kl71389
2012-01-06, 16:43
Hey!
I have ESET NOD 32 and Malware and last night the scans started coming up with...
Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean
I found this website and have so far followed the steps that someone with the same problem as me had.
Here are the results of the DDS scan:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 4:48:58 on 2012-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1130 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
-netsvcs
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Users\Owner\AppData\Local\Temp\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B64FA1EC-61BD-4FBC-AD43-D60A14A6B900} : DhcpNameServer = 64.232.177.6 209.125.133.6 4.2.2.2
TCP: Interfaces\{E1EFA488-0EBE-4E76-BB8B-D6CDE0C427CA} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{E1EFA488-0EBE-4E76-BB8B-D6CDE0C427CA}\E405459402649647E6563737 : DhcpNameServer = 192.168.1.1 68.105.28.17 68.105.29.17
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-01-06 06:06:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-06 06:02:34 20480 ----a-w- C:\Windows\svchost.exe
2012-01-05 17:12:29 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-01-03 22:39:57 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2012-01-03 15:24:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88B63F02-71D2-4FE1-A2B2-CF2990F71C7A}\offreg.dll
2012-01-03 15:24:37 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88B63F02-71D2-4FE1-A2B2-CF2990F71C7A}\mpengine.dll
2012-01-02 17:02:10 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-02 17:02:10 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-02 17:02:09 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-01-02 17:02:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-01-02 17:02:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-01 00:49:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\Free PDF Tablet
2012-01-01 00:49:09 -------- d-----w- C:\Program Files (x86)\FreePDFTablet
2011-12-31 21:09:25 -------- d-----w- C:\Users\Owner\AppData\Local\DDMSettings
2011-12-31 21:00:15 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-12-31 21:00:01 -------- d-----w- C:\Program Files\DivX
2011-12-31 20:59:42 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-12-31 20:58:48 -------- d-----w- C:\Program Files (x86)\DivX
2011-12-31 20:58:05 -------- d-----w- C:\ProgramData\DivX
2011-12-31 07:06:07 -------- d-----w- C:\Windows\System32\SPReview
2011-12-28 04:58:31 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-28 04:06:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2011-12-28 04:06:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-28 04:06:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-12-28 04:06:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-12-28 04:04:52 -------- d-----w- C:\Program Files\iPod
2011-12-28 04:04:51 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-28 04:04:51 -------- d-----w- C:\Program Files\iTunes
2011-12-28 04:04:51 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-28 04:03:59 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2011-12-28 04:03:18 -------- d-----w- C:\Program Files\Bonjour
2011-12-28 04:03:18 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-28 03:07:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\OpenOffice.org
2011-12-28 03:03:12 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-12-28 03:01:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-28 02:06:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-28 01:06:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-12-28 01:05:59 934912 ----a-w- C:\Windows\System32\FirewallControlPanel.dll
2011-12-28 01:04:59 91648 ----a-w- C:\Windows\System32\mapistub.dll
2011-12-28 01:03:51 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-12-28 01:03:51 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-12-28 01:03:51 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-12-28 01:01:50 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-12-28 01:01:50 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-12-28 01:01:39 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-12-28 00:54:09 -------- d-----w- C:\Users\Owner\AppData\Local\Spotify
2011-12-28 00:53:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spotify
2011-12-28 00:53:26 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2011-12-28 00:53:25 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment
2011-12-28 00:39:13 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-12-28 00:39:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-12-28 00:39:13 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-12-28 00:39:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-12-28 00:39:10 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-12-28 00:39:10 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-12-28 00:39:10 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-12-26 22:58:24 -------- d-----w- C:\Program Files\ESET
2011-12-26 22:47:28 -------- d-sh--w- C:\Windows\Installer
2011-12-26 21:35:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-12-26 21:34:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-26 21:34:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-26 21:34:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-26 21:29:48 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-26 21:29:48 -------- d-----w- C:\Windows\System32\Wat
2011-12-26 20:43:53 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-12-26 20:43:53 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-12-26 20:43:48 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-12-26 20:43:48 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-12-26 20:43:48 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-12-26 20:43:48 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-12-26 20:43:48 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-12-26 20:43:47 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-12-26 20:38:31 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-26 20:38:24 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-12-26 20:38:24 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-12-26 20:38:17 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-12-26 20:38:17 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-12-26 20:37:55 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-12-26 20:37:55 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-12-26 20:37:45 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-12-26 20:37:45 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-12-26 20:37:45 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-12-26 20:37:45 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-12-26 20:36:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-12-26 20:36:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-12-26 20:36:59 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-12-26 20:36:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-12-26 20:36:59 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-12-26 20:36:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-12-26 20:35:45 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-26 20:35:45 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-26 20:35:45 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-26 20:34:52 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-12-26 20:34:52 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-12-26 20:34:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-12-26 20:34:52 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-12-26 20:34:50 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-12-26 20:34:50 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-12-26 20:34:50 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-12-26 20:33:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-12-26 20:33:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-12-26 20:33:36 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-12-26 20:33:36 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-12-26 20:33:35 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-12-26 20:33:35 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-12-26 20:33:35 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-12-26 20:33:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-12-26 20:33:35 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-12-26 20:33:35 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-12-26 20:31:38 642944 ----a-w- C:\Windows\System32\winload.efi
2011-12-26 20:31:38 605552 ----a-w- C:\Windows\System32\winload.exe
2011-12-26 20:31:38 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-12-26 20:31:38 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-12-26 20:31:37 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-12-26 20:31:37 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-12-26 20:31:37 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-12-26 20:31:37 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-12-26 20:24:05 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-26 20:05:13 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-12-26 20:05:13 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-12-26 20:05:13 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-12-26 20:05:13 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-12-26 20:05:13 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-12-26 20:05:13 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-12-26 20:05:00 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-12-26 20:05:00 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-12-26 20:02:17 -------- d-----w- C:\Windows\Panther
2011-12-26 18:08:52 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-26 18:06:56 -------- d-----w- C:\Program Files\IDT
2011-12-26 18:06:54 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-12-26 18:06:54 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-12-26 18:06:54 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-12-26 18:06:54 487424 ----a-w- C:\Windows\sttray64.exe
2011-12-26 18:06:54 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-12-26 18:06:54 3348480 ----a-w- C:\Windows\System32\stlang64.dll
2011-12-26 18:06:54 162816 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-12-26 18:06:54 12772352 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-12-26 18:06:53 -------- d-----w- C:\Windows\System32\SRSLabs
.
==================== Find3M ====================
.
2011-12-31 07:14:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-31 07:14:36 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 4:51:54.02 ===============
Any help from this point on would be amazing. Thank you so much in advance!
---------------------------------
http://forums.spybot.info/showthread.php?t=288 :)
I have ESET NOD 32 and Malware and last night the scans started coming up with...
Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean
I found this website and have so far followed the steps that someone with the same problem as me had.
Here are the results of the DDS scan:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 4:48:58 on 2012-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1130 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
-netsvcs
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Users\Owner\AppData\Local\Temp\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B64FA1EC-61BD-4FBC-AD43-D60A14A6B900} : DhcpNameServer = 64.232.177.6 209.125.133.6 4.2.2.2
TCP: Interfaces\{E1EFA488-0EBE-4E76-BB8B-D6CDE0C427CA} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{E1EFA488-0EBE-4E76-BB8B-D6CDE0C427CA}\E405459402649647E6563737 : DhcpNameServer = 192.168.1.1 68.105.28.17 68.105.29.17
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-01-06 06:06:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-06 06:02:34 20480 ----a-w- C:\Windows\svchost.exe
2012-01-05 17:12:29 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-01-03 22:39:57 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2012-01-03 15:24:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88B63F02-71D2-4FE1-A2B2-CF2990F71C7A}\offreg.dll
2012-01-03 15:24:37 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88B63F02-71D2-4FE1-A2B2-CF2990F71C7A}\mpengine.dll
2012-01-02 17:02:10 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-02 17:02:10 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-02 17:02:09 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-01-02 17:02:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-01-02 17:02:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-01 00:49:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\Free PDF Tablet
2012-01-01 00:49:09 -------- d-----w- C:\Program Files (x86)\FreePDFTablet
2011-12-31 21:09:25 -------- d-----w- C:\Users\Owner\AppData\Local\DDMSettings
2011-12-31 21:00:15 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-12-31 21:00:01 -------- d-----w- C:\Program Files\DivX
2011-12-31 20:59:42 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-12-31 20:58:48 -------- d-----w- C:\Program Files (x86)\DivX
2011-12-31 20:58:05 -------- d-----w- C:\ProgramData\DivX
2011-12-31 07:06:07 -------- d-----w- C:\Windows\System32\SPReview
2011-12-28 04:58:31 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-28 04:06:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2011-12-28 04:06:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-28 04:06:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-12-28 04:06:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-12-28 04:04:52 -------- d-----w- C:\Program Files\iPod
2011-12-28 04:04:51 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-28 04:04:51 -------- d-----w- C:\Program Files\iTunes
2011-12-28 04:04:51 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-28 04:03:59 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2011-12-28 04:03:18 -------- d-----w- C:\Program Files\Bonjour
2011-12-28 04:03:18 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-28 03:07:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\OpenOffice.org
2011-12-28 03:03:12 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-12-28 03:01:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-28 02:06:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-28 01:06:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-12-28 01:05:59 934912 ----a-w- C:\Windows\System32\FirewallControlPanel.dll
2011-12-28 01:04:59 91648 ----a-w- C:\Windows\System32\mapistub.dll
2011-12-28 01:03:51 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-12-28 01:03:51 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-12-28 01:03:51 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-12-28 01:01:50 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-12-28 01:01:50 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-12-28 01:01:39 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-12-28 00:54:09 -------- d-----w- C:\Users\Owner\AppData\Local\Spotify
2011-12-28 00:53:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spotify
2011-12-28 00:53:26 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2011-12-28 00:53:25 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment
2011-12-28 00:39:13 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-12-28 00:39:13 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-12-28 00:39:13 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-12-28 00:39:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-12-28 00:39:10 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-12-28 00:39:10 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-12-28 00:39:10 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-12-26 22:58:24 -------- d-----w- C:\Program Files\ESET
2011-12-26 22:47:28 -------- d-sh--w- C:\Windows\Installer
2011-12-26 21:35:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-12-26 21:34:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-26 21:34:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-26 21:34:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-26 21:29:48 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-26 21:29:48 -------- d-----w- C:\Windows\System32\Wat
2011-12-26 20:43:53 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-12-26 20:43:53 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-12-26 20:43:48 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-12-26 20:43:48 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-12-26 20:43:48 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-12-26 20:43:48 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-12-26 20:43:48 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-12-26 20:43:47 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-12-26 20:38:31 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-26 20:38:24 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-12-26 20:38:24 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-12-26 20:38:17 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-12-26 20:38:17 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-12-26 20:37:55 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-12-26 20:37:55 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-12-26 20:37:45 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-12-26 20:37:45 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-12-26 20:37:45 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-12-26 20:37:45 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-12-26 20:36:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-12-26 20:36:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-12-26 20:36:59 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-12-26 20:36:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-12-26 20:36:59 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-12-26 20:36:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-12-26 20:35:45 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-26 20:35:45 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-26 20:35:45 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-26 20:34:52 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-12-26 20:34:52 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-12-26 20:34:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-12-26 20:34:52 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-12-26 20:34:50 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-12-26 20:34:50 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-12-26 20:34:50 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-12-26 20:33:36 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-12-26 20:33:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-12-26 20:33:36 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-12-26 20:33:36 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-12-26 20:33:35 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-12-26 20:33:35 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-12-26 20:33:35 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-12-26 20:33:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-12-26 20:33:35 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-12-26 20:33:35 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-12-26 20:31:38 642944 ----a-w- C:\Windows\System32\winload.efi
2011-12-26 20:31:38 605552 ----a-w- C:\Windows\System32\winload.exe
2011-12-26 20:31:38 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-12-26 20:31:38 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-12-26 20:31:37 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-12-26 20:31:37 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-12-26 20:31:37 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-12-26 20:31:37 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-12-26 20:24:05 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-26 20:05:13 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-12-26 20:05:13 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-12-26 20:05:13 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-12-26 20:05:13 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-12-26 20:05:13 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-12-26 20:05:13 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-12-26 20:05:00 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-12-26 20:05:00 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-12-26 20:02:17 -------- d-----w- C:\Windows\Panther
2011-12-26 18:08:52 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-26 18:06:56 -------- d-----w- C:\Program Files\IDT
2011-12-26 18:06:54 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-12-26 18:06:54 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-12-26 18:06:54 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-12-26 18:06:54 487424 ----a-w- C:\Windows\sttray64.exe
2011-12-26 18:06:54 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-12-26 18:06:54 3348480 ----a-w- C:\Windows\System32\stlang64.dll
2011-12-26 18:06:54 162816 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-12-26 18:06:54 12772352 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-12-26 18:06:53 -------- d-----w- C:\Windows\System32\SRSLabs
.
==================== Find3M ====================
.
2011-12-31 07:14:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-31 07:14:36 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 4:51:54.02 ===============
Any help from this point on would be amazing. Thank you so much in advance!
---------------------------------
http://forums.spybot.info/showthread.php?t=288 :)