Hi, i think my computer is infected by a virus recently.
my comp: Windows XP Home
On the 16th of october i visited a filesharing site which led to this disaster. so I restarted my computer then i realised my computer was slower then usual. i thought it was nothing so i was looking 4 a walkthrough 4 a game from gamespot then when i minimised my internet (firefox) i saw 3 short cuts to nudetube.com porntube.com youporn.com so i right click them then target to find where they were coming from and they were in some internet folder but there were no file related to it and when i check it was actualy a linked to their actual sites. when i checked the internet folder i was viewing hidden files to just incase it was hidden n there was nothing out of the ordinary. then i used avg to remove this things and after the scan it found other virus so i deleted them then 1 hour later it spread and the shortcuts (nudetube.com porntube.com youporn.com) came back and some of my files were deleted because of avg then i installed Malwarebytes' Anti-Malware and scan my coomputer deleted everything that was there and my computer was fine for about an hour. So i installed the programs that were missing files again so it overwrites it and doesnt deleted any save fiels. then they came back again (i had all these programs b4 i visited the site and worked fine) so i installed Spybot - Search & Destroy and deleted everything and that worked out fine. then i restarted my computer and my computer stuffed up. the blue screen always appear. The blue screens that i have encountered are:
STOP 0x0000000A (0xB2CFA780, 0x00000002, 0x00000000, 0x80505A34)
STOP 0x0000000A (0xADB2A080, 0x00000002, 0x00000000, 0x80505A39)
STOP 0x0000000A (0xB2CFA780, 0x00000002, 0x00000000, 0x80505AC4)
STOP 0x000000c5 (dind't write it down)
STOP 0x00000024
Also everyday pop ups of .tmp error has increased frequently, the ones that popped up so far are:
12.tmp
5D.tmp
3.tmp
5.tmp
6D.tmp
84.tmp
64.tmp
(cant remember anymore)
Things i have done to solve:
google it (obviously) then found a similar problem but the person decided to reinstall windows and he wasnt worried about his files but iam and i cant lose any of my files as they are realy important. (i didnt make any back up and i dont have enought room to make a back up and dont have any empty disk).
i found other ones and followed it and it said i was suppose 2 run windows in safe mode and i tried but couldnt because of d347.bus cause it couldnt read it so i restarted and tried 2 go back 2 windows but the blue screen appeard so i pressed f8 and tried the other safe mode (safe mode with network, safe mode with dos [i think]) then i restarted cause it didnt work and tried to run it properly but didnt work then i restarted again and it worked. and i found out that it was a daemon tool problem which the file came from so i uninstalled daemon tools and the problem i had 4 going 2 safe was gone but the blue screen appeared again. so i tried to fix it by trying to stop the blue screen (got it from some site) where i had to:
click start
right click my computer then properties
advanced tab
then in the start up and recovery box click settings
(4got the rest)
which didnt work
then i followed a differnt one:
go run type in msconfig
startup tab
disable all checklist (which includes [all in .exe], 84.tmp, 60.tmp, servises, servises, velpslme, iomssls,ctfmon, lmssspr, btdna, ccleaner, iomssls, ctfmon, [{the ones i trust}google update, yahoo, msn, skype, google toolbar, veoh, microsoft office], WCescomm, magnetic, NvCpl, velpsme, servises, lmssspr, RtlWake)
and another one:
go run type in cmd
then type in chkdsk
and i was suppose 2 type y if there was a program running and start it wen i restart the comp (so i did)
then after this was complete the blue screen came up again then i tried chkdsk /f and the sam ething happend so i tried chkdsk /r cause i thought it needed repair and the same thing happend.
The only way to fix the bluescreen was pressing f8 and selecting the Last known good configuration so the blue screen doesnt appear just suddenly but it still appears wen i try safe mode.
Files i installed from 16th October to 18th October:
Hotspot Shield
Malwarebytes' Anti-Malware
Spybot - Search & Destroy
Adobe Flash CS4 Professional
Adobe Fireworks CS4
cobian backup 8 (i couldnt fully install it but i installed it over 3 times and it keeps saying 7 errors until around the 3rd time it says 4 errors)
dds
RootRepeal
Files i uninstalled from 16th October to 18th October:
Hotspot Shield
Adobe Fireworks CS4
Files i still have after Last known good configuration:
Hotspot Shield
so my main problem is to delete this virus from the site i got, so could someone please help me. thanks in advance (hopefully soon cause i have exams coming up and these virus are infecting my files and i cant lose my notes.)
DDS (Ver_09-10-13.01) - NTFSx86
Run by Owner at 20:42:09.54 on Sun 18/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.61.1033.18.1023.363 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
svchost.exe C:\WINDOWS\TEMP\VRT7.tmp
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\servises.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe "C:\WINDOWS\system32\7F.tmp"
C:\WINDOWS\system32\80.tmp
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
mURLSearchHooks: H - No File
mWinlogon: Taskman=c:\recycler\s-1-5-21-1157645303-3774681882-903591932-4791\yv8g67.exe
uWinlogon: Shell=c:\windows\system32\lmssspr.exe,c:\windows\system32\velplsme.exe,c:\recycler\s-1-5-21-1157645303-3774681882-903591932-4791\yv8g67.exe,explorer.exe,c:\windows\system32\iomssls.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
BHO: WinAVI FLVSense: {e8df67a1-b618-4f3f-9e7c-cbe175adef5b} - c:\program files\winavi flv converter\FLVTune.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [servises] c:\windows\system32\servises.exe
uRun: [opqlsys] c:\windows\system32\velplsme.exe
uRun: [crsmons] c:\windows\system32\iomssls.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [xisbcom] c:\windows\system32\lmssspr.exe
mRun: [2050] c:\windows\system32\84.tmp.exe
mRun: [servises] c:\windows\system32\servises.exe
dRun: [servises] c:\windows\system32\servises.exe
dRunOnce: [RunNarrator] Narrator.exe
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
dExplorerRun: [servises] c:\windows\system32\servises.exe
IE: &Download FLV by WinAVI... - c:\program files\winavi flv converter\flv_link.htm
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\winavi flv converter\FLVTune.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\yahtzee\images\stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\yahtzee\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\7nkd3k6g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\{5601b994-0e9b-4ce2-8ab9-ad1155f2abbd}\plugins\NPNeffyPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ahnlab\asp\components\npaosmgr\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMFFUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mympc\rpplugins\nppl3260.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-23 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-9-30 141312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-23 297752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-19 8849]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [2007-10-16 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [2007-10-16 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [2007-10-16 6336]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 34304]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;c:\windows\system32\drivers\Bel6001.sys [2008-12-1 168448]
R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [2009-9-16 32768]
RUnknown zuwvnwcb1;zuwvnwcb1; [x]
S1 zhrrkerjy1;zhrrkerjy1;c:\windows\system32\drivers\zhrrkerjy1.sys --> c:\windows\system32\drivers\zhrrkerjy1.sys [?]
S1 zvgwohoaj1;zvgwohoaj1;c:\windows\system32\drivers\zvgwohoaj1.sys [2009-10-18 40192]
S2 gupdate1c935adf182628;Google Update Service (gupdate1c935adf182628);c:\program files\google\update\GoogleUpdate.exe [2008-10-24 133104]
S2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe --> c:\program files\hotspot shield\hsswpr\hsssrv.exe [?]
S2 SwPrvSSScsiSV;MS Software Shadow Copy Provider SwPrvSSScsiSV;c:\windows\system32\7f.tmp srv --> c:\windows\system32\7F.tmp srv [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\hsstrayservice.exe --> c:\program files\hotspot shield\bin\HssTrayService.EXE [?]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-8-18 132608]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-8-18 79104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
=============== Created Last 30 ================
2009-10-18 20:26 32 a--s---- c:\windows\system32\2382874839.dat
2009-10-18 20:26 40,192 a------- c:\windows\system32\drivers\zvgwohoaj1.sys
2009-10-18 20:26 18,944 a------- c:\windows\system32\84.tmp
2009-10-18 20:26 23,552 a------- c:\windows\system32\80.tmp
2009-10-18 20:26 64,000 a------- c:\windows\system32\7F.tmp
2009-10-18 20:26 1 a------- c:\windows\system32\7E.tmp
2009-10-18 20:26 264 a------- c:\windows\system32\7C.tmp
2009-10-18 20:23 0 a------- c:\windows\system32\7B.tmp
2009-10-18 18:33 40,192 a------- c:\windows\system32\drivers\zbkfosgsw3.sys
2009-10-18 18:33 18,944 a------- c:\windows\system32\7D.tmp
2009-10-18 18:33 23,552 a------- c:\windows\system32\79.tmp
2009-10-18 18:33 172 a------- c:\windows\system32\78.tmp
2009-10-18 18:31 40,192 a------- c:\windows\system32\drivers\zcprrqegnki1.sys
2009-10-18 18:31 18,944 a------- c:\windows\system32\7A.tmp
2009-10-18 18:31 23,552 a------- c:\windows\system32\77.tmp
2009-10-18 18:31 172 a------- c:\windows\system32\76.tmp
2009-10-18 18:14 0 a------- c:\windows\system32\75.tmp
2009-10-18 18:14 23,552 a------- c:\windows\system32\74.tmp
2009-10-18 18:14 172 a------- c:\windows\system32\73.tmp
2009-10-18 17:59 0 a------- c:\windows\system32\70.tmp
2009-10-18 17:56 40,192 a------- c:\windows\system32\drivers\zqnwudvx9.sys
2009-10-18 17:56 18,944 a------- c:\windows\system32\72.tmp
2009-10-18 17:56 34,304 a------- c:\windows\system32\71.tmp
2009-10-18 17:56 23,552 a------- c:\windows\system32\6E.tmp
2009-10-18 17:56 172 a------- c:\windows\system32\6C.tmp
2009-10-18 17:43 <DIR> --d----- c:\program files\Cobian Backup 8
2009-10-18 17:27 40,192 a------- c:\windows\system32\drivers\zchbojgynej3.sys
2009-10-18 17:27 18,944 a------- c:\windows\system32\6F.tmp
2009-10-18 17:27 23,552 a------- c:\windows\system32\6B.tmp
2009-10-18 17:27 172 a------- c:\windows\system32\65.tmp
2009-10-18 17:19 40,192 a------- c:\windows\system32\drivers\zkwocdfxo3.sys
2009-10-18 17:19 18,944 a------- c:\windows\system32\6D.tmp
2009-10-18 17:18 23,552 a------- c:\windows\system32\6A.tmp
2009-10-18 17:18 172 a------- c:\windows\system32\69.tmp
2009-10-18 17:12 23,552 a------- c:\windows\system32\67.tmp
2009-10-18 17:12 172 a------- c:\windows\system32\66.tmp
2009-10-18 17:11 40,192 a------- c:\windows\system32\drivers\zhgqdfrdfu3.sys
2009-10-18 17:11 18,944 a------- c:\windows\system32\68.tmp
2009-10-18 17:10 172 a------- c:\windows\system32\64.tmp
2009-10-18 17:06 40,192 a------- c:\windows\system32\drivers\zohqjasr5.sys
2009-10-18 17:06 18,944 a------- c:\windows\system32\63.tmp
2009-10-18 17:06 34,304 a------- c:\windows\system32\62.tmp
2009-10-18 17:06 32,256 a------- c:\windows\system32\61.tmp
2009-10-18 17:06 23,552 a------- c:\windows\system32\5F.tmp
2009-10-18 17:06 172 a------- c:\windows\system32\5E.tmp
2009-10-18 17:01 40,192 a------- c:\windows\system32\drivers\zjfkviuytt3.sys
2009-10-18 17:01 18,944 a------- c:\windows\system32\60.tmp
2009-10-18 17:01 23,552 a------- c:\windows\system32\5C.tmp
2009-10-18 17:01 172 a------- c:\windows\system32\5B.tmp
2009-10-18 16:52 40,192 a------- c:\windows\system32\drivers\zjplhwru5.sys
2009-10-18 16:52 18,944 a------- c:\windows\system32\5D.tmp
2009-10-18 16:52 23,552 a------- c:\windows\system32\5A.tmp
2009-10-18 16:52 172 a------- c:\windows\system32\57.tmp
2009-10-18 16:41 40,192 a------- c:\windows\system32\drivers\zogofwbomwd7.sys
2009-10-18 16:41 18,944 a------- c:\windows\system32\59.tmp
2009-10-18 16:41 34,304 a------- c:\windows\system32\58.tmp
2009-10-18 16:41 23,552 a------- c:\windows\system32\56.tmp
2009-10-18 16:41 172 a------- c:\windows\system32\55.tmp
2009-10-18 16:33 32,256 a------- c:\windows\system32\54.tmp
2009-10-18 16:33 23,552 a------- c:\windows\system32\53.tmp
2009-10-18 16:33 172 a------- c:\windows\system32\52.tmp
2009-10-18 16:27 40,192 a------- c:\windows\system32\drivers\zutqwgrbgi3.sys
2009-10-18 16:27 18,944 a------- c:\windows\system32\51.tmp
2009-10-18 16:27 34,304 a------- c:\windows\system32\50.tmp
2009-10-18 16:27 32,256 a------- c:\windows\system32\4F.tmp
2009-10-18 16:27 23,552 a------- c:\windows\system32\4E.tmp
2009-10-18 16:26 172 a------- c:\windows\system32\4D.tmp
2009-10-18 16:20 40,192 a------- c:\windows\system32\drivers\zmwqcyem7.sys
2009-10-18 16:20 18,944 a------- c:\windows\system32\4C.tmp
2009-10-18 16:19 34,304 a------- c:\windows\system32\4B.tmp
2009-10-18 16:19 32,256 a------- c:\windows\system32\4A.tmp
2009-10-18 16:19 23,552 a------- c:\windows\system32\49.tmp
2009-10-18 16:19 172 a------- c:\windows\system32\48.tmp
2009-10-18 16:11 21,374 a------- c:\windows\system32\47.tmp
2009-10-18 16:11 32,256 a------- c:\windows\system32\46.tmp
2009-10-18 16:11 23,552 a------- c:\windows\system32\44.tmp
2009-10-18 16:11 172 a------- c:\windows\system32\42.tmp
2009-10-18 15:44 37,376 a------- c:\windows\system32\drivers\HssDrv.sys
2009-10-18 15:44 <DIR> --d----- c:\windows\LastGood.Tmp
2009-10-18 15:41 18,944 a------- c:\windows\system32\45.tmp
2009-10-18 15:41 23,552 a------- c:\windows\system32\41.tmp
2009-10-18 15:41 172 a------- c:\windows\system32\3C.tmp
2009-10-18 15:32 40,192 a------- c:\windows\system32\drivers\zuwvnwcb1.sys
2009-10-18 15:32 18,944 a------- c:\windows\system32\43.tmp
2009-10-18 15:32 23,552 a------- c:\windows\system32\3F.tmp
2009-10-18 15:32 172 a------- c:\windows\system32\3E.tmp
2009-10-18 15:31 58,368 ---shr-- c:\windows\system32\lmssspr.exe
2009-10-18 13:14 23,552 a------- c:\windows\system32\servises.exe
2009-10-18 13:14 40,192 a------- c:\windows\system32\drivers\zrbkfntprfx7.sys
2009-10-18 13:14 18,944 a------- c:\windows\system32\40.tmp
2009-10-18 13:14 32,256 a------- c:\windows\system32\reader_s.exe
2009-10-18 13:14 32,256 a------- c:\documents and settings\owner\reader_s.exe
2009-10-18 13:14 172 a------- c:\windows\system32\3B.tmp
2009-10-18 12:06 40,192 a------- c:\windows\system32\drivers\zhoufjwwhlw7.sys
2009-10-18 12:06 18,944 a------- c:\windows\system32\3D.tmp
2009-10-18 12:06 23,552 a------- c:\windows\system32\39.tmp
2009-10-18 12:06 172 a------- c:\windows\system32\38.tmp
2009-10-18 11:50 40,192 a------- c:\windows\system32\drivers\zaxxbnsvjae1.sys
2009-10-18 11:50 18,944 a------- c:\windows\system32\3A.tmp
2009-10-18 11:50 23,552 a------- c:\windows\system32\37.tmp
2009-10-18 11:50 176,128 a------- c:\windows\system32\36.tmp
2009-10-18 11:50 1 a------- c:\windows\system32\34.tmp
2009-10-18 11:50 264 a------- c:\windows\system32\33.tmp
2009-10-18 11:32 40,192 a------- c:\windows\system32\drivers\zfrduila1.sys
2009-10-18 11:32 18,944 a------- c:\windows\system32\35.tmp
2009-10-18 11:32 23,552 a------- c:\windows\system32\32.tmp
2009-10-18 11:32 176,128 a------- c:\windows\system32\31.tmp
2009-10-18 11:32 1 a------- c:\windows\system32\2F.tmp
2009-10-18 11:32 264 a------- c:\windows\system32\2E.tmp
2009-10-18 11:32 61,440 ---shr-- c:\windows\system32\velplsme.exe
2009-10-18 11:26 40,192 a------- c:\windows\system32\drivers\zlixhsggicab5.sys
2009-10-18 11:26 18,944 a------- c:\windows\system32\30.tmp
2009-10-18 11:26 23,552 a------- c:\windows\system32\2C.tmp
2009-10-18 11:25 176,128 a------- c:\windows\system32\2B.tmp
2009-10-18 11:25 1 a------- c:\windows\system32\26.tmp
2009-10-18 11:25 264 a------- c:\windows\system32\23.tmp
2009-10-18 11:04 237,568 a------- c:\windows\system32\6096853.exe
2009-10-18 11:04 808 a------- c:\windows\system32\50375.exe
2009-10-18 11:04 46,592 ---shr-- c:\windows\system32\iomssls.exe
2009-10-18 11:02 40,192 a------- c:\windows\system32\drivers\zerxpkseieof7.sys
2009-10-18 11:02 18,944 a------- c:\windows\system32\2D.tmp
2009-10-18 11:02 0 a------- c:\windows\sc.exe
2009-10-18 11:02 23,552 a------- c:\windows\system32\2A.tmp
2009-10-18 11:02 176,128 a------- c:\windows\system32\29.tmp
2009-10-18 11:02 1 a------- c:\windows\system32\28.tmp
2009-10-18 11:02 264 a------- c:\windows\system32\25.tmp
2009-10-17 23:26 18,944 a------- c:\windows\system32\D8.tmp
2009-10-17 23:26 40,192 a------- c:\windows\system32\drivers\zdvxqyjaw7.sys
2009-10-17 23:26 23,040 a------- c:\windows\system32\D5.tmp
2009-10-17 23:26 172 a------- c:\windows\system32\D4.tmp
2009-10-17 19:45 40,192 a------- c:\windows\system32\drivers\zqbsqyidsi7.sys
2009-10-17 19:45 18,944 a------- c:\windows\system32\27.tmp
2009-10-17 19:45 172 a------- c:\windows\system32\21.tmp
2009-10-17 18:55 40,192 a------- c:\windows\system32\drivers\zsasphcp9.sys
2009-10-17 18:55 18,944 a------- c:\windows\system32\24.tmp
2009-10-17 18:55 23,552 a------- c:\windows\system32\20.tmp
2009-10-17 18:55 176 a------- c:\windows\system32\1B.tmp
2009-10-17 18:40 40,192 a------- c:\windows\system32\drivers\zbuuulkqcvs5.sys
2009-10-17 18:40 18,944 a------- c:\windows\system32\22.tmp
2009-10-17 18:39 23,552 a------- c:\windows\system32\1E.tmp
2009-10-17 18:39 176 a------- c:\windows\system32\1D.tmp
2009-10-17 18:34 18,944 a------- c:\windows\system32\1F.tmp
2009-10-17 18:34 40,192 a------- c:\windows\system32\drivers\zefhbcjfkl3.sys
2009-10-17 18:34 176 a------- c:\windows\system32\1A.tmp
2009-10-17 18:30 1,073,299,456 a------- c:\windows\MEMORY.DMP
2009-10-17 18:25 40,192 a------- c:\windows\system32\drivers\zrdtblicu5.sys
2009-10-17 18:25 18,944 a------- c:\windows\system32\1C.tmp
2009-10-17 18:25 23,552 a------- c:\windows\system32\18.tmp
2009-10-17 18:25 176 a------- c:\windows\system32\17.tmp
2009-10-17 18:14 40,192 a------- c:\windows\system32\drivers\zvrvhhruslhg5.sys
2009-10-17 18:14 18,944 a------- c:\windows\system32\19.tmp
2009-10-17 18:14 23,552 a------- c:\windows\system32\15.tmp
2009-10-17 18:14 176 a------- c:\windows\system32\13.tmp
2009-10-17 17:52 40,192 a------- c:\windows\system32\drivers\ztmqwvbrqnjgq7.sys
2009-10-17 17:52 18,944 a------- c:\windows\system32\16.tmp
2009-10-17 17:52 23,552 a------- c:\windows\system32\11.tmp
2009-10-17 17:52 176 a------- c:\windows\system32\3.tmp
2009-10-17 17:42 40,192 a------- c:\windows\system32\drivers\zcqmxukh9.sys
2009-10-17 17:42 18,944 a------- c:\windows\system32\14.tmp
2009-10-17 17:42 23,552 a------- c:\windows\system32\10.tmp
2009-10-17 17:41 176 a------- c:\windows\system32\A.tmp
2009-10-17 17:28 40,192 a------- c:\windows\system32\drivers\zstowksmici7.sys
2009-10-17 17:28 18,944 a------- c:\windows\system32\12.tmp
2009-10-17 17:28 23,552 a------- c:\windows\system32\E.tmp
2009-10-17 17:28 176 a------- c:\windows\system32\C.tmp
2009-10-17 17:12 40,192 a------- c:\windows\system32\drivers\zqwbijlp7.sys
2009-10-17 17:12 18,944 a------- c:\windows\system32\F.tmp
2009-10-17 17:12 176 a------- c:\windows\system32\7.tmp
2009-10-17 15:36 40,192 a------- c:\windows\system32\drivers\zccjunur7.sys
2009-10-17 15:36 18,944 a------- c:\windows\system32\B.tmp
2009-10-17 15:36 23,552 a------- c:\windows\system32\6.tmp
2009-10-17 15:36 176 a------- c:\windows\system32\4.tmp
2009-10-17 14:59 40,192 a------- c:\windows\system32\drivers\zdwmhheod5.sys
2009-10-17 14:59 18,944 a------- c:\windows\system32\D.tmp
2009-10-17 14:58 176 a------- c:\windows\system32\8.tmp
2009-10-17 14:38 245 a------- c:\windows\wininit.ini
2009-10-17 13:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-17 13:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-17 13:35 40,192 a------- c:\windows\system32\drivers\zplagebvu5.sys
2009-10-17 13:35 18,944 a------- c:\windows\system32\9.tmp
2009-10-17 13:35 176 a------- c:\windows\system32\5.tmp
2009-10-17 13:06 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-10-17 13:06 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-17 13:06 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-17 13:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 11:01 808 a------- c:\windows\system32\9341699.exe
2009-10-17 11:01 0 a------- c:\windows\system32\8D.tmp
2009-10-17 11:01 18,944 a------- c:\windows\system32\8B.tmp
2009-10-17 11:01 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-17 11:01 176 a------- c:\windows\system32\83.tmp
2009-10-16 20:45 <DIR> --d----- c:\docume~1\owner\applic~1\Apowersoft
2009-10-16 19:49 <DIR> --d----- c:\program files\Conduit
2009-10-16 19:49 <DIR> --d----- c:\program files\Hotspot_Shield
2009-10-16 16:18 133,632 a------- c:\windows\SC.INS
2009-10-03 16:19 <DIR> --d----- c:\program files\CAPCOM
2009-10-03 16:19 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-10-03 16:19 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-10-03 16:19 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-10-03 16:19 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-10-03 16:19 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-10-03 16:19 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-10-03 16:18 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-10-03 16:18 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-10-03 16:18 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-10-03 16:18 <DIR> --d----- c:\windows\system32\xlive
2009-10-03 16:18 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-10-02 18:18 <DIR> --d----- c:\program files\Microsoft Hardware
2009-10-02 17:10 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-10-02 17:10 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-10-02 17:10 2,688 ac------ c:\windows\system32\dllcache\hidswvd.sys
2009-10-02 17:10 2,688 a------- c:\windows\system32\drivers\HIDSwvd.sys
2009-10-02 17:10 59,136 ac------ c:\windows\system32\dllcache\gckernel.sys
2009-10-02 17:10 59,136 a------- c:\windows\system32\drivers\GcKernel.sys
2009-09-26 23:19 <DIR> --d----- c:\program files\common files\DivX Shared
2009-09-20 01:09 <DIR> --d----- c:\docume~1\owner\applic~1\ScummVM
==================== Find3M ====================
2009-10-17 11:01 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-09-25 16:56 662,016 a------- c:\windows\system32\wininet.dll
2009-09-25 16:56 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-16 07:04 32,768 a------- c:\windows\system32\drivers\taphss.sys
2009-09-12 01:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-05 07:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-28 23:41 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 23:41 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 19:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-10 00:03 29,672 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-08-05 20:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 00:58 2,136,064 a------- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:13 2,015,744 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-30 20:32 804,368 a------- c:\windows\GlbNMUpdater.exe
============= FINISH: 20:43:02.25 ===============
(sorry if i didnt do this right its my first post and i tried 2 follow the guidelines from grindler) thanks again.