Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirection


  • This topic is locked This topic is locked
24 replies to this topic

#1 Joao Rodrigues

Joao Rodrigues

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 01 February 2011 - 04:53 PM

Google searches are redirected to other websites but cut and paste of site location still works. DDS logs below.

Thanks
Joao .

DDS (Ver_10-12-12.02) - NTFSx86
Run by Joao at 21:51:09.98 on 01/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1429 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\components\RescueComponent.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joao\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-30 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-30 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-27 294608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-15 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-28 47640]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-3-22 12096]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 OpenDHCPServer;Open DHCP Server;c:\program files\opendhcpserver\OpenDHCPServer.exe [2010-3-23 236449]
S2 SrvCDEject;SrvCDEject;c:\program files\packard bell\SrvCDEject.exe [2009-10-27 600064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2009-7-23 6528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 12192]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2007-7-2 135168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-30 1150936]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400]

=============== Created Last 30 ================

2011-02-01 21:39:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 21:15:22 -------- d-----w- C:\$RECYCLE.BIN
2011-02-01 20:44:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 03 February 2011 - 04:44 AM

Hi,

Please post fresh dds logs (both dds.txt + attach.txt).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 February 2011 - 04:01 PM

Hey,

As requested. DDS below and attached.txt is zip as mentioned in the txt file. Thanks. Joao.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Joao at 20:57:47.92 on 03/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1632 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\OpenDHCPServer\OpenDHCPServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\components\RescueComponent.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joao\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-30 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-30 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-27 294608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-15 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-28 47640]
R2 OpenDHCPServer;Open DHCP Server;c:\program files\opendhcpserver\OpenDHCPServer.exe [2010-3-23 236449]
R2 SrvCDEject;SrvCDEject;c:\program files\packard bell\SrvCDEject.exe [2009-10-27 600064]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-3-22 12096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2009-7-23 6528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 12192]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2007-7-2 135168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-30 1150936]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400]

=============== Created Last 30 ================

2011-02-02 19:15:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-01 21:39:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 21:15:22 -------- d-----w- C:\$RECYCLE.BIN
2011-02-01 20:44:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-01 20:44:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-01 20:43:39 -------- d-----w- c:\progra~2\Hitman Pro
2011-02-01 20:42:35 98816 ----a-w- c:\windows\sed.exe
2011-02-01 20:42:35 89088 ----a-w- c:\windows\MBR.exe
2011-02-01 20:42:35 256512 ----a-w- c:\windows\PEV.exe
2011-02-01 20:42:35 161792 ----a-w- c:\windows\SWREG.exe
2011-01-30 17:51:34 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48:32 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48:32 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48:32 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48:32 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48:32 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48:31 -------- d-----w- c:\users\joao\appdata\roaming\Simply Super Software
2011-01-30 17:48:31 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48:31 -------- d-----w- c:\progra~2\Simply Super Software
2011-01-30 14:25:52 -------- d-----w- c:\users\joao\appdata\local\Sunbelt Software
2011-01-30 14:25:25 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25:15 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45:03 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:45:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:24:52 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24:51 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24:51 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24:47 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24:47 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24:27 -------- d-----w- c:\users\joao\appdata\roaming\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24:27 -------- d-----w- c:\program files\common files\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\progra~2\PC Tools
2011-01-30 12:18:14 -------- d-----w- c:\users\joao\appdata\roaming\Malwarebytes
2011-01-30 12:18:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-30 12:18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 12:18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 03:54:17 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-01-30 03:54:17 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{e8f9c73a-acf1-4b6e-ac68-155ddebb78c6}\gapaengine.dll
2011-01-30 03:53:36 5890896 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{e2e05c85-295e-4db2-be27-7c9ea3b11d8a}\mpengine.dll
2011-01-30 03:35:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-30 03:35:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55:09 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25:17 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28:59 -------- d-----w- c:\program files\Feedback Tool
2011-01-28 18:01:35 5890896 ------w- c:\progra~2\microsoft\windows defender\definition updates\{6ed76d82-bb96-4d73-9b3e-df437779baae}\mpengine.dll
2011-01-07 19:39:47 -------- d-----w- c:\users\joao\appdata\roaming\Charles
2011-01-04 22:16:56 -------- d-----w- c:\program files\iPod
2011-01-04 22:16:55 -------- d-----w- c:\program files\iTunes

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:54 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 20:59:09.09 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 04 February 2011 - 04:27 AM

Hi,

BitTorrent
LimeWire


Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


You seem to have both Avast & Microsoft Security Essentials there. It's recommended to have one antivirus program installed in one system only.

Also, seems that you've run ComboFix there as well. It's not recommended tool to be run without supervision. Look for c:\ComboFix.txt log and post back its contents.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 04 February 2011 - 01:18 PM

Hi

P2P have been deleted, also now only one antivirus installed. ComboFix.txt log below.

Thanks.
Joao.

ComboFix 11-01-31.02 - Joao 01/02/2011 20:46:29.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1354 [GMT 0:00]
Running from: c:\users\Joao\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Joao\AppData\Roaming\EurekaLog
c:\users\Joao\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-01-30 17:51 . 2011-01-29 21:25 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\users\Joao\AppData\Roaming\Simply Super Software
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\programdata\Simply Super Software
2011-01-30 14:25 . 2011-01-30 14:25 -------- d-----w- c:\users\Joao\AppData\Local\Sunbelt Software
2011-01-30 14:25 . 2011-01-30 14:25 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25 . 2011-01-30 16:34 -------- d-----w- c:\programdata\Lavasoft
2011-01-30 14:25 . 2011-01-30 14:25 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:45 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:24 . 2010-07-16 14:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24 . 2010-11-17 10:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24 . 2010-11-17 10:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24 . 2010-07-16 14:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24 . 2010-11-25 10:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24 . 2010-11-25 10:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24 . 2010-11-25 10:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24 . 2011-02-01 20:53 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24 . 2011-01-30 12:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-30 12:24 . 2011-01-30 12:24 -------- d-----w- c:\programdata\PC Tools
2011-01-30 12:24 . 2011-01-30 12:24 -------- d-----w- c:\users\Joao\AppData\Roaming\PC Tools
2011-01-30 12:19 . 2011-01-30 12:19 -------- d-----w- c:\programdata\Google Updater
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\users\Joao\AppData\Roaming\Malwarebytes
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\programdata\Malwarebytes
2011-01-30 12:18 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 12:18 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 03:54 . 2010-11-30 10:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-01-30 03:54 . 2010-11-30 10:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8F9C73A-ACF1-4B6E-AC68-155DDEBB78C6}\gapaengine.dll
2011-01-30 03:53 . 2011-01-20 10:39 5890896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2E05C85-295E-4DB2-BE27-7C9EA3B11D8A}\mpengine.dll
2011-01-30 03:35 . 2011-01-30 03:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-30 03:35 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55 . 2011-01-29 21:55 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25 . 2011-01-29 21:25 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28 . 2011-01-29 12:29 -------- d-----w- c:\program files\Feedback Tool
2011-01-28 18:01 . 2011-01-13 09:41 5890896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6ED76D82-BB96-4D73-9B3E-DF437779BAAE}\mpengine.dll
2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- c:\users\Joao\AppData\Roaming\Charles
2011-01-04 22:16 . 2011-01-04 22:16 -------- d-----w- c:\program files\iPod
2011-01-04 22:16 . 2011-01-04 22:17 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-10-21 18:36 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-27 22:45 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-27 22:47 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-27 22:48 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-27 22:48 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-27 22:45 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-27 22:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-08 13:12 . 2009-10-28 14:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2009-10-28 14:51 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2009-10-28 14:51 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2009-10-28 14:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53 . 2010-05-27 20:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-07-31 19:06 . 2010-12-27 16:32 89600 ----a-w- c:\program files\mozilla firefox\plugins\Extras.dll
2009-07-31 18:47 . 2010-12-27 16:32 112128 ----a-w- c:\program files\mozilla firefox\plugins\Movies.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33853fa6-74d5-461d-a067-74ab14bf0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33853fa6-74d5-461d-a067-74ab14bf0954}]
2010-09-01 13:35 2734688 ----a-w- c:\program files\Diabos_Londres\tbDia0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33853fa6-74d5-461d-a067-74ab14bf0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33853FA6-74D5-461D-A067-74AB14BF0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-27 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinGuard Pro

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 OpenDHCPServer;Open DHCP Server;c:\program files\OpenDHCPServer\OpenDHCPServer.exe [2010-03-23 236449]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2007-09-07 600064]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-02-01 16968]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2009-07-23 6528]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2008-08-11 12192]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-02 135168]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2010-03-22 12096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2011-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-27 12:19]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:53]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:53]

2011-01-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-07-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Charles Autoconfiguration: {3e9a3920-1b27-11da-8cd6-0800200c9a66} - %profile%\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Viper - c:\program files\Kerigwa\Viper Client\uninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1221777294-3663042442-177145566-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44B9F3DF-B33C-0395-57F9-8C3E04A04D56}*]
"maanffbkemmegalamhgmcadnnn"=hex:69,61,6b,67,63,62,6b,6f,67,70,6a,67,6b,64,62,
65,69,6e,00,00
"nakndfcbjnkechpllkbhdpdpbldk"=hex:6b,61,70,67,62,67,66,6f,6c,65,66,68,6b,62,
6c,62,6f,67,69,62,63,62,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5272)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-02-01 21:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-01 21:28

Pre-Run: 375,586,885,632 bytes free
Post-Run: 379,861,483,520 bytes free

- - End Of File - - F46D9B38CBFD06F393400680FD57C6A7

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 04 February 2011 - 03:35 PM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip.
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 04 February 2011 - 06:39 PM

Hi,

Log below,

2011/02/04 23:37:32.0578 7996 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/04 23:37:33.0027 7996 ================================================================================
2011/02/04 23:37:33.0027 7996 SystemInfo:
2011/02/04 23:37:33.0027 7996
2011/02/04 23:37:33.0027 7996 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/04 23:37:33.0027 7996 Product type: Workstation
2011/02/04 23:37:33.0027 7996 ComputerName: JOAO-PC
2011/02/04 23:37:33.0027 7996 UserName: Joao
2011/02/04 23:37:33.0027 7996 Windows directory: C:\Windows
2011/02/04 23:37:33.0027 7996 System windows directory: C:\Windows
2011/02/04 23:37:33.0027 7996 Processor architecture: Intel x86
2011/02/04 23:37:33.0027 7996 Number of processors: 4
2011/02/04 23:37:33.0027 7996 Page size: 0x1000
2011/02/04 23:37:33.0027 7996 Boot type: Normal boot
2011/02/04 23:37:33.0027 7996 ================================================================================
2011/02/04 23:37:35.0601 7996 Initialize success
2011/02/04 23:37:39.0809 7396 ================================================================================
2011/02/04 23:37:39.0809 7396 Scan started
2011/02/04 23:37:39.0809 7396 Mode: Manual;
2011/02/04 23:37:39.0809 7396 ================================================================================
2011/02/04 23:37:40.0965 7396 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/04 23:37:41.0032 7396 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/04 23:37:41.0069 7396 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/04 23:37:41.0130 7396 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/04 23:37:41.0183 7396 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/04 23:37:41.0235 7396 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/04 23:37:41.0306 7396 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/02/04 23:37:41.0339 7396 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/04 23:37:41.0430 7396 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/02/04 23:37:41.0514 7396 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/04 23:37:41.0564 7396 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/02/04 23:37:41.0596 7396 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/04 23:37:41.0635 7396 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/04 23:37:41.0680 7396 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/04 23:37:41.0724 7396 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/04 23:37:41.0772 7396 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/04 23:37:41.0816 7396 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/04 23:37:41.0883 7396 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/02/04 23:37:41.0967 7396 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/02/04 23:37:42.0013 7396 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/04 23:37:42.0130 7396 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\Windows\system32\drivers\aspi32.sys
2011/02/04 23:37:42.0186 7396 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/04 23:37:42.0229 7396 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/04 23:37:42.0251 7396 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/02/04 23:37:42.0290 7396 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/02/04 23:37:42.0319 7396 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/02/04 23:37:42.0348 7396 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/04 23:37:42.0370 7396 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/04 23:37:42.0419 7396 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/02/04 23:37:42.0468 7396 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/04 23:37:42.0628 7396 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/04 23:37:42.0715 7396 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/02/04 23:37:42.0750 7396 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/04 23:37:42.0809 7396 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/04 23:37:42.0846 7396 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/04 23:37:42.0889 7396 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/04 23:37:42.0921 7396 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/02/04 23:37:42.0952 7396 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/04 23:37:42.0981 7396 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/04 23:37:43.0000 7396 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/04 23:37:43.0020 7396 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/04 23:37:43.0188 7396 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/04 23:37:43.0224 7396 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/04 23:37:43.0266 7396 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/04 23:37:43.0309 7396 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/02/04 23:37:43.0358 7396 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/04 23:37:43.0385 7396 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/04 23:37:43.0413 7396 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/02/04 23:37:43.0436 7396 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/04 23:37:43.0470 7396 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/04 23:37:43.0497 7396 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/04 23:37:43.0548 7396 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/02/04 23:37:43.0597 7396 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\Windows\system32\drivers\dadder.sys
2011/02/04 23:37:43.0636 7396 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/02/04 23:37:43.0666 7396 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/02/04 23:37:43.0721 7396 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/02/04 23:37:43.0786 7396 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/02/04 23:37:43.0893 7396 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/04 23:37:44.0033 7396 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/02/04 23:37:44.0221 7396 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/04 23:37:44.0261 7396 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/04 23:37:44.0323 7396 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/02/04 23:37:44.0358 7396 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/02/04 23:37:44.0401 7396 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/04 23:37:44.0459 7396 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/02/04 23:37:44.0489 7396 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/02/04 23:37:44.0518 7396 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/04 23:37:44.0565 7396 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/02/04 23:37:44.0626 7396 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/02/04 23:37:44.0684 7396 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/04 23:37:44.0753 7396 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/04 23:37:44.0809 7396 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/04 23:37:44.0843 7396 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/04 23:37:44.0899 7396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/04 23:37:44.0967 7396 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/04 23:37:45.0041 7396 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/02/04 23:37:45.0083 7396 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/04 23:37:45.0114 7396 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/04 23:37:45.0149 7396 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/04 23:37:45.0198 7396 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/04 23:37:45.0245 7396 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/04 23:37:45.0293 7396 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/04 23:37:45.0341 7396 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/02/04 23:37:45.0377 7396 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/04 23:37:45.0431 7396 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/04 23:37:45.0467 7396 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/04 23:37:45.0526 7396 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/04 23:37:45.0690 7396 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/04 23:37:45.0768 7396 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/04 23:37:45.0802 7396 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/04 23:37:45.0851 7396 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/04 23:37:45.0892 7396 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/04 23:37:45.0935 7396 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/02/04 23:37:45.0994 7396 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/02/04 23:37:46.0051 7396 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/04 23:37:46.0100 7396 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/04 23:37:46.0153 7396 jumi (a5186d9c38328dd4f457158baa260402) C:\Windows\system32\DRIVERS\jumi.sys
2011/02/04 23:37:46.0195 7396 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/04 23:37:46.0247 7396 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/04 23:37:46.0289 7396 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/04 23:37:46.0332 7396 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/04 23:37:46.0472 7396 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/02/04 23:37:46.0517 7396 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/04 23:37:46.0608 7396 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/02/04 23:37:46.0656 7396 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/02/04 23:37:46.0727 7396 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/02/04 23:37:46.0796 7396 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/04 23:37:46.0832 7396 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/04 23:37:46.0865 7396 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/04 23:37:46.0892 7396 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/04 23:37:46.0926 7396 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/02/04 23:37:46.0968 7396 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/04 23:37:47.0012 7396 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/04 23:37:47.0061 7396 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/02/04 23:37:47.0095 7396 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/04 23:37:47.0135 7396 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/04 23:37:47.0164 7396 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/04 23:37:47.0200 7396 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/02/04 23:37:47.0232 7396 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/04 23:37:47.0274 7396 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/04 23:37:47.0310 7396 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/04 23:37:47.0363 7396 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/04 23:37:47.0399 7396 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/04 23:37:47.0425 7396 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/04 23:37:47.0472 7396 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/04 23:37:47.0511 7396 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/04 23:37:47.0570 7396 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/02/04 23:37:47.0606 7396 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/04 23:37:47.0636 7396 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/04 23:37:47.0685 7396 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/04 23:37:47.0731 7396 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/04 23:37:47.0765 7396 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/02/04 23:37:47.0799 7396 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/02/04 23:37:47.0837 7396 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/04 23:37:47.0859 7396 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/02/04 23:37:47.0895 7396 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/04 23:37:47.0931 7396 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/02/04 23:37:47.0967 7396 mv2 (4cb5d3a5902a92606408a36865a04d53) C:\Windows\system32\DRIVERS\mv2.sys
2011/02/04 23:37:48.0036 7396 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/04 23:37:48.0166 7396 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/02/04 23:37:48.0225 7396 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/04 23:37:48.0265 7396 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/04 23:37:48.0298 7396 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/04 23:37:48.0337 7396 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/04 23:37:48.0372 7396 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/02/04 23:37:48.0405 7396 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/04 23:37:48.0441 7396 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/04 23:37:48.0501 7396 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/04 23:37:48.0577 7396 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
2011/02/04 23:37:48.0632 7396 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
2011/02/04 23:37:48.0683 7396 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys
2011/02/04 23:37:48.0726 7396 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys
2011/02/04 23:37:48.0763 7396 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/02/04 23:37:48.0791 7396 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/04 23:37:48.0848 7396 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/02/04 23:37:48.0926 7396 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/02/04 23:37:49.0095 7396 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/02/04 23:37:49.0412 7396 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/04 23:37:49.0620 7396 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/04 23:37:49.0694 7396 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/04 23:37:49.0741 7396 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/04 23:37:49.0786 7396 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/04 23:37:49.0863 7396 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/02/04 23:37:49.0884 7396 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/02/04 23:37:49.0908 7396 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/04 23:37:49.0972 7396 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/02/04 23:37:50.0003 7396 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/02/04 23:37:50.0030 7396 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/04 23:37:50.0102 7396 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/04 23:37:50.0177 7396 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/02/04 23:37:50.0290 7396 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/02/04 23:37:50.0325 7396 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/02/04 23:37:50.0362 7396 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/02/04 23:37:50.0391 7396 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/02/04 23:37:50.0481 7396 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/04 23:37:50.0506 7396 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/02/04 23:37:50.0541 7396 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/04 23:37:50.0589 7396 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/04 23:37:50.0642 7396 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/04 23:37:50.0679 7396 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/04 23:37:50.0732 7396 radpms (6394b4274de7749d05e4385dcdd1ef2b) C:\Windows\system32\DRIVERS\radpms.sys
2011/02/04 23:37:50.0757 7396 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/04 23:37:50.0810 7396 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/04 23:37:50.0845 7396 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/04 23:37:50.0884 7396 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/04 23:37:50.0915 7396 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/04 23:37:50.0947 7396 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/04 23:37:50.0975 7396 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/04 23:37:50.0998 7396 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/04 23:37:51.0054 7396 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/02/04 23:37:51.0078 7396 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/04 23:37:51.0105 7396 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/04 23:37:51.0132 7396 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/02/04 23:37:51.0166 7396 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/02/04 23:37:51.0210 7396 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/04 23:37:51.0251 7396 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/04 23:37:51.0297 7396 SaiH0BAC (3252d5571633e0b244541615d6252358) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
2011/02/04 23:37:51.0334 7396 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/04 23:37:51.0364 7396 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/04 23:37:51.0425 7396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/04 23:37:51.0466 7396 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/04 23:37:51.0492 7396 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/02/04 23:37:51.0514 7396 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/04 23:37:51.0584 7396 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/02/04 23:37:51.0613 7396 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/04 23:37:51.0637 7396 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/04 23:37:51.0662 7396 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/04 23:37:51.0701 7396 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/02/04 23:37:51.0735 7396 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/04 23:37:51.0761 7396 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/04 23:37:51.0803 7396 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/02/04 23:37:51.0847 7396 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/02/04 23:37:51.0908 7396 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/02/04 23:37:51.0909 7396 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/04 23:37:51.0922 7396 sptd - detected Locked file (1)
2011/02/04 23:37:52.0040 7396 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/04 23:37:52.0254 7396 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/04 23:37:52.0311 7396 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/04 23:37:52.0361 7396 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/02/04 23:37:52.0403 7396 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/04 23:37:52.0453 7396 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/04 23:37:52.0495 7396 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/04 23:37:52.0520 7396 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/04 23:37:52.0643 7396 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/02/04 23:37:52.0728 7396 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/04 23:37:52.0763 7396 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/04 23:37:52.0794 7396 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/02/04 23:37:52.0817 7396 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/04 23:37:52.0845 7396 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/04 23:37:52.0885 7396 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
2011/02/04 23:37:52.0913 7396 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/04 23:37:52.0972 7396 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/04 23:37:53.0004 7396 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/04 23:37:53.0033 7396 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/04 23:37:53.0061 7396 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/04 23:37:53.0104 7396 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/04 23:37:53.0130 7396 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/04 23:37:53.0172 7396 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/04 23:37:53.0230 7396 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/02/04 23:37:53.0282 7396 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/04 23:37:53.0314 7396 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/04 23:37:53.0338 7396 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/04 23:37:53.0371 7396 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/04 23:37:53.0397 7396 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/04 23:37:53.0421 7396 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/04 23:37:53.0460 7396 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/04 23:37:53.0505 7396 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/04 23:37:53.0552 7396 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
2011/02/04 23:37:53.0586 7396 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/02/04 23:37:53.0608 7396 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/04 23:37:53.0638 7396 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/04 23:37:53.0674 7396 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/04 23:37:53.0706 7396 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/04 23:37:53.0732 7396 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/02/04 23:37:53.0768 7396 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/04 23:37:53.0806 7396 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/02/04 23:37:53.0834 7396 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/02/04 23:37:53.0855 7396 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/04 23:37:53.0901 7396 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/04 23:37:53.0925 7396 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/04 23:37:53.0951 7396 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/04 23:37:53.0981 7396 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/02/04 23:37:54.0010 7396 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/04 23:37:54.0054 7396 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/04 23:37:54.0156 7396 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/04 23:37:54.0217 7396 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/04 23:37:54.0260 7396 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/02/04 23:37:54.0294 7396 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/04 23:37:54.0332 7396 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/04 23:37:54.0345 7396 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/04 23:37:54.0402 7396 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/02/04 23:37:54.0432 7396 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/04 23:37:54.0500 7396 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/04 23:37:54.0544 7396 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/02/04 23:37:54.0636 7396 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/04 23:37:54.0686 7396 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/04 23:37:54.0731 7396 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/04 23:37:54.0773 7396 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/02/04 23:37:54.0804 7396 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/04 23:37:54.0877 7396 ================================================================================
2011/02/04 23:37:54.0877 7396 Scan finished
2011/02/04 23:37:54.0877 7396 ================================================================================
2011/02/04 23:37:54.0887 0236 Detected object count: 1
2011/02/04 23:38:20.0324 0236 Locked file(sptd) - User select action: Skip

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 05 February 2011 - 05:03 AM

Hi,

Run ComboFix again and let it update itself. Post back the report + fresh dds logs.

Does redirecting still happen? If so, does it happen with both Internet Explorer and Firefox? Do you have a router in use (which brand & model)?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 05 February 2011 - 08:30 AM

Hi,

Combo report and DDS logs. Looks like it does not redirect anymore.

Thanks
Joao.

ComboFix 11-01-31.02 - Joao 05/02/2011 12:25:11.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1670 [GMT 0:00]
Running from: c:\users\Joao\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 12:39 . 2011-02-05 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-05 12:05 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18BD510E-239D-4C29-9459-CB78C3C5F968}\mpengine.dll
2011-02-04 18:56 . 2011-02-04 18:56 -------- d-----w- c:\program files\iPod
2011-02-02 19:15 . 2011-02-02 19:15 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-01 21:39 . 2011-02-01 21:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 20:44 . 2011-02-01 21:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-01 20:44 . 2011-02-01 20:44 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-01 20:43 . 2011-02-01 21:39 -------- d-----w- c:\programdata\Hitman Pro
2011-01-30 17:51 . 2011-01-29 21:25 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\users\Joao\AppData\Roaming\Simply Super Software
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\programdata\Simply Super Software
2011-01-30 14:25 . 2011-01-30 14:25 -------- d-----w- c:\users\Joao\AppData\Local\Sunbelt Software
2011-01-30 14:25 . 2011-01-30 14:25 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25 . 2011-01-30 16:34 -------- d-----w- c:\programdata\Lavasoft
2011-01-30 14:25 . 2011-01-30 14:25 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:45 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:24 . 2010-07-16 14:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24 . 2010-11-17 10:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24 . 2010-11-17 10:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24 . 2010-07-16 14:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24 . 2010-11-25 10:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24 . 2010-11-25 10:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24 . 2010-11-25 10:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24 . 2011-02-01 20:53 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24 . 2011-01-30 12:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-30 12:24 . 2011-01-30 12:24 -------- d-----w- c:\programdata\PC Tools
2011-01-30 12:24 . 2011-01-30 12:24 -------- d-----w- c:\users\Joao\AppData\Roaming\PC Tools
2011-01-30 12:19 . 2011-01-30 12:19 -------- d-----w- c:\programdata\Google Updater
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\users\Joao\AppData\Roaming\Malwarebytes
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\programdata\Malwarebytes
2011-01-30 12:18 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 12:18 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 03:35 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55 . 2011-01-29 21:55 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25 . 2011-01-29 21:25 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28 . 2011-01-29 12:29 -------- d-----w- c:\program files\Feedback Tool
2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- c:\users\Joao\AppData\Roaming\Charles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-10-21 18:36 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-27 22:45 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-27 22:47 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-27 22:48 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-27 22:48 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-27 22:45 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-27 22:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-08 13:12 . 2009-10-28 14:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2009-10-28 14:51 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2009-10-28 14:51 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2009-10-28 14:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53 . 2010-05-27 20:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-07-31 19:06 . 2010-12-27 16:32 89600 ----a-w- c:\program files\mozilla firefox\plugins\Extras.dll
2009-07-31 18:47 . 2010-12-27 16:32 112128 ----a-w- c:\program files\mozilla firefox\plugins\Movies.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33853fa6-74d5-461d-a067-74ab14bf0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33853fa6-74d5-461d-a067-74ab14bf0954}]
2010-09-01 13:35 2734688 ----a-w- c:\program files\Diabos_Londres\tbDia0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33853fa6-74d5-461d-a067-74ab14bf0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33853FA6-74D5-461D-A067-74AB14BF0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-27 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-02-02 1402272]
R2 OpenDHCPServer;Open DHCP Server;c:\program files\OpenDHCPServer\OpenDHCPServer.exe [2010-03-23 236449]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2007-09-07 600064]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2009-07-23 6528]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2008-08-11 12192]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-02 135168]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2010-03-22 12096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 19:14]

2011-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-27 12:19]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:53]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:53]

2011-01-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-07-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1221777294-3663042442-177145566-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44B9F3DF-B33C-0395-57F9-8C3E04A04D56}*]
"maanffbkemmegalamhgmcadnnn"=hex:69,61,6b,67,63,62,6b,6f,67,70,6a,67,6b,64,62,
65,69,6e,00,00
"nakndfcbjnkechpllkbhdpdpbldk"=hex:6b,61,70,67,62,67,66,6f,6c,65,66,68,6b,62,
6c,62,6f,67,69,62,63,62,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-05 12:49:40
ComboFix-quarantined-files.txt 2011-02-05 12:49
ComboFix2.txt 2011-02-01 21:28

Pre-Run: 379,824,750,592 bytes free
Post-Run: 379,836,866,560 bytes free

- - End Of File - - 13714A6306DC75B2F40216A97EBA6358



DDS LOGS



DDS (Ver_10-12-12.02) - NTFSx86
Run by Joao at 13:27:54.01 on 05/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1297 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Downloads\dds(3).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\components\RescueComponent.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joao\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-30 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-30 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-27 294608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-15 40384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-28 47640]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-3-22 12096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]
S2 OpenDHCPServer;Open DHCP Server;c:\program files\opendhcpserver\OpenDHCPServer.exe [2010-3-23 236449]
S2 SrvCDEject;SrvCDEject;c:\program files\packard bell\SrvCDEject.exe [2009-10-27 600064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2009-7-23 6528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 12192]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2007-7-2 135168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-30 1150936]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400]

=============== Created Last 30 ================

2011-02-05 12:48:55 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-05 12:05:48 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{18bd510e-239d-4c29-9459-cb78c3c5f968}\mpengine.dll
2011-02-04 18:56:27 -------- d-----w- c:\program files\iPod
2011-02-02 19:15:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-01 21:39:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 20:44:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-01 20:44:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-01 20:43:39 -------- d-----w- c:\progra~2\Hitman Pro
2011-02-01 20:42:35 98816 ----a-w- c:\windows\sed.exe
2011-02-01 20:42:35 89088 ----a-w- c:\windows\MBR.exe
2011-02-01 20:42:35 256512 ----a-w- c:\windows\PEV.exe
2011-02-01 20:42:35 161792 ----a-w- c:\windows\SWREG.exe
2011-01-30 17:51:34 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48:32 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48:32 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48:32 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48:32 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48:32 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48:31 -------- d-----w- c:\users\joao\appdata\roaming\Simply Super Software
2011-01-30 17:48:31 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48:31 -------- d-----w- c:\progra~2\Simply Super Software
2011-01-30 14:25:52 -------- d-----w- c:\users\joao\appdata\local\Sunbelt Software
2011-01-30 14:25:25 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25:15 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45:03 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:45:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:24:52 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24:51 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24:51 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24:47 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24:47 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24:27 -------- d-----w- c:\users\joao\appdata\roaming\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24:27 -------- d-----w- c:\program files\common files\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\progra~2\PC Tools
2011-01-30 12:18:14 -------- d-----w- c:\users\joao\appdata\roaming\Malwarebytes
2011-01-30 12:18:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-30 12:18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 12:18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 03:35:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55:09 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25:17 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28:59 -------- d-----w- c:\program files\Feedback Tool
2011-01-07 19:39:47 -------- d-----w- c:\users\joao\appdata\roaming\Charles

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:54 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 13:28:58.27 ===============

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 05 February 2011 - 11:26 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Regnull::
[HKEY_USERS\S-1-5-21-1221777294-3663042442-177145566-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44B9F3DF-B33C-0395-57F9-8C3E04A04D56}*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall this old Java: Java™ SE Development Kit 6 Update 17


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 05 February 2011 - 02:32 PM

Hi,

Logs below.

ESET Report

C:\Backup\Joao\AppData\Local\Temp\Update_33fc.exe a variant of Win32/Adware.CiDHelp application
C:\Backup\Joao\AppData\Local\Temp\Update_b8af.exe a variant of Win32/Adware.CiDHelp application
C:\Backup\Joao\AppData\Local\Temp\Update_d5b7.exe a variant of Win32/Adware.CiDHelp application
C:\Backup\Joao\AppData\Local\Temp\NERO1004523\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application
C:\Backup\Joao\Downloads\Nero-9.4.13.2_trial.exe Win32/Toolbar.AskSBar application
C:\Backup\Joao\Downloads\n\Keymaker_v4.0.2.0.exe a variant of Win32/Keygen.BF application
C:\Backup\Joao\Downloads\SWF_Text_1.3__Turn_Text_to_Flash_Animations_\Patched EXE\SWFText.exe probably a variant of Win32/Agent.EXCYSLR trojan
C:\backup-000\Joao\AppData\Local\Temp\Update_15dd.exe a variant of Win32/Adware.CiDHelp application
C:\backup-000\Joao\AppData\Local\Temp\Update_b613.exe a variant of Win32/MessengerPlus application
C:\backup-000\Joao\Downloads\MsgPlusLive-479.exe a variant of Win32/Adware.CiDHelp application
C:\Poker\William Hill Poker\_SetupPoker.exe Win32/PTCasino application
C:\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application
C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application
C:\Program Files\Registry Easy\RegEasyCleanerUpdate.exe Win32/Adware.RegistryEasy application
C:\Users\Joao\Downloads\Nero-9.4.13.2_trial.exe Win32/Toolbar.AskSBar application
C:\Users\Joao\Downloads\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application
C:\Users\Joao\Downloads\SetupPoker.exe Win32/PTCasino application
K:\Joao Stuff\Downloads\MsgPlusLive-479.exe a variant of Win32/Adware.CiDHelp application
K:\Joao Stuff\Downloads\Nero-9.4.13.2_trial.exe Win32/Toolbar.AskSBar application
K:\Joao Stuff\Downloads\n\Keymaker_v4.0.2.0.exe a variant of Win32/Keygen.BF application
K:\Joao Stuff\Downloads\SWF_Text_1.3__Turn_Text_to_Flash_Animations_\Patched EXE\SWFText.exe probably a variant of Win32/Agent.EXCYSLR trojan


DDS Log.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Joao at 19:29:36.39 on 05/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1144 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\components\RescueComponent.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joao\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-30 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-30 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-27 294608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-15 40384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-28 47640]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-3-22 12096]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]
S2 OpenDHCPServer;Open DHCP Server;c:\program files\opendhcpserver\OpenDHCPServer.exe [2010-3-23 236449]
S2 SrvCDEject;SrvCDEject;c:\program files\packard bell\SrvCDEject.exe [2009-10-27 600064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2009-7-23 6528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 12192]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2007-7-2 135168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-30 1150936]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400]

=============== Created Last 30 ================

2011-02-05 17:28:21 -------- d-----w- c:\program files\ESET
2011-02-05 17:26:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-05 12:05:48 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{18bd510e-239d-4c29-9459-cb78c3c5f968}\mpengine.dll
2011-02-04 18:56:27 -------- d-----w- c:\program files\iPod
2011-02-02 19:15:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-01 21:39:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 20:44:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-01 20:44:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-01 20:43:39 -------- d-----w- c:\progra~2\Hitman Pro
2011-02-01 20:42:35 98816 ----a-w- c:\windows\sed.exe
2011-02-01 20:42:35 89088 ----a-w- c:\windows\MBR.exe
2011-02-01 20:42:35 256512 ----a-w- c:\windows\PEV.exe
2011-02-01 20:42:35 161792 ----a-w- c:\windows\SWREG.exe
2011-01-30 17:51:34 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48:32 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48:32 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48:32 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48:32 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48:32 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48:31 -------- d-----w- c:\users\joao\appdata\roaming\Simply Super Software
2011-01-30 17:48:31 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48:31 -------- d-----w- c:\progra~2\Simply Super Software
2011-01-30 14:25:52 -------- d-----w- c:\users\joao\appdata\local\Sunbelt Software
2011-01-30 14:25:25 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25:15 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45:03 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:45:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:24:52 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24:51 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24:51 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24:47 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24:47 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24:27 -------- d-----w- c:\users\joao\appdata\roaming\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24:27 -------- d-----w- c:\program files\common files\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\progra~2\PC Tools
2011-01-30 12:18:14 -------- d-----w- c:\users\joao\appdata\roaming\Malwarebytes
2011-01-30 12:18:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-30 12:18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 12:18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 03:35:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55:09 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25:17 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28:59 -------- d-----w- c:\program files\Feedback Tool
2011-01-07 19:39:47 -------- d-----w- c:\users\joao\appdata\roaming\Charles

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:54 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 19:30:59.84 ===============


COMBO FIX LOG.


ComboFix 11-01-31.02 - Joao 05/02/2011 17:13:35.3.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1456 [GMT 0:00]
Running from: c:\users\Joao\Desktop\ComboFix.exe
Command switches used :: c:\users\Joao\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 17:24 . 2011-02-05 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-05 12:05 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18BD510E-239D-4C29-9459-CB78C3C5F968}\mpengine.dll
2011-02-04 18:56 . 2011-02-04 18:56 -------- d-----w- c:\program files\iPod
2011-02-02 19:15 . 2011-02-02 19:15 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-01 21:39 . 2011-02-01 21:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 20:44 . 2011-02-01 21:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-01 20:44 . 2011-02-01 20:44 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-01 20:43 . 2011-02-01 21:39 -------- d-----w- c:\programdata\Hitman Pro
2011-01-30 17:51 . 2011-01-29 21:25 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\users\Joao\AppData\Roaming\Simply Super Software
2011-01-30 17:48 . 2011-01-30 17:48 -------- d-----w- c:\programdata\Simply Super Software
2011-01-30 14:25 . 2011-01-30 14:25 -------- d-----w- c:\users\Joao\AppData\Local\Sunbelt Software
2011-01-30 14:25 . 2011-01-30 14:25 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25 . 2011-01-30 16:34 -------- d-----w- c:\programdata\Lavasoft
2011-01-30 14:25 . 2011-01-30 14:25 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:45 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:24 . 2010-07-16 14:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24 . 2010-11-17 10:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24 . 2010-11-17 10:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24 . 2010-07-16 14:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24 . 2010-11-25 10:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24 . 2010-11-25 10:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24 . 2010-11-25 10:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24 . 2011-02-01 20:53 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24 . 2011-01-30 12:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-30 12:24 . 2011-01-30 12:24 -------- d-----w- c:\programdata\PC Tools
2011-01-30 12:24 . 2011-01-30 12:24 -------- d-----w- c:\users\Joao\AppData\Roaming\PC Tools
2011-01-30 12:19 . 2011-01-30 12:19 -------- d-----w- c:\programdata\Google Updater
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\users\Joao\AppData\Roaming\Malwarebytes
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\programdata\Malwarebytes
2011-01-30 12:18 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18 . 2011-01-30 12:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 12:18 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 03:35 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55 . 2011-01-29 21:55 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25 . 2011-01-29 21:25 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28 . 2011-01-29 12:29 -------- d-----w- c:\program files\Feedback Tool
2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- c:\users\Joao\AppData\Roaming\Charles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-10-21 18:36 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-10-27 22:45 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-10-27 22:47 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-10-27 22:48 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-10-27 22:48 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-10-27 22:45 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-10-27 22:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-08 13:12 . 2009-10-28 14:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2009-10-28 14:51 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2009-10-28 14:51 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2009-10-28 14:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53 . 2010-05-27 20:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-07-31 19:06 . 2010-12-27 16:32 89600 ----a-w- c:\program files\mozilla firefox\plugins\Extras.dll
2009-07-31 18:47 . 2010-12-27 16:32 112128 ----a-w- c:\program files\mozilla firefox\plugins\Movies.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33853fa6-74d5-461d-a067-74ab14bf0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33853fa6-74d5-461d-a067-74ab14bf0954}]
2010-09-01 13:35 2734688 ----a-w- c:\program files\Diabos_Londres\tbDia0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33853fa6-74d5-461d-a067-74ab14bf0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33853FA6-74D5-461D-A067-74AB14BF0954}"= "c:\program files\Diabos_Londres\tbDia0.dll" [2010-09-01 2734688]

[HKEY_CLASSES_ROOT\clsid\{33853fa6-74d5-461d-a067-74ab14bf0954}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-27 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-02-02 1402272]
R2 OpenDHCPServer;Open DHCP Server;c:\program files\OpenDHCPServer\OpenDHCPServer.exe [2010-03-23 236449]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2007-09-07 600064]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2009-07-23 6528]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2008-08-11 12192]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-02 135168]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2010-03-22 12096]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 19:14]

2011-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-27 12:19]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:53]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:53]

2011-02-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-07-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-05 17:26:48
ComboFix-quarantined-files.txt 2011-02-05 17:26
ComboFix2.txt 2011-02-05 12:49
ComboFix3.txt 2011-02-01 21:28

Pre-Run: 379,900,956,672 bytes free
Post-Run: 379,832,860,672 bytes free

- - End Of File - - 1EBE700692D2846D118CAD9BCBEF082D

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 05 February 2011 - 04:05 PM

Hi,

Uninstall Registry Easy.

Delete these files (if found):
C:\Backup\Joao\AppData\Local\Temp\Update_33fc.exe
C:\Backup\Joao\AppData\Local\Temp\Update_b8af.exe
C:\Backup\Joao\AppData\Local\Temp\Update_d5b7.exe
C:\Backup\Joao\Downloads\n\Keymaker_v4.0.2.0.exe
C:\Backup\Joao\Downloads\SWF_Text_1.3__Turn_Text_to_Flash_Animations_\Patched EXE\SWFText.exe
C:\backup-000\Joao\AppData\Local\Temp\Update_15dd.exe
C:\backup-000\Joao\AppData\Local\Temp\Update_b613.exe
C:\backup-000\Joao\Downloads\MsgPlusLive-479.exe
C:\Users\Joao\Downloads\RegistryEasy.exe
K:\Joao Stuff\Downloads\MsgPlusLive-479.exe
K:\Joao Stuff\Downloads\n\Keymaker_v4.0.2.0.exe
K:\Joao Stuff\Downloads\SWF_Text_1.3__Turn_Text_to_Flash_Animations_\Patched EXE\SWFText.exe

Any issues left?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 05 February 2011 - 04:31 PM

Hi,

All files mentioned have been deleted.

Looks like its ok now. However computer seems to be running very slow now :-s

Joao.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:21 AM

Posted 06 February 2011 - 04:42 AM

Hi,

Reboot and see how the system is running after that. Post fresh dds logs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Joao Rodrigues

Joao Rodrigues
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 06 February 2011 - 03:10 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Joao at 20:05:59.77 on 06/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3070.1269 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\OpenDHCPServer\OpenDHCPServer.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Users\Joao\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Diabos Londres Toolbar: {33853fa6-74d5-461d-a067-74ab14bf0954} - c:\program files\diabos_londres\tbDia0.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\components\RescueComponent.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joao\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\joao\appdata\roaming\mozilla\firefox\profiles\d8int88p.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinrescue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-30 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-30 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-27 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 51280]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-28 47640]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-3-22 12096]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2009-7-23 6528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-8-11 12192]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\drivers\SaiH0BAC.sys [2007-7-2 135168]

=============== Created Last 30 ================

2011-02-05 20:51:50 -------- d-----w- c:\users\joao\appdata\roaming\Registry Mechanic
2011-02-05 20:30:10 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-02-05 20:30:10 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-02-05 20:30:10 506368 ----a-w- c:\windows\system32\msxml.dll
2011-02-05 20:30:10 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-02-05 20:30:10 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-02-05 20:30:10 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-02-05 17:28:21 -------- d-----w- c:\program files\ESET
2011-02-05 17:26:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-05 12:05:48 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{18bd510e-239d-4c29-9459-cb78c3c5f968}\mpengine.dll
2011-02-04 18:56:27 -------- d-----w- c:\program files\iPod
2011-02-02 19:15:05 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-01 21:39:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-01 20:44:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-01 20:44:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-01 20:43:39 -------- d-----w- c:\progra~2\Hitman Pro
2011-02-01 20:42:35 98816 ----a-w- c:\windows\sed.exe
2011-02-01 20:42:35 89088 ----a-w- c:\windows\MBR.exe
2011-02-01 20:42:35 256512 ----a-w- c:\windows\PEV.exe
2011-02-01 20:42:35 161792 ----a-w- c:\windows\SWREG.exe
2011-01-30 17:51:34 86016 --sha-r- c:\windows\system32\TR2468upnpcont4.dll
2011-01-30 17:48:32 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-01-30 17:48:32 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-01-30 17:48:32 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-01-30 17:48:32 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-01-30 17:48:32 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-01-30 17:48:31 -------- d-----w- c:\users\joao\appdata\roaming\Simply Super Software
2011-01-30 17:48:31 -------- d-----w- c:\program files\Trojan Remover
2011-01-30 17:48:31 -------- d-----w- c:\progra~2\Simply Super Software
2011-01-30 14:25:52 -------- d-----w- c:\users\joao\appdata\local\Sunbelt Software
2011-01-30 14:25:25 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-30 14:25:15 -------- d-----w- c:\program files\Lavasoft
2011-01-30 12:45:03 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-30 12:45:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-30 12:24:52 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-30 12:24:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-30 12:24:51 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-30 12:24:51 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-01-30 12:24:47 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-30 12:24:47 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-30 12:24:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-30 12:24:27 -------- d-----w- c:\users\joao\appdata\roaming\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\program files\PC Tools Security
2011-01-30 12:24:27 -------- d-----w- c:\program files\common files\PC Tools
2011-01-30 12:24:27 -------- d-----w- c:\progra~2\PC Tools
2011-01-30 12:18:14 -------- d-----w- c:\users\joao\appdata\roaming\Malwarebytes
2011-01-30 12:18:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 12:18:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-30 12:18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 12:18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 03:35:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-29 21:55:09 -------- d-----w- c:\program files\Public Transport Simulator
2011-01-29 21:25:17 86016 --sha-r- c:\windows\system32\upnpcont4.dll
2011-01-29 12:28:59 -------- d-----w- c:\program files\Feedback Tool

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:54 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 20:09:59.80 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users