Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search being redirected


  • Please log in to reply
38 replies to this topic

#1 search4f

search4f

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 20 January 2011 - 11:07 AM

Hello all and thanks in advance for your help. My searchs are being redirected. I ran malwarbytes, hitman etc..... Nothing finds anything.
here is the log from hijack this. please help thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:17 AM, on 1/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system\HsMgr.exe
C:\Program Files\Shield\shieldtray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WECPE3F\HitmanPro35[1].exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFGui.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Users/Marc/AppData/Local/Temp/RapidSolution/Tunebite/.downloading/profile/rrproxy_ie_4cf71903.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cmaudio8768GX] C:\Windows\system\HsMgr.exe Envoke
O4 - HKLM\..\Run: [shield] C:\Program Files\Shield\shieldtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [JZ2XQo70Mm] control.exe "C:\Program Files\5kn3XyL\JZ2XQo70Mm.cpl",0,0
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: EvernoteTray.lnk = C:\Program Files\Evernote\Evernote\EvernoteTray.exe
O4 - Global Startup: Evernote Clipper.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Send to Phone - C:\Program Files\TeleNav\TeleNav Address Plugin\sendlocation.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send to Phone - {91508E2C-F25E-439B-9832-464A7733DFA6} - C:\Program Files\TeleNav\TeleNav Address Plugin\TNLocator.dll (HKCU)
O15 - Trusted Zone: http://www.tube8.com
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SHDSERV - Unknown owner - C:\Program Files\Shield\shdserv.exe
O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files\Shield\shieldclnt.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 11637 bytes

Edited by boopme, 20 January 2011 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 20 January 2011 - 09:18 PM

Download DDS by sUBs and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your Desktop and post them in your next reply



We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 21 January 2011 - 10:21 PM

Thanks so far. I will follow your directions in a little while. in the mean time i came home to find this on avast. it dosent let me do anything (delete repair move to chest etc...)

#4 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 21 January 2011 - 10:26 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Marc at 22:22:58.41 on Fri 01/21/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.418 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system\HsMgr.exe
C:\Program Files\Shield\shieldtray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Shield\shdserv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Shield\shieldclnt.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\mobsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marc\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [JZ2XQo70Mm] control.exe "c:\program files\5kn3xyl\JZ2XQo70Mm.cpl",0,0
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [Cmaudio8768GX] c:\windows\system\HsMgr.exe Envoke
mRun: [shield] c:\program files\shield\shieldtray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to Phone - c:\program files\telenav\telenav address plugin\sendlocation.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: tube8.com\www
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\marc\appdata\roaming\mozilla\firefox\profiles\eme1c3ro.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\marc\appdata\roaming\mozilla\firefox\profiles\eme1c3ro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\marc\appdata\roaming\mozilla\firefox\profiles\eme1c3ro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-28 64288]
R0 Shdbus;Shdbus;c:\windows\system32\drivers\Shdbus.sys [2010-11-28 7448]
R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [2010-11-28 104984]
R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [2010-11-28 26264]
R0 Shieldm;Shieldm;c:\windows\system32\drivers\Shieldm.sys [2010-11-28 32408]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-1-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-1-20 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-28 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-13 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1402272]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-3 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-28 1153368]
R2 ShieldClientService;Shield Client Service;c:\program files\shield\ShieldClnt.exe [2010-11-28 45056]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-1-10 16968]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-28 123496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-1-20 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-28 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-12-12 23608]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-1-4 23608]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-1 25704]

=============== Created Last 30 ================

2011-01-22 03:09:36 54016 ----a-w- c:\windows\system32\drivers\tnlcxh.sys
2011-01-20 15:51:25 388096 ----a-r- c:\users\marc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-20 15:51:25 -------- d-----w- c:\program files\Trend Micro
2011-01-20 15:38:21 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-01-20 15:38:21 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-01-20 15:38:21 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-01-20 15:38:18 -------- d-----w- c:\program files\ThreatFire
2011-01-20 15:38:18 -------- d-----w- c:\progra~2\PC Tools
2011-01-18 08:48:13 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bab03bbf-5264-48e1-b7f5-487bf2713f4f}\mpengine.dll
2011-01-18 04:38:27 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-01-17 01:22:35 921600 ----a-w- c:\windows\system32\TVE2COM.dll
2011-01-17 01:22:35 901120 ----a-w- c:\windows\system32\TVE2.dll
2011-01-17 01:22:35 175104 ----a-w- c:\windows\system32\lame_enc.dll
2011-01-17 01:20:19 13 ---h--w- c:\progra~2\3113.sys
2011-01-17 01:20:07 938272 ----a-w- c:\windows\system32\wodFtpDLX.OCX
2011-01-16 14:02:05 -------- d-----w- c:\progra~2\FileCure
2011-01-16 01:52:47 -------- d-----w- c:\users\marc\appdata\roaming\gSyncit
2011-01-13 23:25:06 -------- d-----w- c:\program files\TeleNav
2011-01-13 16:20:22 -------- d-----w- c:\users\marc\appdata\local\Audible
2011-01-13 15:52:47 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-01-13 15:52:41 24576 ------w- c:\windows\system32\msxml3a.dll
2011-01-13 15:52:35 -------- d-----w- c:\program files\Audible
2011-01-11 03:29:46 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-10 14:25:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-10 14:25:00 -------- d-----w- c:\progra~2\Hitman Pro
2011-01-10 14:13:28 -------- d-----w- c:\users\marc\appdata\roaming\Malwarebytes
2011-01-10 14:12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 14:12:34 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-10 14:12:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 14:12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 15:54:38 -------- d-----w- c:\users\marc\appdata\local\CutePDF Writer
2011-01-06 15:52:12 -------- d-----w- c:\program files\GPLGS
2011-01-06 15:51:58 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-01-06 15:51:57 -------- d-----w- c:\program files\Acro Software
2011-01-06 15:19:37 -------- d-----w- c:\users\marc\appdata\local\ElevatedDiagnostics
2011-01-06 15:13:35 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-01-06 15:07:34 -------- d-----w- c:\program files\HP
2011-01-06 15:07:20 -------- d-----w- c:\windows\Downloaded Installations
2011-01-05 03:31:03 23608 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-01-05 03:28:58 -------- d-----w- c:\program files\5kn3XyL
2011-01-03 03:54:31 -------- d-----w- c:\program files\Unlocker
2011-01-02 16:42:19 -------- d-----w- c:\users\marc\appdata\roaming\Ashampoo
2011-01-02 16:40:20 -------- d-----w- c:\users\marc\appdata\local\ashampoo
2011-01-02 16:40:20 -------- d-----w- c:\progra~2\ashampoo
2011-01-02 16:40:14 -------- d-----w- c:\program files\Ashampoo
2010-12-28 04:16:58 106 --sh--w- c:\windows\WSYS049.SYS
2010-12-28 04:16:19 831776 ----a-w- c:\windows\system32\wodFtpDLX.dll
2010-12-28 04:16:19 274976 ----a-w- c:\windows\system32\XceedFtp.dll
2010-12-28 04:09:18 -------- d-----w- c:\program files\CoffeeCup Software
2010-12-28 03:02:00 -------- d-----w- c:\program files\DavidRM Software
2010-12-27 18:54:35 -------- d-----w- c:\program files\Folder Size
2010-12-27 18:41:30 -------- d-----w- c:\users\marc\appdata\roaming\DiskSpaceFan
2010-12-27 18:40:52 -------- d-----w- c:\program files\DiskSpaceFan
2010-12-27 03:45:23 -------- d-----w- c:\program files\Duplicate Cleaner
2010-12-26 14:35:34 -------- d-----w- c:\users\marc\appdata\roaming\TightVNC

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-27 14:11:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-27 14:11:20 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-11 04:11:37 17488 ----a-w- c:\windows\gdrv.sys
2010-12-08 18:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-06 14:07:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-02 06:14:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-02 06:14:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-01 20:04:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-27 04:40:24 501424 ----a-w- c:\windows\system32\SGrid4Team.ocx
2010-10-27 04:40:22 231088 ----a-w- c:\windows\system32\CompareLib.dll
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-25 20:13:40 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 20:13:38 47512 ----a-w- c:\windows\system32\AdobePDF.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD1600AAJS-00PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
1 ntkrnlpa!IofCallDriver[0x82C57458] -> \Device\Harddisk0\DR0[0x85A76030]
3 CLASSPNP[0x88FAD59E] -> ntkrnlpa!IofCallDriver[0x82C57458] -> [0x85990918]
5 ACPI[0x88ABA3B2] -> ntkrnlpa!IofCallDriver[0x82C57458] -> \Device\Ide\IdeDeviceP2T0L0-2[0x85978908]
kernel: MBR read successfully
_asm { CLI ; JMP 0xef; }
user != kernel MBR !!!
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

============= FINISH: 22:25:08.20 ===============

#5 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 21 January 2011 - 10:29 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Marc at 22:22:58.41 on Fri 01/21/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.418 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system\HsMgr.exe
C:\Program Files\Shield\shieldtray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Shield\shdserv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Shield\shieldclnt.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\mobsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marc\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [JZ2XQo70Mm] control.exe "c:\program files\5kn3xyl\JZ2XQo70Mm.cpl",0,0
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [Cmaudio8768GX] c:\windows\system\HsMgr.exe Envoke
mRun: [shield] c:\program files\shield\shieldtray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to Phone - c:\program files\telenav\telenav address plugin\sendlocation.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: tube8.com\www
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\marc\appdata\roaming\mozilla\firefox\profiles\eme1c3ro.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\marc\appdata\roaming\mozilla\firefox\profiles\eme1c3ro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\marc\appdata\roaming\mozilla\firefox\profiles\eme1c3ro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-28 64288]
R0 Shdbus;Shdbus;c:\windows\system32\drivers\Shdbus.sys [2010-11-28 7448]
R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [2010-11-28 104984]
R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [2010-11-28 26264]
R0 Shieldm;Shieldm;c:\windows\system32\drivers\Shieldm.sys [2010-11-28 32408]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-1-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-1-20 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-28 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-13 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1402272]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-3 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-28 1153368]
R2 ShieldClientService;Shield Client Service;c:\program files\shield\ShieldClnt.exe [2010-11-28 45056]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-1-10 16968]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-28 123496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-1-20 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-28 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-12-12 23608]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-1-4 23608]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-1 25704]

=============== Created Last 30 ================

2011-01-22 03:09:36 54016 ----a-w- c:\windows\system32\drivers\tnlcxh.sys
2011-01-20 15:51:25 388096 ----a-r- c:\users\marc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-20 15:51:25 -------- d-----w- c:\program files\Trend Micro
2011-01-20 15:38:21 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-01-20 15:38:21 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-01-20 15:38:21 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-01-20 15:38:18 -------- d-----w- c:\program files\ThreatFire
2011-01-20 15:38:18 -------- d-----w- c:\progra~2\PC Tools
2011-01-18 08:48:13 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bab03bbf-5264-48e1-b7f5-487bf2713f4f}\mpengine.dll
2011-01-18 04:38:27 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-01-17 01:22:35 921600 ----a-w- c:\windows\system32\TVE2COM.dll
2011-01-17 01:22:35 901120 ----a-w- c:\windows\system32\TVE2.dll
2011-01-17 01:22:35 175104 ----a-w- c:\windows\system32\lame_enc.dll
2011-01-17 01:20:19 13 ---h--w- c:\progra~2\3113.sys
2011-01-17 01:20:07 938272 ----a-w- c:\windows\system32\wodFtpDLX.OCX
2011-01-16 14:02:05 -------- d-----w- c:\progra~2\FileCure
2011-01-16 01:52:47 -------- d-----w- c:\users\marc\appdata\roaming\gSyncit
2011-01-13 23:25:06 -------- d-----w- c:\program files\TeleNav
2011-01-13 16:20:22 -------- d-----w- c:\users\marc\appdata\local\Audible
2011-01-13 15:52:47 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-01-13 15:52:41 24576 ------w- c:\windows\system32\msxml3a.dll
2011-01-13 15:52:35 -------- d-----w- c:\program files\Audible
2011-01-11 03:29:46 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-10 14:25:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-10 14:25:00 -------- d-----w- c:\progra~2\Hitman Pro
2011-01-10 14:13:28 -------- d-----w- c:\users\marc\appdata\roaming\Malwarebytes
2011-01-10 14:12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 14:12:34 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-10 14:12:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 14:12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 15:54:38 -------- d-----w- c:\users\marc\appdata\local\CutePDF Writer
2011-01-06 15:52:12 -------- d-----w- c:\program files\GPLGS
2011-01-06 15:51:58 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-01-06 15:51:57 -------- d-----w- c:\program files\Acro Software
2011-01-06 15:19:37 -------- d-----w- c:\users\marc\appdata\local\ElevatedDiagnostics
2011-01-06 15:13:35 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-01-06 15:07:34 -------- d-----w- c:\program files\HP
2011-01-06 15:07:20 -------- d-----w- c:\windows\Downloaded Installations
2011-01-05 03:31:03 23608 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-01-05 03:28:58 -------- d-----w- c:\program files\5kn3XyL
2011-01-03 03:54:31 -------- d-----w- c:\program files\Unlocker
2011-01-02 16:42:19 -------- d-----w- c:\users\marc\appdata\roaming\Ashampoo
2011-01-02 16:40:20 -------- d-----w- c:\users\marc\appdata\local\ashampoo
2011-01-02 16:40:20 -------- d-----w- c:\progra~2\ashampoo
2011-01-02 16:40:14 -------- d-----w- c:\program files\Ashampoo
2010-12-28 04:16:58 106 --sh--w- c:\windows\WSYS049.SYS
2010-12-28 04:16:19 831776 ----a-w- c:\windows\system32\wodFtpDLX.dll
2010-12-28 04:16:19 274976 ----a-w- c:\windows\system32\XceedFtp.dll
2010-12-28 04:09:18 -------- d-----w- c:\program files\CoffeeCup Software
2010-12-28 03:02:00 -------- d-----w- c:\program files\DavidRM Software
2010-12-27 18:54:35 -------- d-----w- c:\program files\Folder Size
2010-12-27 18:41:30 -------- d-----w- c:\users\marc\appdata\roaming\DiskSpaceFan
2010-12-27 18:40:52 -------- d-----w- c:\program files\DiskSpaceFan
2010-12-27 03:45:23 -------- d-----w- c:\program files\Duplicate Cleaner
2010-12-26 14:35:34 -------- d-----w- c:\users\marc\appdata\roaming\TightVNC

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-27 14:11:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-27 14:11:20 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-11 04:11:37 17488 ----a-w- c:\windows\gdrv.sys
2010-12-08 18:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-06 14:07:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-02 06:14:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-02 06:14:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-01 20:04:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-27 04:40:24 501424 ----a-w- c:\windows\system32\SGrid4Team.ocx
2010-10-27 04:40:22 231088 ----a-w- c:\windows\system32\CompareLib.dll
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-25 20:13:40 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 20:13:38 47512 ----a-w- c:\windows\system32\AdobePDF.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD1600AAJS-00PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
1 ntkrnlpa!IofCallDriver[0x82C57458] -> \Device\Harddisk0\DR0[0x85A76030]
3 CLASSPNP[0x88FAD59E] -> ntkrnlpa!IofCallDriver[0x82C57458] -> [0x85990918]
5 ACPI[0x88ABA3B2] -> ntkrnlpa!IofCallDriver[0x82C57458] -> \Device\Ide\IdeDeviceP2T0L0-2[0x85978908]
kernel: MBR read successfully
_asm { CLI ; JMP 0xef; }
user != kernel MBR !!!
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

============= FINISH: 22:25:08.20 ===============
Attached File  Attach.zip   2.58KB   0 downloads

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 21 January 2011 - 10:33 PM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 22 January 2011 - 10:16 PM

GMER dosent finish i had it running since i left this morning
im ding the other things you told me now

#8 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 22 January 2011 - 10:22 PM

HKLM\SYSTEM\ControlSet001\services\aswFsBlk - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\aswFsBlk - will be deleted after reboot
C:\Windows\system32\drivers\aswFsBlk.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\aswMonFlt - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\aswMonFlt - will be deleted after reboot
C:\Windows\system32\drivers\aswMonFlt.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\aswRdr - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\aswRdr - will be deleted after reboot
C:\Windows\system32\drivers\aswRdr.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\aswSP - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\aswSP - will be deleted after reboot
C:\Windows\system32\drivers\aswSP.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\aswTdi - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\aswTdi - will be deleted after reboot
C:\Windows\system32\drivers\aswTdi.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\DXGKrnl - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\DXGKrnl - will be deleted after reboot
C:\Windows\System32\drivers\dxgkrnl.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\srv - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\srv - will be deleted after reboot
C:\Windows\system32\DRIVERS\srv.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\srv2 - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\srv2 - will be deleted after reboot
C:\Windows\system32\DRIVERS\srv2.sys - will be deleted after reboot
HKLM\SYSTEM\ControlSet001\services\srvnet - will be deleted after reboot
HKLM\SYSTEM\ControlSet002\services\srvnet - will be deleted after reboot
C:\Windows\system32\DRIVERS\srvnet.sys - will be deleted after reboot

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 22 January 2011 - 10:36 PM

Waiting for the TDSSKiller and ComboFix logs.. Please do those two steps only :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 23 January 2011 - 09:03 AM

I ran tdsskiller and it found some suspicious files I changed from skip to delete and let it rebot. it from windows from loging off i had to hard reset from power button
when the computer came back on the screen resouliton was messed up. did we delete any files that were needed?
attached are the logs requested

Attached Files



#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 23 January 2011 - 10:46 AM

I ran tdsskiller and it found some suspicious files I changed from skip to delete and let it rebot. it from windows from loging off i had to hard reset from power button
when the computer came back on the screen resouliton was messed up. did we delete any files that were needed?
attached are the logs requested


You should choose "Cure" as per instruction and NOT "Delete".. You're lucky the computer is able to boot.. Now, can you run ComboFix please? I'll wait for the log..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 23 January 2011 - 05:32 PM

combo is running when i left house
ill post log when i get home
what happens with all the stuff i deleted?? you have me scared now saying im lucky i can even boot
how do i fix this??

#13 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 23 January 2011 - 10:11 PM

Attached File  cobo.txt   23.96KB   1 downloadsAttached File  cobo.txt   23.96KB   1 downloadsComboFix 11-01-22.03 - Marc 01/23/2011 9:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.399 [GMT -5:00]
Running from: c:\users\Marc\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Marc\AppData\Local\Temp\62C7.tmp

.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 14:28 . 2011-01-23 14:28 -------- d-----w- c:\windows\LastGood
2011-01-23 14:24 . 2011-01-23 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 13:56 . 2011-01-23 13:58 -------- d-----w- C:\32788R22FWJFW
2011-01-23 13:55 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6968B60-96EB-4369-AD5F-565463C7F3CA}\mpengine.dll
2011-01-20 15:51 . 2011-01-20 15:51 388096 ----a-r- c:\users\Marc\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-20 15:51 . 2011-01-20 15:51 -------- d-----w- c:\program files\Trend Micro
2011-01-20 15:38 . 2010-01-14 21:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-01-20 15:38 . 2010-01-14 21:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-01-20 15:38 . 2010-01-14 21:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-01-20 15:38 . 2011-01-20 15:38 -------- d-----w- c:\program files\ThreatFire
2011-01-20 15:38 . 2011-01-20 15:38 -------- d-----w- c:\programdata\PC Tools
2011-01-18 04:38 . 2011-01-18 04:38 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-01-18 03:37 . 2011-01-18 03:37 -------- d-----w- c:\programdata\FLEXnet
2011-01-17 01:22 . 2011-01-17 01:22 921600 ----a-w- c:\windows\system32\TVE2COM.dll
2011-01-17 01:22 . 2011-01-17 01:22 901120 ----a-w- c:\windows\system32\TVE2.dll
2011-01-17 01:22 . 2011-01-17 01:22 175104 ----a-w- c:\windows\system32\lame_enc.dll
2011-01-17 01:20 . 2011-01-17 01:20 13 ---h--w- c:\programdata\3113.sys
2011-01-17 01:20 . 2006-01-27 06:56 938272 ----a-w- c:\windows\system32\wodFtpDLX.OCX
2011-01-16 14:02 . 2011-01-16 14:02 -------- d-----w- c:\programdata\FileCure
2011-01-16 01:52 . 2011-01-16 13:57 -------- d-----w- c:\users\Marc\AppData\Roaming\gSyncit
2011-01-13 23:25 . 2011-01-13 23:25 -------- d-----w- c:\program files\TeleNav
2011-01-13 16:20 . 2011-01-13 16:25 -------- d-----w- c:\users\Marc\AppData\Local\Audible
2011-01-13 15:52 . 2011-01-13 15:52 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-01-13 15:52 . 2001-08-18 03:43 24576 ------w- c:\windows\system32\msxml3a.dll
2011-01-13 15:52 . 2011-01-13 15:56 -------- d-----w- c:\program files\Audible
2011-01-11 03:29 . 2011-01-11 03:29 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-10 14:25 . 2011-01-20 15:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-10 14:25 . 2011-01-10 14:25 -------- d-----w- c:\programdata\Hitman Pro
2011-01-10 14:13 . 2011-01-10 14:13 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes
2011-01-10 14:12 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 14:12 . 2011-01-10 14:12 -------- d-----w- c:\programdata\Malwarebytes
2011-01-10 14:12 . 2011-01-10 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 14:12 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 15:54 . 2011-01-15 01:56 -------- d-----w- c:\users\Marc\AppData\Local\CutePDF Writer
2011-01-06 15:52 . 2011-01-06 15:52 -------- d-----w- c:\program files\GPLGS
2011-01-06 15:51 . 2009-11-05 12:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-01-06 15:51 . 2011-01-06 15:51 -------- d-----w- c:\program files\Acro Software
2011-01-06 15:19 . 2011-01-06 15:19 -------- d-----w- c:\users\Marc\AppData\Local\ElevatedDiagnostics
2011-01-06 15:13 . 2011-01-06 15:13 -------- d-----w- c:\programdata\HP
2011-01-06 15:13 . 2009-10-05 07:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2011-01-06 15:07 . 2011-01-06 15:14 -------- d-----w- c:\program files\HP
2011-01-06 15:07 . 2011-01-06 15:07 -------- d-----w- c:\windows\Downloaded Installations
2011-01-05 03:31 . 2010-12-23 22:06 23608 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-01-05 03:28 . 2011-01-05 03:28 -------- d-----w- c:\program files\5kn3XyL
2011-01-03 03:54 . 2011-01-03 03:54 -------- d-----w- c:\program files\Unlocker
2011-01-02 16:42 . 2011-01-02 16:42 -------- d-----w- c:\users\Marc\AppData\Roaming\Ashampoo
2011-01-02 16:40 . 2011-01-02 16:40 -------- d-----w- c:\users\Marc\AppData\Local\ashampoo
2011-01-02 16:40 . 2011-01-02 16:40 -------- d-----w- c:\programdata\ashampoo
2011-01-02 16:40 . 2011-01-02 16:40 -------- d-----w- c:\program files\Ashampoo
2010-12-28 04:16 . 2002-08-01 00:55 106 --sh--w- c:\windows\WSYS049.SYS
2010-12-28 04:16 . 2006-01-26 23:56 831776 ----a-w- c:\windows\system32\wodFtpDLX.dll
2010-12-28 04:16 . 2003-10-09 19:10 274976 ----a-w- c:\windows\system32\XceedFtp.dll
2010-12-28 04:09 . 2011-01-17 01:20 -------- d-----w- c:\program files\CoffeeCup Software
2010-12-28 03:02 . 2010-12-28 03:02 -------- d-----w- c:\program files\DavidRM Software
2010-12-27 18:54 . 2010-12-27 18:54 -------- d-----w- c:\program files\Folder Size
2010-12-27 18:41 . 2011-01-02 03:03 -------- d-----w- c:\users\Marc\AppData\Roaming\DiskSpaceFan
2010-12-27 18:40 . 2010-12-27 18:40 -------- d-----w- c:\program files\DiskSpaceFan
2010-12-27 03:45 . 2010-12-27 03:45 -------- d-----w- c:\program files\Duplicate Cleaner
2010-12-26 14:35 . 2010-12-26 14:35 -------- d-----w- c:\users\Marc\AppData\Roaming\TightVNC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-29 02:05 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-29 02:05 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-27 14:11 . 2010-11-29 00:12 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-27 14:11 . 2010-11-29 00:12 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-12 02:06 . 2010-12-12 02:06 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-12-11 04:11 . 2010-12-11 01:05 17488 ----a-w- c:\windows\gdrv.sys
2010-12-08 18:12 . 2010-12-03 13:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2010-12-03 13:39 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2010-12-03 13:39 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2010-12-03 13:39 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-06 14:07 . 2010-12-02 04:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-05 06:19 . 2010-12-12 15:34 23608 ----a-w- c:\windows\system32\drivers\DrmRAudio.sys
2010-12-02 06:14 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-02 06:14 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-01 20:04 . 2010-12-03 13:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 00:31 . 2010-11-29 00:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-28 23:25 . 2010-11-28 23:58 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-16 17:18 . 2010-11-16 17:18 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-11-04 05:52 . 2010-12-15 13:16 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 13:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 13:16 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 13:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 13:16 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 13:16 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 13:16 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 13:16 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 13:16 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 13:16 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:40 . 2010-10-27 04:40 501424 ----a-w- c:\windows\system32\SGrid4Team.ocx
2010-10-27 04:40 . 2010-10-27 04:40 231088 ----a-w- c:\windows\system32\CompareLib.dll
2010-10-27 04:32 . 2010-12-15 13:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-29 39408]
"JZ2XQo70Mm"="control.exe" [2009-07-14 113152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8768GX"="c:\windows\system\HsMgr.exe" [2008-07-11 200704]
"shield"="c:\program files\Shield\shieldtray.exe" [2009-11-20 3342744]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-02 274608]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-12-15 917648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]

c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteTray.lnk - c:\program files\Evernote\Evernote\EvernoteTray.exe [2010-12-14 369664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-9 293950]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Evernote Clipper.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk
backup=c:\windows\pss\Evernote Clipper.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Marc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk]
path=c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
backup=c:\windows\pss\EvernoteTray.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Marc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Marc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 20:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-01-19 17:48 323280 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-11-29 00:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-02 06:14 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 136176]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-12-05 23608]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-01-20 16968]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-12-23 23608]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-29 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-19 25704]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 Shdbus;Shdbus; [x]
S0 Shield;Shield; [x]
S0 Shieldf;Shieldf; [x]
S0 Shieldm;Shieldm; [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ShieldClientService;Shield Client Service;c:\program files\Shield\shieldclnt.exe [2009-11-20 45056]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 00:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 09:04]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 00:34]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 00:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to Phone - c:\program files\TeleNav\TeleNav Address Plugin\sendlocation.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: tube8.com\www
FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\eme1c3ro.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
SafeBoot-klmdb.sys



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(728)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'Explorer.exe'(1944)
c:\program files\ThreatFire\TfWah.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\dbghelp.dll
c:\windows\System32\msxml6.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Shield\shdserv.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2011-01-23 09:42:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-23 14:42

Pre-Run: 95,843,336,192 bytes free
Post-Run: 94,007,066,624 bytes free

- - End Of File - - A14F96598D179F5FB62CBE4611A25E39

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 23 January 2011 - 11:19 PM

Ok, first of all, how's the computer now? Is it good or have any other issues like you mentioned before (the vga resolution being funny, etc..)

2011/01/22 22:22:26.0542 HKLM\SYSTEM\ControlSet001\services\DXGKrnl - will be deleted after reboot
2011/01/22 22:22:26.0548 HKLM\SYSTEM\ControlSet002\services\DXGKrnl - will be deleted after reboot
2011/01/22 22:22:26.0549 C:\Windows\System32\drivers\dxgkrnl.sys - will be deleted after reboot
2011/01/22 22:22:26.0549 Forged file(DXGKrnl) - User select action: Delete
2011/01/22 22:22:26.0552 HKLM\SYSTEM\ControlSet001\services\srv - will be deleted after reboot
2011/01/22 22:22:26.0562 HKLM\SYSTEM\ControlSet002\services\srv - will be deleted after reboot
2011/01/22 22:22:26.0563 C:\Windows\system32\DRIVERS\srv.sys - will be deleted after reboot
2011/01/22 22:22:26.0563 Forged file(srv) - User select action: Delete
2011/01/22 22:22:26.0565 HKLM\SYSTEM\ControlSet001\services\srv2 - will be deleted after reboot
2011/01/22 22:22:26.0567 HKLM\SYSTEM\ControlSet002\services\srv2 - will be deleted after reboot
2011/01/22 22:22:26.0568 C:\Windows\system32\DRIVERS\srv2.sys - will be deleted after reboot
2011/01/22 22:22:26.0568 Forged file(srv2) - User select action: Delete
2011/01/22 22:22:26.0570 HKLM\SYSTEM\ControlSet001\services\srvnet - will be deleted after reboot
2011/01/22 22:22:26.0572 HKLM\SYSTEM\ControlSet002\services\srvnet - will be deleted after reboot
2011/01/22 22:22:26.0573 C:\Windows\system32\DRIVERS\srvnet.sys - will be deleted after reboot
2011/01/22 22:22:26.0573 Forged file(srvnet) - User select action: Delete


We may need to look for those backup files on your computer later.. But first, just tell me how's the computer right now :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 search4f

search4f
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 24 January 2011 - 04:44 AM

good morning. I definitly have issues. The device manager shows exclamation point next to my video card and i get error 37 I cant reinstall drivers no matter what i do. Avast isnt working and when i tried to reinstall that the computer froze on reboot. right now im writing to you from laptop. the pc is frozen on the shutting down screen. ill have to to a hard reset from power button. there is probaly more wrong that i have not discovered yet
thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users