52:50 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-08-20 04:51:59 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-08-20 04:38:03 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-08-20 04:36:52 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-08-20 04:35:54 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-08-20 04:35:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-08-20 04:35:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-08-20 04:35:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-08-20 04:35:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-08-20 04:35:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-08-20 04:35:49 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-08-20 04:34:27 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-08-20 04:32:52 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-08-20 03:35:09 -------- d-----w- C:\273b21a52642ecbab6f2fc4c110a516c
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:37:04.85 ===============
End of DDS.txt
Thanks for helping. :thanks:
He couldn't give me much information other than he had shut down the computer, it went on to install "Windows Updates" and then closed.
It would get stuck in some sort of loop when booting up, and was never the same again.
I have finaly gotten it back to the point where it will boot up and connect and got IE8 to work.
I've run Spybot Search & Destroy and Malwarebytes Anti-Malware. However, I can not get Avira Anti-Vir Personal Free addition to re-install.
All of this leads me to believe that it started with a virus attack, and I just haven't cleaned it all out yet.
So, I need some help.
I have run ERUNT to back up the registry. Here is my DDS Log, and the DDS "Attachment" log is attached.
DDS.txt:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Adam Friese2 at 19:35:39 on 2011-08-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.638 [GMT -5:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\ERUNT\ERUNT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0B190563-01E9-416B-9F1B-AB915B681163} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D88D66A-DE83-4C6E-BDFE-EF09DF64A34A} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
.
=============== Created Last 30 ================
.
2011-08-20 07:46:41 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-20 07:46:35 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-20 07:46:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-20 07:46:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-20 07:46:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-20 07:46:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-20 07:46:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-08-20 07:46:24 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-08-20 07:46:21 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-08-20 07:45:06 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-20 07:43:18 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-20 07:43:08 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-20 05:01:58 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-08-20 05:00:58 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-08-20 04:59:51 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-08-20 04:58:57 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2011-08-20 04:57:58 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-08-20 04:56:53 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll
2011-08-20 04:55:59 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2011-08-20 04:54:59 131156 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2011-08-20 04:53:58 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2011-08-20 04:52:50 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-08-20 04:51:59 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-08-20 04:38:03 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-08-20 04:36:52 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-08-20 04:35:54 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-08-20 04:35:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-08-20 04:35:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-08-20 04:35:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-08-20 04:35:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-08-20 04:35:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-08-20 04:35:49 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-08-20 04:34:27 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-08-20 04:32:52 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-08-20 03:35:09 -------- d-----w- C:\273b21a52642ecbab6f2fc4c110a516c
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:37:04.85 ===============
End of DDS.txt
Thanks for helping. :thanks: