soapie
2012-07-02, 12:44
hello Safer Networking Malware Removal Forum
I am here to ask for some help in possibly dissinfecting my system of some stuborn hidden malware
i have ran a bootable scan using kaspersky recue disk and norton bootable recovery disk. these unfortuantely found nothing.
i also ran online scanner using ESET online scanner this found some cookies and a toolbat classed as malware.
I also ran ComboFix after a friend/colleague told me about it.
I am asking for help from professional malware removal team because i am sure i have malware on my PC that hidden and very difficult yo remove!
my system is acting very strangely. it often crashes. the CPU runs very high.
i have made sure i have updated all drivers from my PC manufacturers web site. all drivers seem to be ok.
can someone take a look at my DDS logs and maybe help me to get my system back to a decent safe state. so i once again have confidence.
I have attached my Attach.txt and DDS.txt log files to this post.
Thanks..
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by mark at 10:28:37 on 2012-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3067.1652 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Axantum\AxCrypt\AxCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DD864D4C-4ABA-4E43-941C-0362C710E2E6} : DhcpNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\hfl3d2xi.default-1341159644110\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 06132003;06132003;c:\windows\system32\drivers\06132003.sys [2012-6-5 133208]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-6-8 65720]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-7-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-7-1 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-7-1 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120629.001\IDSvix86.sys [2012-6-29 382624]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_34302.sys [2012-6-6 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-6-8 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-6-8 166840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-7-1 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1307010.005\symnets.sys [2012-7-1 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-7 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2012-3-20 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2012-3-5 94208]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-7-1 138232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-2 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-2 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-6-29 166528]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-6-6 21520]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-5-31 137488]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-17 257224]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-8-18 4994560]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-6 275968]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 16640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-29 29736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-12 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-6-13 14416]
.
=============== Created Last 30 ================
.
2012-07-02 06:32:31 -------- d-----w- c:\users\mark\appdata\roaming\Acreon
2012-07-02 06:32:28 -------- d-----w- c:\users\mark\appdata\local\._Revolution_
2012-07-02 06:21:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-01 16:34:30 -------- d-----w- c:\programdata\IdealSoftware
2012-07-01 16:34:30 -------- d-----w- C:\IDEALDVDCOPY_TEMP
2012-07-01 16:32:32 -------- d-----w- c:\users\mark\appdata\local\IdealSoftware
2012-07-01 16:32:31 -------- d-----w- c:\program files\IdealDVDCopy
2012-07-01 13:12:06 -------- d-----w- c:\program files\ESET
2012-07-01 13:01:30 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
2012-07-01 13:01:29 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
2012-07-01 13:01:27 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys
2012-07-01 13:01:27 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
2012-07-01 13:01:24 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
2012-07-01 13:01:23 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
2012-07-01 13:01:23 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys
2012-07-01 12:59:18 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005
2012-07-01 12:33:31 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-01 12:33:30 -------- d-----w- c:\program files\Symantec
2012-07-01 12:33:30 -------- d-----w- c:\program files\common files\Symantec Shared
2012-07-01 12:30:54 -------- d-----w- c:\windows\system32\drivers\NIS
2012-07-01 12:30:52 -------- d-----w- c:\program files\Norton Internet Security
2012-07-01 12:30:34 -------- d-----w- c:\program files\NortonInstaller
2012-06-30 21:17:43 -------- d-----w- C:\kl.files
2012-06-30 18:15:42 -------- d-----w- C:\Mozilla
2012-06-30 17:49:55 -------- d-----w- c:\program files\Oracle
2012-06-29 20:37:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-29 20:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-29 20:36:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-29 20:22:43 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-06-29 19:28:07 -------- d-----w- C:\8711ec7118b8aa676278a6b9b5e2c246
2012-06-29 16:43:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-29 15:59:00 -------- d-----w- c:\programdata\F-Secure uninstallationtool
2012-06-29 15:53:11 302 ----a-w- C:\FixitRegBackup.reg
2012-06-29 08:08:19 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-27 14:51:18 -------- d-----w- c:\users\mark\appdata\local\VirtualStore
2012-06-27 10:25:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-27 10:16:00 -------- d-----w- c:\windows\system32\SPReview
2012-06-27 07:49:13 388096 ----a-r- c:\users\mark\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-27 07:49:13 -------- d-----w- c:\program files\Trend Micro
2012-06-26 09:42:49 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-06-26 09:35:35 -------- d-----w- C:\inetpub
2012-06-26 01:01:23 -------- d-----r- C:\AHCache
2012-06-25 14:00:30 -------- d-----w- C:\f288c559972fa8b4080a56
2012-06-22 13:10:18 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:09:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:09:33 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 13:09:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 01:12:08 -------- d-----w- C:\CCE_Quarantine
2012-06-17 03:00:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 03:00:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 00:40:13 -------- d-----w- c:\program files\Sandboxie
2012-06-16 23:06:11 -------- d-----w- c:\program files\Axantum
2012-06-16 23:00:33 -------- d--h--w- c:\programdata\Common Files
2012-06-14 02:25:19 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-14 02:25:19 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-14 00:19:47 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:19:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:19:42 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:19:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:19:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:19:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:19:39 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:19:26 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:19:26 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:19:26 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:14:11 -------- d-----w- c:\users\mark\appdata\local\Macromedia
2012-06-13 14:13:55 -------- d-----w- c:\program files\ffdshow
2012-06-08 20:42:28 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-06-07 17:02:10 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-07 16:50:26 -------- d-----w- c:\programdata\IObit
2012-06-07 16:50:06 -------- d-----w- c:\users\mark\appdata\roaming\IObit
2012-06-07 16:49:41 -------- d-----w- c:\program files\IObit
2012-06-05 23:42:59 -------- d-----w- c:\users\mark\appdata\local\Trusteer
2012-06-05 23:42:51 -------- d-----w- c:\program files\Trusteer
2012-06-05 23:41:43 -------- d-----w- c:\programdata\Trusteer
2012-06-05 02:10:52 133208 ----a-w- c:\windows\system32\drivers\06132003.sys
2012-06-04 00:23:05 -------- d-----w- c:\users\mark\appdata\roaming\Leawo
2012-06-04 00:22:25 -------- d-----w- c:\programdata\Leawo
2012-06-04 00:22:25 -------- d-----w- c:\program files\Leawo
2012-06-03 23:53:55 -------- d-----w- c:\program files\common files\Steam
.
==================== Find3M ====================
.
2012-06-27 10:22:08 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-07 04:17:57 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-07 04:17:57 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-05 21:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 21:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 21:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll
.
============= FINISH: 10:30:10.30 ===============
I am here to ask for some help in possibly dissinfecting my system of some stuborn hidden malware
i have ran a bootable scan using kaspersky recue disk and norton bootable recovery disk. these unfortuantely found nothing.
i also ran online scanner using ESET online scanner this found some cookies and a toolbat classed as malware.
I also ran ComboFix after a friend/colleague told me about it.
I am asking for help from professional malware removal team because i am sure i have malware on my PC that hidden and very difficult yo remove!
my system is acting very strangely. it often crashes. the CPU runs very high.
i have made sure i have updated all drivers from my PC manufacturers web site. all drivers seem to be ok.
can someone take a look at my DDS logs and maybe help me to get my system back to a decent safe state. so i once again have confidence.
I have attached my Attach.txt and DDS.txt log files to this post.
Thanks..
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by mark at 10:28:37 on 2012-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3067.1652 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Axantum\AxCrypt\AxCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DD864D4C-4ABA-4E43-941C-0362C710E2E6} : DhcpNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\hfl3d2xi.default-1341159644110\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 06132003;06132003;c:\windows\system32\drivers\06132003.sys [2012-6-5 133208]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-6-8 65720]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-7-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-7-1 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-7-1 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120629.001\IDSvix86.sys [2012-6-29 382624]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_34302.sys [2012-6-6 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-6-8 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-6-8 166840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-7-1 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1307010.005\symnets.sys [2012-7-1 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-7 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2012-3-20 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2012-3-5 94208]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-7-1 138232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-2 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-2 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-6-29 166528]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-6-6 21520]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-5-31 137488]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-17 257224]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-8-18 4994560]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-6 275968]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 16640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-29 29736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-12 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-6-13 14416]
.
=============== Created Last 30 ================
.
2012-07-02 06:32:31 -------- d-----w- c:\users\mark\appdata\roaming\Acreon
2012-07-02 06:32:28 -------- d-----w- c:\users\mark\appdata\local\._Revolution_
2012-07-02 06:21:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-01 16:34:30 -------- d-----w- c:\programdata\IdealSoftware
2012-07-01 16:34:30 -------- d-----w- C:\IDEALDVDCOPY_TEMP
2012-07-01 16:32:32 -------- d-----w- c:\users\mark\appdata\local\IdealSoftware
2012-07-01 16:32:31 -------- d-----w- c:\program files\IdealDVDCopy
2012-07-01 13:12:06 -------- d-----w- c:\program files\ESET
2012-07-01 13:01:30 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
2012-07-01 13:01:29 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
2012-07-01 13:01:27 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys
2012-07-01 13:01:27 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
2012-07-01 13:01:24 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
2012-07-01 13:01:23 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
2012-07-01 13:01:23 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys
2012-07-01 12:59:18 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005
2012-07-01 12:33:31 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-01 12:33:30 -------- d-----w- c:\program files\Symantec
2012-07-01 12:33:30 -------- d-----w- c:\program files\common files\Symantec Shared
2012-07-01 12:30:54 -------- d-----w- c:\windows\system32\drivers\NIS
2012-07-01 12:30:52 -------- d-----w- c:\program files\Norton Internet Security
2012-07-01 12:30:34 -------- d-----w- c:\program files\NortonInstaller
2012-06-30 21:17:43 -------- d-----w- C:\kl.files
2012-06-30 18:15:42 -------- d-----w- C:\Mozilla
2012-06-30 17:49:55 -------- d-----w- c:\program files\Oracle
2012-06-29 20:37:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-29 20:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-29 20:36:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-06-29 20:22:43 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-06-29 19:28:07 -------- d-----w- C:\8711ec7118b8aa676278a6b9b5e2c246
2012-06-29 16:43:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-29 15:59:00 -------- d-----w- c:\programdata\F-Secure uninstallationtool
2012-06-29 15:53:11 302 ----a-w- C:\FixitRegBackup.reg
2012-06-29 08:08:19 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-27 14:51:18 -------- d-----w- c:\users\mark\appdata\local\VirtualStore
2012-06-27 10:25:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-27 10:16:00 -------- d-----w- c:\windows\system32\SPReview
2012-06-27 07:49:13 388096 ----a-r- c:\users\mark\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-27 07:49:13 -------- d-----w- c:\program files\Trend Micro
2012-06-26 09:42:49 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-06-26 09:35:35 -------- d-----w- C:\inetpub
2012-06-26 01:01:23 -------- d-----r- C:\AHCache
2012-06-25 14:00:30 -------- d-----w- C:\f288c559972fa8b4080a56
2012-06-22 13:10:18 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:09:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:09:33 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 13:09:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 01:12:08 -------- d-----w- C:\CCE_Quarantine
2012-06-17 03:00:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 03:00:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 00:40:13 -------- d-----w- c:\program files\Sandboxie
2012-06-16 23:06:11 -------- d-----w- c:\program files\Axantum
2012-06-16 23:00:33 -------- d--h--w- c:\programdata\Common Files
2012-06-14 02:25:19 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-14 02:25:19 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-14 00:19:47 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:19:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:19:42 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:19:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:19:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:19:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:19:39 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:19:26 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:19:26 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:19:26 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:14:11 -------- d-----w- c:\users\mark\appdata\local\Macromedia
2012-06-13 14:13:55 -------- d-----w- c:\program files\ffdshow
2012-06-08 20:42:28 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-06-07 17:02:10 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-07 16:50:26 -------- d-----w- c:\programdata\IObit
2012-06-07 16:50:06 -------- d-----w- c:\users\mark\appdata\roaming\IObit
2012-06-07 16:49:41 -------- d-----w- c:\program files\IObit
2012-06-05 23:42:59 -------- d-----w- c:\users\mark\appdata\local\Trusteer
2012-06-05 23:42:51 -------- d-----w- c:\program files\Trusteer
2012-06-05 23:41:43 -------- d-----w- c:\programdata\Trusteer
2012-06-05 02:10:52 133208 ----a-w- c:\windows\system32\drivers\06132003.sys
2012-06-04 00:23:05 -------- d-----w- c:\users\mark\appdata\roaming\Leawo
2012-06-04 00:22:25 -------- d-----w- c:\programdata\Leawo
2012-06-04 00:22:25 -------- d-----w- c:\program files\Leawo
2012-06-03 23:53:55 -------- d-----w- c:\program files\common files\Steam
.
==================== Find3M ====================
.
2012-06-27 10:22:08 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-07 04:17:57 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-07 04:17:57 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-05 21:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 21:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 21:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll
.
============= FINISH: 10:30:10.30 ===============