Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Google searches redirect to 'find-quick-results.com'

  1. 2011-05-20, 21:19 #11
    Xiafang
    Xiafang is offline
    Junior Member
    Join Date
    May 2011
    Posts
    7

    Default

    Small sample size, but nothing on the first page of results for a search gave me any ads, so it seems like I'm cured! Thanks so much, logs are attached.

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Jack at 15:15:25.01 on Fri 05/20/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1878 [GMT -4:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\SDistTest\SDistTestSvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\mIRC\mirc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Jack\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~2.LNK - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: S&end to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\yvbp912j.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: Hide Caption Titlebar Plus: hidecaptionplus-dp@dummy.addons.mozilla.org - %profile%\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: Tabs on top: tabsontop-darthpalpatine@dummy.addons.mozilla.org - %profile%\extensions\tabsontop-darthpalpatine@dummy.addons.mozilla.org
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Always on Top: {E6C93316-271E-4b3d-8D7E-FE11B4350AEB} - %profile%\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}
    FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2010-8-19 26624]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-9 203776]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-12-21 125296]
    R2 SDisTestService;SpybotSnD Distributed Testing;C:\Program Files (x86)\SDistTest\SDistTestSvc.exe [2011-5-16 907680]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-2 46136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-9 9258496]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-9 300544]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
    RUnknown SymIRON;SymIRON; [x]
    RUnknown SymNetS;SymNetS; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
    S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-30 1038088]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\jswpsapi.exe [2010-8-19 954368]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-12 1255736]
    .
    =============== Created Last 30 ================
    .
    2011-05-20 18:57:36 98816 ----a-w- C:\Windows\sed.exe
    2011-05-20 18:57:36 89088 ----a-w- C:\Windows\MBR.exe
    2011-05-20 18:57:36 256512 ----a-w- C:\Windows\PEV.exe
    2011-05-20 18:57:36 161792 ----a-w- C:\Windows\SWREG.exe
    2011-05-16 20:23:46 -------- d-----w- C:\Program Files (x86)\SDistTest
    2011-05-16 15:13:53 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-16 15:13:52 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-16 14:42:14 4636 ----a-w- C:\STF7BAA.tmp
    2011-05-12 18:37:29 -------- d-----w- C:\Users\Jack\AppData\Local\ESET
    2011-05-12 17:25:47 -------- d-----w- C:\Program Files (x86)\mIRC
    2011-05-12 17:20:55 -------- d-----w- C:\Program Files\ESET
    2011-05-12 15:09:52 -------- d-----w- C:\Users\Jack\AppData\Local\CrashDumps
    2011-05-12 05:45:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-05-12 05:44:20 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2011-05-12 05:44:19 -------- d-----w- C:\PROGRA~3\Norton
    2011-05-12 05:44:14 -------- d-----w- C:\PROGRA~3\NortonInstaller
    2011-05-12 05:22:10 127488 --sha-r- C:\Windows\SysWow64\telephonm.dll
    2011-05-12 05:18:12 -------- d-----w- C:\Users\Jack\AppData\Roaming\Trillian
    2011-05-12 04:05:07 4636 ----a-w- C:\STF4452.tmp
    2011-05-12 03:38:45 4636 ----a-w- C:\STF229D.tmp
    2011-05-12 03:37:45 4636 ----a-w- C:\STF3938.tmp
    2011-05-12 00:34:16 4636 ----a-w- C:\STF3A4C.tmp
    2011-05-12 00:14:45 4636 ----a-w- C:\STF5DD2.tmp
    2011-05-11 23:50:37 4636 ----a-w- C:\STF46A9.tmp
    2011-05-11 23:22:03 4636 ----a-w- C:\STF1E8E.tmp
    2011-05-11 22:53:18 4636 ----a-w- C:\STFCA07.tmp
    2011-05-11 22:30:43 4636 ----a-w- C:\STF1CE6.tmp
    2011-05-11 22:16:03 4636 ----a-w- C:\STFB118.tmp
    2011-05-11 22:00:31 4636 ----a-w- C:\STF7A10.tmp
    2011-05-11 21:39:16 4636 ----a-w- C:\STF379.tmp
    2011-05-11 20:01:25 4636 ----a-w- C:\STF6E87.tmp
    2011-05-11 20:00:33 4636 ----a-w- C:\STFA12A.tmp
    2011-05-11 19:38:51 4636 ----a-w- C:\STFC5E7.tmp
    2011-05-11 18:02:27 4636 ----a-w- C:\STF8241.tmp
    2011-05-11 17:59:02 4636 ----a-w- C:\STF6473.tmp
    2011-05-11 17:29:58 4636 ----a-w- C:\STFC4C9.tmp
    2011-05-11 17:19:22 4636 ----a-w- C:\STF10F4.tmp
    2011-05-11 16:58:14 4636 ----a-w- C:\STFB868.tmp
    2011-05-11 16:33:33 4574 ----a-w- C:\STF1E0B.tmp
    2011-05-11 16:29:19 4574 ----a-w- C:\STF4088.tmp
    2011-05-11 15:59:40 4574 ----a-w- C:\STF185E.tmp
    2011-05-11 15:54:03 4574 ----a-w- C:\STFF61E.tmp
    2011-05-11 15:29:14 4574 ----a-w- C:\STF3E04.tmp
    2011-05-11 14:36:47 4574 ----a-w- C:\STF38A6.tmp
    2011-05-11 14:24:02 4574 ----a-w- C:\STF8D58.tmp
    2011-05-11 14:22:05 4574 ----a-w- C:\STFC374.tmp
    2011-05-11 14:21:34 -------- d-----w- C:\Users\Jack\AppData\Local\SKIDROW
    2011-05-11 14:09:29 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 14:09:28 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 14:09:28 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 14:09:22 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 14:09:22 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 14:09:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 14:09:22 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 14:09:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 14:09:21 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 14:09:21 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-11 13:59:04 -------- d-----w- C:\Program Files (x86)\Valve
    2011-05-10 20:08:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-10 20:08:04 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-05-10 16:51:10 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C01F518F-9B71-41DC-803B-6DF42EF69660}\mpengine.dll
    2011-05-09 19:36:56 -------- d-----w- C:\Users\Jack\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    2011-05-09 19:36:50 -------- d-----w- C:\Program Files (x86)\Times Reader
    .
    ==================== Find3M ====================
    .
    2011-04-16 17:32:59 1391104 ----a-w- C:\apploc.msi
    2011-03-21 23:56:26 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-03-21 23:56:22 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-03-21 23:56:10 53760 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-03-21 23:56:06 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-03-21 23:55:58 16115712 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-03-21 23:55:46 12385792 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-10 00:31:27 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-03-10 00:31:27 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-03-09 09:22:42 9258496 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-03-09 05:41:52 22518272 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-03-09 05:19:22 17397248 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-03-09 04:57:04 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-03-09 04:56:54 679424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-03-09 04:55:52 795136 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-03-09 04:53:44 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-03-09 04:53:34 480256 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-03-09 04:53:04 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-03-09 04:52:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-03-09 04:51:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-03-09 04:51:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-03-09 04:51:34 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-03-09 04:51:28 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-03-09 04:51:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-03-09 04:51:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-03-09 04:48:46 4277760 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-03-09 04:40:22 5044224 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-03-09 04:34:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-03-09 04:34:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-03-09 04:34:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-03-09 04:34:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-03-09 04:34:12 7025152 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-03-09 04:32:32 5618688 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-03-09 04:30:30 4294656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-03-09 04:24:48 5438976 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-03-09 04:18:16 360448 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-03-09 04:18:10 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-03-09 04:18:00 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-03-09 04:17:56 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-03-09 04:17:56 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-03-09 04:17:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-03-09 04:17:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-03-09 04:17:42 300544 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-03-09 04:17:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-03-09 04:17:00 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-03-09 04:16:54 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-03-09 04:16:48 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-03-09 04:16:14 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-03-09 04:11:06 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-03-09 03:42:40 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-03-09 03:42:06 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-03-09 03:41:52 3239936 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-03-09 03:34:12 3471872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
    2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    .
    ============= FINISH: 15:15:39.34 ===============
  2. 2011-05-20, 21:30 #12
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    http://forums.spybot.info/showthread.php?t=62705
Suspect::[76]
C:\Windows\SysWow64\telephonm.dll
FileLook::
C:\STFB868.tmp
C:\STF1E0B.tmp
DirLook::
C:\Users\Jack\AppData\Local\SKIDROW

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2011-05-21, 00:05 #13
    Xiafang
    Xiafang is offline
    Junior Member
    Join Date
    May 2011
    Posts
    7

    Default

    I cannot for the life of me get the ESET scanner to work. The terms and conditions window opens, and I can click start, but then that window freezes up and doesn't do anything. It may be due to my spotty net connection (I did remember to change to IE).

    New logs attached.

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
    Run by Jack at 18:03:57 on 2011-05-20
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1693 [GMT -4:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\SDistTest\SDistTestSvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\Program Files (x86)\mIRC\mirc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jack\Downloads\dds(2).scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~2.LNK - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: S&end to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\yvbp912j.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: Hide Caption Titlebar Plus: hidecaptionplus-dp@dummy.addons.mozilla.org - %profile%\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
    FF - Ext: Chromifox Basic: chromifox@altmusictv.com - %profile%\extensions\chromifox@altmusictv.com
    FF - Ext: Tabs on top: tabsontop-darthpalpatine@dummy.addons.mozilla.org - %profile%\extensions\tabsontop-darthpalpatine@dummy.addons.mozilla.org
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Always on Top: {E6C93316-271E-4b3d-8D7E-FE11B4350AEB} - %profile%\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}
    FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 SDisTestService;SpybotSnD Distributed Testing;C:\Program Files (x86)\SDistTest\SDistTestSvc.exe [2011-5-16 907680]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
    RUnknown SymIRON;SymIRON; [x]
    RUnknown SymNetS;SymNetS; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\System32\srvany.exe [2010-11-11 8192]
    S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-30 1038088]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\jswpsapi.exe [2010-8-19 954368]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-20 18:57:36 98816 ----a-w- C:\Windows\sed.exe
    2011-05-20 18:57:36 89088 ----a-w- C:\Windows\MBR.exe
    2011-05-20 18:57:36 256512 ----a-w- C:\Windows\PEV.exe
    2011-05-20 18:57:36 161792 ----a-w- C:\Windows\SWREG.exe
    2011-05-16 20:23:46 -------- d-----w- C:\Program Files (x86)\SDistTest
    2011-05-16 15:13:53 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-16 15:13:52 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-16 14:42:14 4636 ----a-w- C:\STF7BAA.tmp
    2011-05-12 18:37:29 -------- d-----w- C:\Users\Jack\AppData\Local\ESET
    2011-05-12 17:25:47 -------- d-----w- C:\Program Files (x86)\mIRC
    2011-05-12 17:20:55 -------- d-----w- C:\Program Files\ESET
    2011-05-12 15:09:52 -------- d-----w- C:\Users\Jack\AppData\Local\CrashDumps
    2011-05-12 05:45:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-05-12 05:44:20 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2011-05-12 05:44:19 -------- d-----w- C:\ProgramData\Norton
    2011-05-12 05:44:14 -------- d-----w- C:\ProgramData\NortonInstaller
    2011-05-12 05:22:10 127488 ------w- C:\Windows\SysWow64\telephonm.dll
    2011-05-12 05:18:12 -------- d-----w- C:\Users\Jack\AppData\Roaming\Trillian
    2011-05-12 04:05:07 4636 ----a-w- C:\STF4452.tmp
    2011-05-12 03:38:45 4636 ----a-w- C:\STF229D.tmp
    2011-05-12 03:37:45 4636 ----a-w- C:\STF3938.tmp
    2011-05-12 00:34:16 4636 ----a-w- C:\STF3A4C.tmp
    2011-05-12 00:14:45 4636 ----a-w- C:\STF5DD2.tmp
    2011-05-11 23:50:37 4636 ----a-w- C:\STF46A9.tmp
    2011-05-11 23:22:03 4636 ----a-w- C:\STF1E8E.tmp
    2011-05-11 22:53:18 4636 ----a-w- C:\STFCA07.tmp
    2011-05-11 22:30:43 4636 ----a-w- C:\STF1CE6.tmp
    2011-05-11 22:16:03 4636 ----a-w- C:\STFB118.tmp
    2011-05-11 22:00:31 4636 ----a-w- C:\STF7A10.tmp
    2011-05-11 21:39:16 4636 ----a-w- C:\STF379.tmp
    2011-05-11 20:01:25 4636 ----a-w- C:\STF6E87.tmp
    2011-05-11 20:00:33 4636 ----a-w- C:\STFA12A.tmp
    2011-05-11 19:38:51 4636 ----a-w- C:\STFC5E7.tmp
    2011-05-11 18:02:27 4636 ----a-w- C:\STF8241.tmp
    2011-05-11 17:59:02 4636 ----a-w- C:\STF6473.tmp
    2011-05-11 17:29:58 4636 ----a-w- C:\STFC4C9.tmp
    2011-05-11 17:19:22 4636 ----a-w- C:\STF10F4.tmp
    2011-05-11 16:58:14 4636 ----a-w- C:\STFB868.tmp
    2011-05-11 16:33:33 4574 ----a-w- C:\STF1E0B.tmp
    2011-05-11 16:29:19 4574 ----a-w- C:\STF4088.tmp
    2011-05-11 15:59:40 4574 ----a-w- C:\STF185E.tmp
    2011-05-11 15:54:03 4574 ----a-w- C:\STFF61E.tmp
    2011-05-11 15:29:14 4574 ----a-w- C:\STF3E04.tmp
    2011-05-11 14:36:47 4574 ----a-w- C:\STF38A6.tmp
    2011-05-11 14:24:02 4574 ----a-w- C:\STF8D58.tmp
    2011-05-11 14:22:05 4574 ----a-w- C:\STFC374.tmp
    2011-05-11 14:21:34 -------- d-----w- C:\Users\Jack\AppData\Local\SKIDROW
    2011-05-11 14:09:29 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 14:09:28 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 14:09:28 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 14:09:22 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 14:09:22 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 14:09:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 14:09:22 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 14:09:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 14:09:21 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 14:09:21 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-11 13:59:04 -------- d-----w- C:\Program Files (x86)\Valve
    2011-05-10 20:08:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-10 20:08:04 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-05-10 16:51:10 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C01F518F-9B71-41DC-803B-6DF42EF69660}\mpengine.dll
    2011-05-09 19:36:56 -------- d-----w- C:\Users\Jack\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    2011-05-09 19:36:50 -------- d-----w- C:\Program Files (x86)\Times Reader
    .
    ==================== Find3M ====================
    .
    2011-04-16 17:32:59 1391104 ----a-w- C:\apploc.msi
    2011-03-21 23:56:26 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-03-21 23:56:22 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-03-21 23:56:10 53760 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-03-21 23:56:06 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-03-21 23:55:58 16115712 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-03-21 23:55:46 12385792 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-10 00:31:27 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-03-10 00:31:27 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-03-09 09:22:42 9258496 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-03-09 05:41:52 22518272 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-03-09 05:19:22 17397248 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-03-09 04:57:04 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-03-09 04:56:54 679424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-03-09 04:55:52 795136 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-03-09 04:53:44 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-03-09 04:53:34 480256 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-03-09 04:53:04 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-03-09 04:52:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-03-09 04:51:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-03-09 04:51:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-03-09 04:51:34 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-03-09 04:51:28 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-03-09 04:51:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-03-09 04:51:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-03-09 04:48:46 4277760 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-03-09 04:40:22 5044224 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-03-09 04:34:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-03-09 04:34:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-03-09 04:34:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-03-09 04:34:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-03-09 04:34:12 7025152 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-03-09 04:32:32 5618688 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-03-09 04:30:30 4294656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-03-09 04:24:48 5438976 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-03-09 04:18:16 360448 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-03-09 04:18:10 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-03-09 04:18:00 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-03-09 04:17:56 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-03-09 04:17:56 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-03-09 04:17:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-03-09 04:17:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-03-09 04:17:42 300544 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-03-09 04:17:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-03-09 04:17:00 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-03-09 04:16:54 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-03-09 04:16:48 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-03-09 04:16:14 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-03-09 04:11:06 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-03-09 03:42:40 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-03-09 03:42:06 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-03-09 03:41:52 3239936 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-03-09 03:34:12 3471872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
    2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    .
    ============= FINISH: 18:04:14.53 ===============
  4. 2011-05-21, 10:25 #14
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    http://forums.spybot.info/showthread.php?t=62705
File::
C:\Windows\SysWow64\telephonm.dll
Suspect::[76]
C:\STFB868.tmp
C:\STF1E0B.tmp
Folder::
C:\Users\Jack\AppData\Local\SKIDROW

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Then let's run MBAM instead of ESET online scanner.

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2011-05-27, 06:54 #15
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Are you still there?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  6. 2011-06-03, 16:48 #16
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules