Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting to allwordsites.com and ultra-report.com


  • This topic is locked This topic is locked
21 replies to this topic

#1 JamesAF

JamesAF

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 20 February 2011 - 08:40 PM

I have a random but persisitent browser redirection which regularly intercepts google search results and takes me to sites like ultra-report.com and allworldsites.com

I have tried scanning with Malwarebytes, Spybot, TDSS Remover (Kaspersky) and even MS Defender and Trend Micro WFBS 7. Cannot find the little bugger.

It happens only occasionally, and my Trend MIcro software actively blocks the pages. A simple refresh gets me to the page I inteded to go to.

DDS.txt and Attach.txt below/attached as instructed. No GMER due to x64 system.

Thanks in advance for your help. I am an IT professional, and am very embarassed that I can't fix this myself!

-------------------------------------------------

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by james at 12:30:20.94 on Mon 21/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.5119.3033 [GMT 11:00]

AV: Trend Micro Security Agent *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Security Agent *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaseya\Agent\AgentMon.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\SteamWatch\SteamWatch.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\vVX1000.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe
C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Brother\Brmfl06a\FAXRX.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe
C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://companyweb
uDefault_Page_URL = hxxp://companyweb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\TmIEPlg32.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoToAssist Express Expert] "C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" "/Trigger RunAtLogon"
uRun: [SteamWatchTray] C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Kaseya Agent Service Helper] "C:\Program Files (x86)\Kaseya\Agent\KaUsrTsk.exe"
mRun: [BGInfo] "C:\Windows\bginfo.cmd"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
StartupFolder: C:\Users\james\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAXRX.lnk - C:\Program Files (x86)\Brother\Brmfl06a\FAXRX.exe
StartupFolder: C:\Users\james\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Background Download As - C:\BITS_Plugin\bits_ie.htm
IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: ambrylegal.com.au\mail
Trusted Zone: ato.gov.au
Trusted Zone: ato.gov.au\bp
Trusted Zone: ato.gov.au\pki
Trusted Zone: btjunkie.org
Trusted Zone: dell.com\dtt
Trusted Zone: jamesfeldman.net\www
Trusted Zone: nationalwarranties.com.au\www
Trusted Zone: trendmicro.com\olr
Trusted Zone: trendmicro.com\wfrm-apaca
Trusted Zone: trendmicro.com\wfrm-us
Trusted Zone: turbine.com\trial
Trusted Zone: twoplums.com.au\ssl
Trusted Zone: utorrent.com\search
Trusted Zone: google.com
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://sbs2008.pcdoctor.local:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://sbs2008.pcdoctor.local:4343/officescan/console/ClientInstall/setup.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://support/inc/kaxRemote.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {5543582C-DA8A-44B5-B1F7-789EDC80F6DD} = 192.168.30.8,192.168.30.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1106\6.6.1077\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [VX1000] C:\Windows\vVX1000.exe
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\p5vpo4m8.default\
FF - prefs.js: browser.startup.homepage - hxxps://spreadsheets.google.com/ccc?key=0ArdQEPu4lyK9dDZRbUlVSk1ZSHFmcDR5Q3B5bmhqV1E&hl=en#gid=6
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\firefoxextension\components\TmFFExt.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
FF - plugin: C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\james\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Users\james\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\firefoxextension

============= SERVICES / DRIVERS ===============

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-1-5 268504]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 231272]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2009-10-7 109928]
R2 KaseyaAgent;Kaseya Agent;C:\Program Files (x86)\Kaseya\Agent\AgentMon.exe [2010-9-3 708608]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-8-26 134944]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-8-27 144672]
R2 SteamWatch;SteamWatch;C:\Program Files (x86)\SteamWatch\SteamWatch.exe [2010-5-1 18944]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-1-5 67664]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2009-10-7 489832]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-27 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-27 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 KAPFA;KAPFA;C:\Windows\System32\drivers\kapfa.sys [2010-9-3 32328]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-14 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-26 129440]
S3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2009-12-1 20352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2009-12-1 29952]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2009-12-2 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-24 1255736]

=============== Created Last 30 ================

2011-02-20 00:05:09 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C1920A42-AA96-4B2D-8582-8B40C7C2071D}\mpengine.dll
2011-02-17 08:43:59 -------- d-----w- C:\Users\james\AppData\Local\Activision
2011-02-17 06:46:52 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-02-17 06:43:11 -------- d-----w- C:\ATI
2011-02-16 07:11:55 110592 ----a-w- C:\temp\KLicense.exe
2011-02-16 07:11:03 184320 ----a-w- C:\temp\kPtchMgt2.dll
2011-02-15 07:09:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-14 08:28:35 -------- d-----w- C:\Program Files (x86)\GnuWin32
2011-02-11 07:19:39 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-10 08:58:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-10 08:58:18 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-10 08:58:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-10 08:58:18 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-10 08:57:35 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-10 08:57:34 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-10 08:57:34 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-10 08:57:33 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-10 08:56:49 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-10 08:56:49 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-10 08:55:52 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-10 08:55:52 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-10 08:55:51 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-10 08:55:51 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-02-10 08:55:50 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-02-08 09:28:10 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter
2011-02-07 08:37:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-07 08:18:22 98816 ----a-w- C:\Windows\sed.exe
2011-02-07 08:18:22 89088 ----a-w- C:\Windows\MBR.exe
2011-02-07 08:18:22 256512 ----a-w- C:\Windows\PEV.exe
2011-02-07 08:18:22 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-01 02:50:14 -------- d-----w- C:\Users\james\AppData\Roaming\Mumble
2011-01-31 23:08:22 -------- d-----w- C:\Program Files (x86)\Mumble
2011-01-30 03:57:00 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57:00 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-25 14:03:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-01-25 14:00:48 -------- d-----w- C:\Users\james\AppData\Local\Futuremark_Corporation
2011-01-25 13:59:44 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2011-01-25 13:58:50 -------- d-----w- C:\Program Files\Futuremark
2011-01-25 09:18:08 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-01-25 09:18:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-01-25 09:16:08 -------- d-----w- C:\Program Files\ATI
2011-01-25 09:15:37 -------- d-----w- C:\Program Files\ATI Technologies

==================== Find3M ====================

2011-02-02 06:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-12-30 03:21:48 90192 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2010-12-30 03:21:42 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2010-12-30 03:21:30 146000 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2010-12-20 07:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-19 05:25:33 310728 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-12-19 05:15:57 42696 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2010-12-10 07:29:30 64864 ----a-w- C:\Windows\SysWow64\sqlctr90.dll
2010-12-07 01:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 01:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll

============= FINISH: 12:33:08.34 ===============

I appreciate you are all volunteers and your time is valuable. Thank you again in advance for looking at this, you guys rock :)

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 21 February 2011 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 24 February 2011 - 04:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 24 February 2011 - 06:51 PM

Hi Gringo,

Thanks for the reply. I really appreciate the time you and your colleagues put into helping strangers :)

Logs are pasted below. I have had no other problems with this computer, only the occasional redirect from google searches (blocked by Trend Micro), and some website advertisements are also blocked by Trend Micro - they are also being intercepted and redireted to the same malicious URLs.

I'm a little confused about how to post the Attach.txt log - the program says not to paste it, but to zip it and attach it, however you've specifically asked me to paste it, so I have pasted it. :)

Thanks again.

James.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by james at 10:44:33.17 on Fri 25/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.5119.3018 [GMT 11:00]

AV: Trend Micro Security Agent *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Security Agent *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaseya\Agent\AgentMon.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\SteamWatch\SteamWatch.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe
C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Brother\Brmfl06a\FAXRX.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Kaseya\Agent\KaUsrTsk.exe
C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\james\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://companyweb
uDefault_Page_URL = hxxp://companyweb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\TmIEPlg32.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoToAssist Express Expert] "C:\Users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" "/Trigger RunAtLogon"
uRun: [SteamWatchTray] C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Kaseya Agent Service Helper] "C:\Program Files (x86)\Kaseya\Agent\KaUsrTsk.exe"
mRun: [BGInfo] "C:\Windows\bginfo.cmd"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
StartupFolder: C:\Users\james\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAXRX.lnk - C:\Program Files (x86)\Brother\Brmfl06a\FAXRX.exe
StartupFolder: C:\Users\james\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Background Download As - C:\BITS_Plugin\bits_ie.htm
IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: ambrylegal.com.au\mail
Trusted Zone: ato.gov.au
Trusted Zone: ato.gov.au\bp
Trusted Zone: ato.gov.au\pki
Trusted Zone: btjunkie.org
Trusted Zone: dell.com\dtt
Trusted Zone: jamesfeldman.net\www
Trusted Zone: nationalwarranties.com.au\www
Trusted Zone: trendmicro.com\olr
Trusted Zone: trendmicro.com\wfrm-apaca
Trusted Zone: trendmicro.com\wfrm-us
Trusted Zone: turbine.com\trial
Trusted Zone: twoplums.com.au\ssl
Trusted Zone: utorrent.com\search
Trusted Zone: google.com
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://sbs2008.pcdoctor.local:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://sbs2008.pcdoctor.local:4343/officescan/console/ClientInstall/setup.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://support/inc/kaxRemote.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} - hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
TCP: {5543582C-DA8A-44B5-B1F7-789EDC80F6DD} = 192.168.30.8,192.168.30.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1106\6.6.1077\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [VX1000] C:\Windows\vVX1000.exe
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\p5vpo4m8.default\
FF - prefs.js: browser.startup.homepage - hxxps://spreadsheets.google.com/ccc?key=0ArdQEPu4lyK9dDZRbUlVSk1ZSHFmcDR5Q3B5bmhqV1E&hl=en#gid=6
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\firefoxextension\components\TmFFExt.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
FF - plugin: C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\james\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Users\james\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\firefoxextension

============= SERVICES / DRIVERS ===============

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-1-5 268504]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 231272]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2009-10-7 109928]
R2 KaseyaAgent;Kaseya Agent;C:\Program Files (x86)\Kaseya\Agent\AgentMon.exe [2010-9-3 708608]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-8-26 134944]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-8-27 144672]
R2 SteamWatch;SteamWatch;C:\Program Files (x86)\SteamWatch\SteamWatch.exe [2010-5-1 18944]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-1-5 67664]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2009-10-7 489832]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-27 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-27 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 KAPFA;KAPFA;C:\Windows\System32\drivers\kapfa.sys [2010-9-3 32328]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-14 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-26 129440]
S3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2009-12-1 20352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2009-12-1 29952]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2009-12-2 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-24 1255736]

=============== Created Last 30 ================

2011-02-23 07:06:48 110592 ----a-w- C:\temp\KLicense.exe
2011-02-23 07:05:14 184320 ----a-w- C:\temp\kPtchMgt2.dll
2011-02-20 00:05:09 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C1920A42-AA96-4B2D-8582-8B40C7C2071D}\mpengine.dll
2011-02-17 08:43:59 -------- d-----w- C:\Users\james\AppData\Local\Activision
2011-02-17 06:46:52 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-02-17 06:43:11 -------- d-----w- C:\ATI
2011-02-15 07:09:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-14 08:28:35 -------- d-----w- C:\Program Files (x86)\GnuWin32
2011-02-11 07:19:39 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-10 08:58:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-10 08:58:18 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-10 08:58:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-10 08:58:18 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-10 08:57:35 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-10 08:57:34 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-10 08:57:34 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-10 08:57:33 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-10 08:56:49 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-10 08:56:49 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-10 08:55:52 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-10 08:55:52 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-10 08:55:51 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-10 08:55:51 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-02-10 08:55:50 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-02-08 09:28:10 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter
2011-02-07 08:37:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-07 08:18:22 98816 ----a-w- C:\Windows\sed.exe
2011-02-07 08:18:22 89088 ----a-w- C:\Windows\MBR.exe
2011-02-07 08:18:22 256512 ----a-w- C:\Windows\PEV.exe
2011-02-07 08:18:22 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-01 02:50:14 -------- d-----w- C:\Users\james\AppData\Roaming\Mumble
2011-01-31 23:08:22 -------- d-----w- C:\Program Files (x86)\Mumble
2011-01-30 03:57:00 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57:00 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

==================== Find3M ====================

2011-02-02 06:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-12-30 03:21:48 90192 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2010-12-30 03:21:42 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2010-12-30 03:21:30 146000 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2010-12-20 07:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-19 05:25:33 310728 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2010-12-19 05:15:57 42696 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2010-12-10 07:29:30 64864 ----a-w- C:\Windows\SysWow64\sqlctr90.dll
2010-12-07 01:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 01:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll

============= FINISH: 10:46:27.98 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2009 3:37:04 PM
System Uptime: 25/02/2011 9:24:36 AM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K
Processor: Intel® Core™2 Quad CPU @ 2.40GHz | LGA775 | 2394/266mhz

==== Disk Partitions =========================

B: is Removable
C: is FIXED (NTFS) - 298 GiB total, 86.505 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 47.596 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 514.488 GiB free.
F: is CDROM ()
H: is Removable
Z: is NetworkDisk (NTFS) - 30 GiB total, 1.898 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&20D7719E&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&20D7719E&0
Service: i8042prt

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
Manufacturer: Atheros
Name: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller
PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&18BA0AA4&0&00E5
Service: AtcL001

==== System Restore Points ===================

RP592: 10/02/2011 7:54:59 PM - Windows Update
RP593: 10/02/2011 7:56:24 PM - Windows Update
RP594: 10/02/2011 7:57:06 PM - Windows Update
RP595: 10/02/2011 7:57:54 PM - Windows Update
RP596: 11/02/2011 6:18:49 PM - Windows Update
RP597: 15/02/2011 12:27:46 PM - Installed Opera 11.01.
RP598: 17/02/2011 12:33:41 PM - Installed Mumble 1.2.3
RP599: 17/02/2011 2:06:25 PM - Installed DirectX
RP600: 19/02/2011 10:18:28 PM - Installed Mumble 1.2.3
RP601: 20/02/2011 11:04:38 AM - Windows Update
RP602: 21/02/2011 11:27:34 AM - Windows Backup

==== Installed Programs ======================

3DMark 11
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Advanced Security for Outlook
Advertising Center
Alien Swarm
Apple Application Support
Apple Software Update
ArcaniA - Gothic 4 Demo
Artisteer 2
Astroburn Lite
ASUSUpdate
ATI Catalyst Registration
µTorrent
AUSkey software 1.3.15.0
AUSTAR AnyWhere
Batman: Arkham Asylum
BigPond Media Downloader
BOB Version 1.0
Brother MFL-Pro Suite MFC-5460CN
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CeRegEditor 0.0.5.1
Clone Wars
Common-Use Signing Interface
Crystal Reports for Visual Studio
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell Driver Download Manager
DiRT 2
DolbyFiles
Dotfuscator Software Services - Community Edition
Dragon Age II Demo
Dragon Age: Origins
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
EasyBCD 2.0
Feedback Tool
Foxit PDF Preview Handler
Foxit Reader
Free M4a to MP3 Converter 6.1
Free Mp3 Wma Converter V 1.91
FUEL
Futuremark SystemInfo
GnuWin32: Wget-1.11.4-1
GoToAssist Expert 1.5.0.258
GoToMeeting 4.5.0.457
GRID
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971092)
HP Download Manager
ImagXpress
iReasoning MIB Browser (remove only)
Java Auto Updater
Java™ 6 Update 23
Kaseya Agent
LEGO Star Wars II
M-Powered Import Assist
Malwarebytes' Anti-Malware
Mass Effect 2
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Corporation
Microsoft Document Explorer 2008
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 3
Microsoft Expression Design 4
Microsoft Expression Encoder 3
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Expression Web 4
Microsoft Financing Calculator
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Press Training Kit Exam Prep Suite 70-653
Microsoft Primary Interoperability Assemblies 2005
Microsoft RichCopy 4.0
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
MIKSOFT Mobile AMR converter
Movie Templates - Starter Kit
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MTX
Mumble 1.2.3
MYOB Accounting Plus v18.5
MYOB AccountRight Plus v19
MYOB ODBC Direct v10 AUS
MYOB ODBC Direct v9 AUS
Nero 9
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Move it
Nero Move it Help
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero RescueAgent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Nuance OmniPage 17
Nuance PaperPort 12
Nuance PDF Converter Professional 7
NVIDIA PhysX
Oblivion
OE-Mail Recovery 1.7
Ogg Codecs 0.81.15562
OpenAL
Opera 11.01
Pando Media Booster
Plants vs. Zombies Demo
QuickTime
Rapture3D 2.3.26 Game
Razer Lachesis
Razor2: Hidden Skies - Demo
Resource Tuner 1.99 R6
Rhythm Zone - Demo
Safari
Scansoft PDF Professional
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972222)
Security Update for Microsoft Word 2010 (KB2345000)
Ship Simulator Extremes Demo
Sid Meier's Civilization V - Demo
Skype Toolbars
Skype™ 5.0
Skype™ for Windows Mobile 3.0
SmartFTP Client Setup Files 4.0 (x64) (remove only)
SoundTrax
Spybot - Search & Destroy
Steam Assistance
SteamWatch
TextPad 5
Tftpd32 Standalone Edition (remove only)
The Lord of the Rings Online™
The Polynomial - Demo
The Witcher
ToCA Race Driver 3
Torchlight Demo
UBCD4Win 3.60
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB983403)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VC Runtimes MSI
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual Studio 2005 Extensions for Windows Workflow Foundation
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VisualLightBox
Windows 7 USB/DVD Download Tool
Windows Home Server Toolkit 1.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows SharePoint Services Developer Resources 1.5 English
Windows Small Business Server 2008 WMI Provider
Wings of Prey - Demo
WinPcap 4.1.1
WinRAR archiver
Wireshark 1.2.8
WMPTagSupportExtender
WPF Toolkit February 2010 (Version 3.5.50211.1)

==== Event Viewer Messages From Past Week ========

25/02/2011 9:25:19 AM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
25/02/2011 9:25:19 AM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.

==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 24 February 2011 - 09:03 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 25 February 2011 - 07:03 PM

Hi Gringo,

Combofix scanned then restarted the PC, then created the log below. There were no problems.

So far there is no sign of the redirect infection, but it is too soon to be sure. Sometimes I can click 20 search result before it kicks in. Can you tell from the logs whether Combofix found and removed anything?

Regards, and thanks again.

James.

ComboFix 11-02-24.05 - james 26/02/2011 0:49.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.5119.2885 [GMT 11:00]
Running from: e:\downloads\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Security Agent *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 13:55 . 2011-02-25 13:55 -------- d-----w- c:\users\LocalUser\AppData\Local\temp
2011-02-25 13:55 . 2011-02-25 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-25 13:55 . 2011-02-25 13:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-02-25 13:55 . 2011-02-25 13:55 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-02-23 07:06 . 2011-02-23 07:06 110592 ----a-w- c:\temp\KLicense.exe
2011-02-23 07:05 . 2011-02-23 07:05 184320 ----a-w- c:\temp\kPtchMgt2.dll
2011-02-20 00:05 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1920A42-AA96-4B2D-8582-8B40C7C2071D}\mpengine.dll
2011-02-17 08:43 . 2011-02-17 08:43 -------- d-----w- c:\users\james\AppData\Local\Activision
2011-02-17 08:01 . 2011-02-17 08:01 -------- d-----w- c:\programdata\ATI
2011-02-17 06:46 . 2011-02-17 06:46 -------- d-----w- c:\program files (x86)\ATI Stream
2011-02-17 06:43 . 2011-02-17 06:43 -------- d-----w- C:\ATI
2011-02-15 07:09 . 2011-02-15 07:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-14 08:28 . 2011-02-14 08:28 -------- d-----w- c:\program files (x86)\GnuWin32
2011-02-11 07:19 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 08:58 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-10 08:58 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-10 08:58 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 08:58 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-10 08:57 . 2010-12-18 03:35 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-10 08:57 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-02-10 08:57 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-10 08:57 . 2010-12-18 03:39 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-10 08:56 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 08:56 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-10 08:55 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 08:55 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-02-10 08:55 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 08:55 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-10 08:55 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-02-08 09:28 . 2011-02-08 09:28 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter
2011-02-01 02:50 . 2011-02-19 11:44 -------- d-----w- c:\users\james\AppData\Roaming\Mumble
2011-01-31 23:08 . 2011-02-19 11:19 -------- d-----w- c:\program files (x86)\Mumble
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 06:11 . 2009-12-04 13:17 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 22:59 . 2010-11-26 02:57 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:40 . 2010-11-26 02:40 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:20 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:12 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-12-30 03:21 . 2011-01-05 01:22 90192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-12-30 03:21 . 2011-01-05 01:22 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-12-30 03:21 . 2011-01-05 01:22 146000 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-12-20 07:09 . 2010-10-20 06:07 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-10-20 06:07 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 05:25 . 2010-12-19 05:15 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-19 05:15 . 2010-12-19 05:15 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-10 07:29 . 2010-12-10 07:29 64864 ----a-w- c:\windows\SysWow64\sqlctr90.dll
2010-12-07 01:17 . 2010-12-07 01:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 01:15 . 2010-12-07 01:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-07_08.27.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-08 09:21 . 1998-07-12 13:00 21504 c:\windows\SysWOW64\TABCTFR.DLL
+ 2011-02-08 09:21 . 1998-07-12 13:00 59904 c:\windows\SysWOW64\Mscc2fr.dll
+ 2011-02-08 09:21 . 1998-07-12 13:00 15360 c:\windows\SysWOW64\inetfr.DLL
- 2009-07-14 04:54 . 2011-01-19 03:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-15 21:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-19 03:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 21:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-19 03:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 21:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-08 09:21 . 1998-07-12 09:00 32768 c:\windows\SysWOW64\CMDLGFR.DLL
+ 2009-12-01 07:45 . 2011-02-24 00:19 85384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-24 22:28 43144 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-01 07:45 . 2011-02-24 22:28 18810 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-310268488-1452992522-1744281412-1107_UserData.bin
- 2009-07-14 05:30 . 2011-01-28 03:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-02-17 06:45 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-01-26 22:20 . 2011-01-26 22:20 58880 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\coinst.dll
+ 2011-01-26 22:12 . 2011-01-26 22:12 30720 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiuxpag.dll
+ 2011-01-26 22:12 . 2011-01-26 22:12 39936 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiuxp64.dll
+ 2011-01-26 22:12 . 2011-01-26 22:12 28672 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiu9pag.dll
+ 2011-01-26 22:12 . 2011-01-26 22:12 38400 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiu9p64.dll
+ 2009-06-22 16:34 . 2009-06-22 16:34 51200 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\ATIODCLI.exe
+ 2011-01-26 22:53 . 2011-01-26 22:53 16384 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atimuixx.dll
+ 2011-01-26 22:08 . 2011-01-26 22:08 53760 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atimpc64.dll
+ 2011-01-26 22:08 . 2011-01-26 22:08 52736 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atimpc32.dll
+ 2011-01-26 22:13 . 2011-01-26 22:13 12800 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiglpxx.dll
+ 2011-01-26 22:13 . 2011-01-26 22:13 32768 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atigktxx.dll
+ 2011-01-26 22:13 . 2011-01-26 22:13 39936 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atig6txx.dll
+ 2011-01-26 22:13 . 2011-01-26 22:13 14848 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atig6pxx.dll
+ 2011-01-26 22:53 . 2011-01-26 22:53 59392 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiedu64.dll
+ 2011-01-26 22:27 . 2011-01-26 22:27 51200 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticalrt64.dll
+ 2011-01-26 22:27 . 2011-01-26 22:27 46080 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticalrt.dll
+ 2011-01-26 22:27 . 2011-01-26 22:27 44544 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticalcl64.dll
+ 2011-01-26 22:27 . 2011-01-26 22:27 44032 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticalcl.dll
+ 2011-01-26 22:11 . 2011-01-26 22:11 53248 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\ati2erec.dll
+ 2011-01-26 22:53 . 2011-01-26 22:53 43520 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\ati2edxx.dll
+ 2010-09-03 07:30 . 2010-05-19 05:22 32328 c:\windows\system32\drivers\kapfa.sys
- 2010-09-03 07:30 . 2010-05-19 06:22 32328 c:\windows\system32\drivers\kapfa.sys
- 2009-12-01 04:54 . 2011-02-07 01:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2009-12-01 04:54 . 2011-02-25 14:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2009-12-01 04:35 . 2011-02-25 14:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 04:35 . 2011-02-07 01:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 04:54 . 2011-02-07 01:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2009-12-01 04:54 . 2011-02-25 14:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2009-12-01 04:35 . 2011-02-25 14:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 04:35 . 2011-02-07 01:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 04:54 . 2011-02-07 01:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-12-01 04:54 . 2011-02-25 14:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-25 14:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-07 01:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 04:37 . 2011-02-16 22:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 04:37 . 2011-02-03 21:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-02-24 07:20 74048 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-01 09:32 . 2011-02-03 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 09:32 . 2011-02-16 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-17 06:44 . 2011-02-17 06:44 77542 c:\windows\Installer\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-02-17 06:44 . 2011-02-17 06:44 77542 c:\windows\Installer\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-02-17 06:44 . 2011-02-17 06:44 77542 c:\windows\Installer\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-02-17 06:44 . 2011-02-17 06:44 77542 c:\windows\Installer\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
+ 2011-02-17 06:44 . 2011-02-17 06:44 77542 c:\windows\Installer\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 10134 c:\windows\Installer\{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 77542 c:\windows\Installer\{22441735-5983-AD2A-5CC5-FA2CCD7EF732}\NewShortcut51_D3538F685BD744C4BDA6409F18EBBF3E.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 10134 c:\windows\Installer\{22441735-5983-AD2A-5CC5-FA2CCD7EF732}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 10134 c:\windows\Installer\{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}\ARPPRODUCTICON.exe
+ 2010-09-22 17:47 . 2010-09-22 17:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-22 16:03 . 2010-09-22 16:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-22 15:52 . 2010-09-22 15:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 07:12 . 2010-09-22 07:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
- 2011-01-13 05:25 . 2011-01-13 05:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-12-21 02:27 . 2010-12-21 02:27 3113 c:\windows\SysWOW64\atipblag.dat
+ 2009-12-03 06:49 . 2011-02-17 13:04 5770 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-12-03 00:43 . 2011-02-17 08:00 3098 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-02-17 04:33 . 2011-02-17 04:33 9560 c:\windows\system32\NetworkList\Icons\{08422C73-C706-4FE6-A8FD-50A5E11408A8}_48.bin
+ 2011-02-17 04:33 . 2011-02-17 04:33 4280 c:\windows\system32\NetworkList\Icons\{08422C73-C706-4FE6-A8FD-50A5E11408A8}_32.bin
+ 2011-02-17 04:33 . 2011-02-17 04:33 2456 c:\windows\system32\NetworkList\Icons\{08422C73-C706-4FE6-A8FD-50A5E11408A8}_24.bin
+ 2010-12-21 02:27 . 2010-12-21 02:27 3113 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atipblag.dat
+ 2010-12-21 02:27 . 2010-12-21 02:27 3113 c:\windows\system32\atipblag.dat
- 2011-02-07 07:54 . 2011-02-07 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-25 13:57 . 2011-02-25 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-25 13:57 . 2011-02-25 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-07 07:54 . 2011-02-07 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-17 06:44 . 2011-02-17 06:44 9158 c:\windows\Installer\{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 9158 c:\windows\Installer\{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 9158 c:\windows\Installer\{AA945C94-285E-DE48-A30F-70105C6580DE}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 9158 c:\windows\Installer\{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}\ARPPRODUCTICON.exe
+ 2011-02-17 06:46 . 2011-02-17 06:46 9158 c:\windows\Installer\{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}\ARPPRODUCTICON.exe
+ 2011-02-08 09:21 . 2005-02-24 01:51 348160 c:\windows\SysWOW64\WMAFile.dll
+ 2011-02-08 09:21 . 2000-10-01 09:00 119568 c:\windows\SysWOW64\VB6FR.DLL
+ 2011-02-08 09:21 . 2000-11-28 16:07 307200 c:\windows\SysWOW64\msvcr70.dll
+ 2011-02-08 09:21 . 1998-07-12 13:00 141312 c:\windows\SysWOW64\MSCMCFR.DLL
+ 2011-02-15 21:54 . 2011-02-15 21:54 234656 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
+ 2011-02-15 21:54 . 2011-02-15 21:54 311456 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.dll
+ 2011-02-08 09:21 . 2008-09-24 10:33 484352 c:\windows\SysWOW64\lame_enc.dll
+ 2010-09-03 07:30 . 2010-05-20 07:46 135168 c:\windows\SysWOW64\kaseyasp.dll
- 2010-09-03 07:30 . 2010-05-20 08:46 135168 c:\windows\SysWOW64\kaseyasp.dll
+ 2011-02-10 08:57 . 2010-12-18 03:13 176640 c:\windows\SysWOW64\ieui.dll
- 2011-01-17 22:33 . 2010-11-01 22:57 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-02-08 09:21 . 2005-02-24 05:21 458752 c:\windows\SysWOW64\AudPlayer.dll
+ 2011-02-08 09:21 . 2005-02-24 02:11 479232 c:\windows\SysWOW64\AudioVisu.dll
+ 2011-02-08 09:21 . 2005-03-10 06:00 454656 c:\windows\SysWOW64\AudioRecord.dll
+ 2011-02-08 09:21 . 2005-02-24 02:10 417792 c:\windows\SysWOW64\AudDisplay.dll
+ 2010-02-18 19:48 . 2011-02-17 08:00 323516 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-02 00:50 . 2011-02-24 10:35 432702 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-02-04 03:36 798098 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-24 22:30 798098 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-24 22:30 171212 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-04 03:36 171212 c:\windows\system32\perfc009.dat
- 2011-01-17 22:33 . 2010-11-09 03:50 242688 c:\windows\system32\ieui.dll
+ 2011-02-10 08:57 . 2010-12-18 03:32 242688 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2010-12-15 22:26 417624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-02-11 07:21 417624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-02-17 06:45 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-01-28 03:37 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-01-28 03:37 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-02-17 06:44 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-01-26 22:53 . 2011-01-26 22:53 278528 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\Oemdspif.dll
+ 2011-01-26 22:54 . 2011-01-26 22:54 120320 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atitmm64.dll
+ 2011-01-26 22:53 . 2011-01-26 22:53 356352 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atipdlxx.dll
+ 2011-01-26 22:54 . 2011-01-26 22:54 423424 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atipdl64.dll
+ 2010-08-27 19:33 . 2010-08-27 19:33 332800 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\ATIODE.exe
+ 2011-01-26 22:13 . 2011-01-26 22:13 299520 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atikmpag.sys
+ 2010-12-17 16:00 . 2010-12-17 16:00 227587 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiicdxx.dat
+ 2011-01-26 22:55 . 2011-01-26 22:55 203776 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiesrxx.exe
+ 2011-01-26 22:56 . 2011-01-26 22:56 479232 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atieclxx.exe
+ 2011-01-26 22:56 . 2011-01-26 22:56 462848 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\ATIDEMGX.dll
+ 2011-01-26 22:59 . 2011-01-26 22:59 708608 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticfx64.dll
+ 2011-01-26 23:00 . 2011-01-26 23:00 596480 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticfx32.dll
+ 2009-05-11 22:35 . 2009-05-11 22:35 118784 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atibtmon.exe
+ 2011-01-26 23:00 . 2011-01-26 23:00 143360 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiapfxx.exe
+ 2011-01-26 22:14 . 2011-01-26 22:14 249856 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiadlxy.dll
+ 2011-01-26 22:14 . 2011-01-26 22:14 354304 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiadlxx.dll
- 2009-07-14 05:12 . 2010-12-02 05:37 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-02-22 02:19 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-17 16:00 . 2010-12-17 16:00 227587 c:\windows\system32\atiicdxx.dat
+ 2010-10-21 07:18 . 2011-02-23 13:18 587120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-02-25 13:55 395448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-07 07:53 395448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-29 14:59 . 2011-02-11 13:35 791372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-310268488-1452992522-1744281412-1107-12288.dat
- 2010-09-29 14:59 . 2011-02-02 14:19 791372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-310268488-1452992522-1744281412-1107-12288.dat
+ 2011-02-02 17:43 . 2011-02-02 17:43 275968 c:\windows\Installer\1bcb2df.msi
+ 2011-02-02 17:43 . 2011-02-02 17:43 604672 c:\windows\Installer\1bcb2d8.msi
+ 2011-01-12 22:17 . 2011-01-12 22:17 562176 c:\windows\Installer\1bcb2ca.msi
+ 2011-02-02 17:43 . 2011-02-02 17:43 509952 c:\windows\Installer\1bcb144.msi
+ 2010-09-10 07:17 . 2010-09-10 07:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-22 09:41 . 2010-09-22 09:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-22 17:47 . 2010-09-22 17:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 07:04 . 2010-09-22 07:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-22 08:39 . 2010-09-22 08:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-22 07:50 . 2010-09-22 07:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-02-17 03:07 . 2011-02-17 03:07 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-02-08 09:21 . 2005-02-24 02:11 1212416 c:\windows\SysWOW64\AudioInfos.dll
+ 2011-02-08 09:21 . 2005-03-11 07:37 1986560 c:\windows\SysWOW64\AudFile.dll
+ 2011-02-08 09:21 . 2005-02-24 02:10 2084864 c:\windows\SysWOW64\AudDesign.dll
+ 2011-01-26 22:24 . 2011-01-26 22:24 3463680 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiumdva.dll
+ 2011-01-26 22:32 . 2011-01-26 22:32 1912832 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiumdmv.dll
+ 2011-01-26 22:28 . 2011-01-26 22:28 4170752 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiumdag.dll
+ 2011-01-26 22:32 . 2011-01-26 22:32 1208320 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiumd6v.dll
+ 2011-01-26 22:32 . 2011-01-26 22:32 3222016 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiumd6a.dll
+ 2011-01-26 22:21 . 2011-01-26 22:21 5316096 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atiumd64.dll
+ 2011-01-26 23:37 . 2011-01-26 23:37 9085952 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atikmdag.sys
+ 2011-01-26 22:40 . 2011-01-26 22:40 4847616 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atidxx64.dll
+ 2011-01-26 22:49 . 2011-01-26 22:49 4105728 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atidxx32.dll
+ 2011-01-26 22:27 . 2011-01-26 22:27 6982144 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticaldd64.dll
+ 2011-01-26 22:25 . 2011-01-26 22:25 5580800 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\aticaldd.dll
+ 2009-07-14 04:45 . 2011-02-11 07:25 3675875 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-01-17 22:57 3675875 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-08-25 14:16 . 2010-08-25 14:16 1061376 c:\windows\Installer\1bcb2ee.msi
+ 2011-02-02 17:45 . 2011-02-02 17:45 1772544 c:\windows\Installer\1bcb2d1.msi
+ 2011-02-02 17:41 . 2011-02-02 17:41 6749696 c:\windows\Installer\1bcb14c.msi
+ 2010-09-22 07:05 . 2010-09-22 07:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-19 06:51 . 2010-06-19 06:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-13 05:25 . 2011-01-13 05:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-17 03:07 . 2011-02-17 03:07 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-02-10 08:57 . 2010-12-18 03:27 10201600 c:\windows\SysWOW64\mshtml.dll
- 2011-01-17 22:33 . 2010-11-01 23:04 12348928 c:\windows\SysWOW64\ieframe.dll
+ 2011-02-10 08:57 . 2010-12-18 03:22 12348928 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 02:34 . 2011-02-25 07:09 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-02-07 07:17 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-10 08:57 . 2010-12-18 03:51 16625664 c:\windows\system32\mshtml.dll
- 2011-01-17 22:33 . 2010-11-09 04:00 13632512 c:\windows\system32\ieframe.dll
+ 2011-02-10 08:57 . 2010-12-18 03:45 13632512 c:\windows\system32\ieframe.dll
+ 2011-01-26 22:59 . 2011-01-26 22:59 17204736 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atioglxx.dll
+ 2011-01-26 23:22 . 2011-01-26 23:22 22295040 c:\windows\system32\DriverStore\FileRepository\c7112962.inf_amd64_neutral_31217425a6628719\B112566\atio6axx.dll
+ 2010-04-20 14:36 . 2011-02-25 13:55 10145656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-310268488-1452992522-1744281412-1107-8192.dat
+ 2010-12-04 11:50 . 2011-02-25 13:55 19329993 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-310268488-1452992522-1744281412-1107-4096.dat
+ 2011-02-15 01:27 . 2011-02-15 01:27 12561408 c:\windows\Installer\ac23cd0.msi
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\5c69d.msp
+ 2011-02-19 11:18 . 2011-02-19 11:18 15252480 c:\windows\Installer\2e675a2.msi
+ 2002-01-11 23:13 . 2002-01-11 23:13 21954560 c:\windows\Installer\1bcb2f5.msi
+ 2011-02-02 17:43 . 2011-02-02 17:43 11232768 c:\windows\Installer\1bcb2e7.msi
+ 2010-09-22 16:03 . 2010-09-22 16:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"GoToAssist Express Expert"="c:\users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" [2010-11-01 149368]
"SteamWatchTray"="c:\program files (x86)\SteamWatch\SteamWatchTray.exe" [2008-04-10 15360]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-15 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Kaseya Agent Service Helper"="c:\program files (x86)\Kaseya\Agent\KaUsrTsk.exe" [2010-05-20 241664]
"BGInfo"="c:\windows\bginfo.cmd" [2010-10-07 54]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files (x86)\Brother\Brmfl06a\FAXRX.exe [2009-12-7 524288]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-12 61440]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-09-30 20352]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-28 49152]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-10-16 29952]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-07-22 16384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-24 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-05 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 231272]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 109928]
S2 KaseyaAgent;Kaseya Agent;c:\program files (x86)\Kaseya\Agent\AgentMon.exe [2010-05-20 708608]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-08-25 134944]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-08-27 144672]
S2 SteamWatch;SteamWatch;c:\program files (x86)\SteamWatch\SteamWatch.exe [2008-04-10 18944]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-12-30 67664]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 489832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 660360]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762224]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-26 194080]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Background Download As - c:\bits_plugin\bits_ie.htm
IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
Trusted Zone: ambrylegal.com.au\mail
Trusted Zone: ato.gov.au
Trusted Zone: ato.gov.au\bp
Trusted Zone: ato.gov.au\pki
Trusted Zone: btjunkie.org
Trusted Zone: dell.com\dtt
Trusted Zone: jamesfeldman.net\www
Trusted Zone: nationalwarranties.com.au\www
Trusted Zone: trendmicro.com\olr
Trusted Zone: trendmicro.com\wfrm-apaca
Trusted Zone: trendmicro.com\wfrm-us
Trusted Zone: turbine.com\trial
Trusted Zone: twoplums.com.au\ssl
Trusted Zone: utorrent.com\search
Trusted Zone: google.com
TCP: {5543582C-DA8A-44B5-B1F7-789EDC80F6DD} = 192.168.30.8,192.168.30.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\james\AppData\Roaming\Mozilla\Firefox\Profiles\p5vpo4m8.default\
FF - prefs.js: browser.startup.homepage - hxxps://spreadsheets.google.com/ccc?key=0ArdQEPu4lyK9dDZRbUlVSk1ZSHFmcDR5Q3B5bmhqV1E&hl=en#gid=6
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.6.1106\6.6.1077\firefoxextension
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-310268488-1452992522-1744281412-1107\Software\SecuROM\License information*]
"datasecu"=hex:45,54,a0,eb,90,ba,36,79,c2,fa,82,e1,7a,5b,7c,80,ba,87,c9,2d,b7,
35,c0,a5,0b,98,7d,e3,4e,be,43,0c,bc,77,ac,02,2d,b1,fd,ee,c1,5b,af,ee,66,00,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe
c:\users\james\AppData\Local\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Razer\Lachesis\razerofa.exe
.
**************************************************************************
.
Completion time: 2011-02-26 01:30:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-25 14:30
ComboFix2.txt 2011-02-07 08:29

Pre-Run: 92,823,060,480 bytes free
Post-Run: 92,502,233,088 bytes free

- - End Of File - - 8C07109EA9DA92D5D2E3B308C67A00F3

#6 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 26 February 2011 - 10:04 PM

Nope - the problem is still there. Just got 2 random redirects to http://drvtrf.com/
They weren't from a Google search result, but happened when clicking an internal link on a reputable website (theoldergamers.com - been a member for many years).

Regards,

James.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 26 February 2011 - 10:20 PM

Hello

does this only happen on the one webpage?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 February 2011 - 03:04 AM

Hi Gringo,

This happens on more than just one site. It is still happening when clicking on some google search results, and randomly when navigating between and within different web sites.

tdsskiller found no rootkits. Here's the log.

Thanks,

James.

2011/02/27 19:01:35.0757 2908 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/27 19:01:36.0911 2908 ================================================================================
2011/02/27 19:01:36.0911 2908 SystemInfo:
2011/02/27 19:01:36.0911 2908
2011/02/27 19:01:36.0911 2908 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/27 19:01:36.0911 2908 Product type: Workstation
2011/02/27 19:01:36.0911 2908 ComputerName: 7TWO
2011/02/27 19:01:36.0911 2908 UserName: james
2011/02/27 19:01:36.0911 2908 Windows directory: C:\Windows
2011/02/27 19:01:36.0911 2908 System windows directory: C:\Windows
2011/02/27 19:01:36.0911 2908 Running under WOW64
2011/02/27 19:01:36.0911 2908 Processor architecture: Intel x64
2011/02/27 19:01:36.0911 2908 Number of processors: 4
2011/02/27 19:01:36.0911 2908 Page size: 0x1000
2011/02/27 19:01:36.0911 2908 Boot type: Normal boot
2011/02/27 19:01:36.0911 2908 ================================================================================
2011/02/27 19:01:37.0581 2908 Initialize success
2011/02/27 19:01:43.0506 5684 ================================================================================
2011/02/27 19:01:43.0506 5684 Scan started
2011/02/27 19:01:43.0506 5684 Mode: Manual;
2011/02/27 19:01:43.0506 5684 ================================================================================
2011/02/27 19:01:44.0675 5684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/27 19:01:44.0722 5684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/27 19:01:44.0753 5684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/27 19:01:44.0800 5684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/27 19:01:44.0831 5684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/27 19:01:44.0878 5684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/27 19:01:44.0925 5684 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/27 19:01:44.0956 5684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/27 19:01:44.0987 5684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/27 19:01:45.0034 5684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/27 19:01:45.0049 5684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/27 19:01:45.0299 5684 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/27 19:01:45.0424 5684 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/27 19:01:45.0470 5684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/27 19:01:45.0517 5684 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/27 19:01:45.0564 5684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/27 19:01:45.0595 5684 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/27 19:01:45.0689 5684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/27 19:01:45.0751 5684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/27 19:01:45.0782 5684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/27 19:01:45.0860 5684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/27 19:01:45.0876 5684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/27 19:01:45.0923 5684 AtcL001 (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys
2011/02/27 19:01:45.0985 5684 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/02/27 19:01:46.0032 5684 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
2011/02/27 19:01:46.0266 5684 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/27 19:01:46.0453 5684 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
2011/02/27 19:01:46.0531 5684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/27 19:01:46.0577 5684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/27 19:01:46.0609 5684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/27 19:01:46.0655 5684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/27 19:01:46.0702 5684 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/27 19:01:46.0733 5684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/27 19:01:46.0764 5684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/27 19:01:46.0796 5684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/27 19:01:46.0811 5684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/27 19:01:46.0827 5684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/27 19:01:46.0842 5684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/27 19:01:46.0874 5684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/27 19:01:46.0936 5684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/27 19:01:46.0983 5684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/27 19:01:47.0014 5684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/27 19:01:47.0045 5684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/27 19:01:47.0123 5684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/27 19:01:47.0139 5684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/27 19:01:47.0201 5684 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/27 19:01:47.0217 5684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/27 19:01:47.0248 5684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/27 19:01:47.0295 5684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/27 19:01:47.0341 5684 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/27 19:01:47.0450 5684 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/27 19:01:47.0497 5684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/27 19:01:47.0575 5684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/27 19:01:47.0638 5684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/27 19:01:47.0700 5684 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/27 19:01:47.0809 5684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/27 19:01:47.0887 5684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/27 19:01:47.0918 5684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/27 19:01:47.0981 5684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/27 19:01:48.0012 5684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/27 19:01:48.0043 5684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/27 19:01:48.0074 5684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/27 19:01:48.0090 5684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/27 19:01:48.0121 5684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/27 19:01:48.0136 5684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/27 19:01:48.0168 5684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/27 19:01:48.0199 5684 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/27 19:01:48.0246 5684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/27 19:01:48.0277 5684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/27 19:01:48.0324 5684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/27 19:01:48.0355 5684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/27 19:01:48.0433 5684 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/27 19:01:48.0464 5684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/27 19:01:48.0495 5684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/27 19:01:48.0526 5684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/27 19:01:48.0557 5684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/27 19:01:48.0589 5684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/27 19:01:48.0635 5684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/27 19:01:48.0682 5684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/27 19:01:48.0713 5684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/27 19:01:48.0729 5684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/27 19:01:48.0791 5684 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/27 19:01:48.0854 5684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/27 19:01:48.0885 5684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/27 19:01:48.0932 5684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/27 19:01:48.0947 5684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/27 19:01:48.0978 5684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/27 19:01:49.0010 5684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/27 19:01:49.0056 5684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/27 19:01:49.0087 5684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/27 19:01:49.0119 5684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/27 19:01:49.0197 5684 KAPFA (eb748e3a704564f694e605b4507b0f73) C:\Windows\system32\drivers\KAPFA.SYS
2011/02/27 19:01:49.0259 5684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/27 19:01:49.0306 5684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/27 19:01:49.0321 5684 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/27 19:01:49.0384 5684 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/27 19:01:49.0415 5684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/27 19:01:49.0477 5684 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2011/02/27 19:01:49.0508 5684 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2011/02/27 19:01:49.0555 5684 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/02/27 19:01:49.0602 5684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/27 19:01:49.0649 5684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/27 19:01:49.0680 5684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/27 19:01:49.0711 5684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/27 19:01:49.0742 5684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/27 19:01:49.0773 5684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/27 19:01:49.0820 5684 Lycosa (aecc49af0ac3368027573a5d2f9de351) C:\Windows\system32\drivers\Lycosa.sys
2011/02/27 19:01:49.0851 5684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/27 19:01:49.0883 5684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/27 19:01:49.0945 5684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/27 19:01:49.0976 5684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/27 19:01:49.0992 5684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/27 19:01:50.0023 5684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/27 19:01:50.0038 5684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/27 19:01:50.0070 5684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/27 19:01:50.0116 5684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/27 19:01:50.0148 5684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/27 19:01:50.0179 5684 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/27 19:01:50.0241 5684 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/27 19:01:50.0272 5684 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/27 19:01:50.0304 5684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/27 19:01:50.0350 5684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/27 19:01:50.0397 5684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/27 19:01:50.0428 5684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/27 19:01:50.0444 5684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/27 19:01:50.0491 5684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/27 19:01:50.0506 5684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/27 19:01:50.0537 5684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/27 19:01:50.0569 5684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/27 19:01:50.0584 5684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/27 19:01:50.0631 5684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/27 19:01:50.0678 5684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/27 19:01:50.0724 5684 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/02/27 19:01:50.0756 5684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/27 19:01:50.0802 5684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/27 19:01:50.0849 5684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/27 19:01:50.0880 5684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/27 19:01:50.0927 5684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/27 19:01:50.0958 5684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/27 19:01:51.0005 5684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/27 19:01:51.0021 5684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/27 19:01:51.0083 5684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/27 19:01:51.0114 5684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/27 19:01:51.0192 5684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/27 19:01:51.0255 5684 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
2011/02/27 19:01:51.0286 5684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/27 19:01:51.0301 5684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/27 19:01:51.0364 5684 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/27 19:01:51.0395 5684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/27 19:01:51.0426 5684 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/27 19:01:51.0457 5684 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/27 19:01:51.0488 5684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/27 19:01:51.0520 5684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/27 19:01:51.0598 5684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/27 19:01:51.0629 5684 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/27 19:01:51.0660 5684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/27 19:01:51.0676 5684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/27 19:01:51.0707 5684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/27 19:01:51.0738 5684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/27 19:01:51.0785 5684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/27 19:01:51.0909 5684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/27 19:01:51.0925 5684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/27 19:01:51.0987 5684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/27 19:01:52.0050 5684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/27 19:01:52.0096 5684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/27 19:01:52.0143 5684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/27 19:01:52.0174 5684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/27 19:01:52.0190 5684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/27 19:01:52.0221 5684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/27 19:01:52.0252 5684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/27 19:01:52.0284 5684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/27 19:01:52.0299 5684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/27 19:01:52.0346 5684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/27 19:01:52.0377 5684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/27 19:01:52.0408 5684 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/27 19:01:52.0424 5684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/27 19:01:52.0502 5684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/27 19:01:52.0564 5684 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/27 19:01:52.0611 5684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/27 19:01:52.0705 5684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/27 19:01:52.0767 5684 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/27 19:01:52.0798 5684 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/27 19:01:52.0829 5684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/27 19:01:52.0860 5684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/27 19:01:52.0892 5684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/27 19:01:52.0923 5684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/27 19:01:52.0954 5684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/27 19:01:52.0985 5684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/27 19:01:53.0032 5684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/27 19:01:53.0048 5684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/27 19:01:53.0079 5684 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/27 19:01:53.0094 5684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/27 19:01:53.0125 5684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/27 19:01:53.0157 5684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/27 19:01:53.0203 5684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/27 19:01:53.0250 5684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/27 19:01:53.0344 5684 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/02/27 19:01:53.0468 5684 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/27 19:01:53.0531 5684 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/27 19:01:53.0593 5684 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/27 19:01:53.0671 5684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/27 19:01:53.0718 5684 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/02/27 19:01:53.0765 5684 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/27 19:01:53.0780 5684 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/27 19:01:53.0811 5684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/27 19:01:53.0921 5684 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/27 19:01:53.0983 5684 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/27 19:01:54.0030 5684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/27 19:01:54.0061 5684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/27 19:01:54.0077 5684 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/27 19:01:54.0108 5684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/27 19:01:54.0139 5684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/27 19:01:54.0217 5684 tmactmon (81f4a11fd1be8ec0c3530308f61fe786) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/02/27 19:01:54.0279 5684 tmcomm (20c87e5783d89e16fbd9cdae82399321) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/02/27 19:01:54.0310 5684 tmevtmgr (10b44180e5710c5a8ef02f8827f7fdc8) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/02/27 19:01:54.0373 5684 tmtdi (e5021a4a72204c15c52c546f9301baef) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/02/27 19:01:54.0420 5684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/27 19:01:54.0451 5684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/27 19:01:54.0482 5684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/27 19:01:54.0513 5684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/27 19:01:54.0591 5684 uisp (b1d1fe35303e3aee6d5af69f09f12e87) C:\Windows\system32\Drivers\usbicp.sys
2011/02/27 19:01:54.0622 5684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/27 19:01:54.0669 5684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/27 19:01:54.0700 5684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/27 19:01:54.0763 5684 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/27 19:01:54.0794 5684 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/27 19:01:54.0825 5684 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/27 19:01:54.0856 5684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/27 19:01:54.0872 5684 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/27 19:01:54.0903 5684 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/27 19:01:54.0934 5684 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/27 19:01:54.0965 5684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/27 19:01:54.0981 5684 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/27 19:01:55.0012 5684 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/27 19:01:55.0059 5684 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/27 19:01:55.0090 5684 VaneFltr (18436f7006443fb76145b3d35162a810) C:\Windows\system32\drivers\Lachesis.sys
2011/02/27 19:01:55.0137 5684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/27 19:01:55.0168 5684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/27 19:01:55.0199 5684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/27 19:01:55.0230 5684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/27 19:01:55.0261 5684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/27 19:01:55.0293 5684 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/27 19:01:55.0308 5684 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/27 19:01:55.0339 5684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/27 19:01:55.0371 5684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/27 19:01:55.0386 5684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/27 19:01:55.0433 5684 vpcbus (f004aeb456cd886dfdb123b6297d89c9) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/02/27 19:01:55.0495 5684 vpcnfltr (a7fae0a70e7a6d7a9469a2bf0a1cac5f) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/02/27 19:01:55.0526 5684 vpcusb (4cdf15ceaf71f068bd26b9841d4e3e2b) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/02/27 19:01:55.0589 5684 vpcuxd (4574851fd70edd8476111f880dd66480) C:\Windows\system32\DRIVERS\vpcuxd.sys
2011/02/27 19:01:55.0620 5684 vpcvmm (e7ea9e3fbf1b0f517584e03638511e86) C:\Windows\system32\drivers\vpcvmm.sys
2011/02/27 19:01:55.0651 5684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/27 19:01:55.0682 5684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/27 19:01:55.0776 5684 VX1000 (7959ea6eadc1aaf7fb40678f0bab4c0e) C:\Windows\system32\DRIVERS\VX1000.sys
2011/02/27 19:01:55.0854 5684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/27 19:01:55.0885 5684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 19:01:55.0901 5684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/27 19:01:55.0963 5684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/27 19:01:56.0010 5684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/27 19:01:56.0057 5684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/27 19:01:56.0088 5684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/27 19:01:56.0181 5684 WINUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/02/27 19:01:56.0228 5684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/27 19:01:56.0275 5684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/27 19:01:56.0306 5684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/27 19:01:56.0337 5684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/27 19:01:56.0477 5684 ================================================================================
2011/02/27 19:01:56.0477 5684 Scan finished
2011/02/27 19:01:56.0477 5684 ================================================================================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 27 February 2011 - 03:10 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 27 February 2011 - 07:23 AM

Here you go - all seems normal as far as I can see.

Regards,

James.


Windows IP Configuration

Host Name . . . . . . . . . . . . : 7TWO
Primary Dns Suffix . . . . . . . : pcdoctor.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pcdoctor.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-40-F4-93-4D-B3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::348a:cc06:2b87:59a0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.30.197(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.30.6
DHCPv6 IAID . . . . . . . . . . . : 234897652
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A6-54-78-00-40-F4-93-4D-B3
DNS Servers . . . . . . . . . . . : 192.168.30.8
192.168.30.6
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5543582C-DA8A-44B5-B1F7-789EDC80F6DD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: sbs2008.pcdoctor.local
Address: 192.168.30.8

Name: google.com
Addresses: 74.125.237.82
74.125.237.83
74.125.237.80
74.125.237.81
74.125.237.84

Server: sbs2008.pcdoctor.local
Address: 192.168.30.8

Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76


Pinging google.com [74.125.237.82] with 32 bytes of data:
Reply from 74.125.237.82: bytes=32 time=237ms TTL=53
Reply from 74.125.237.82: bytes=32 time=333ms TTL=52

Ping statistics for 74.125.237.82:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 237ms, Maximum = 333ms, Average = 285ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=534ms TTL=48
Reply from 69.147.125.65: bytes=32 time=470ms TTL=47

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 470ms, Maximum = 534ms, Average = 502ms
===========================================================================
Interface List
11...00 40 f4 93 4d b3 ......Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.30.6 192.168.30.197 266
10.19.60.0 255.255.255.0 192.168.30.7 192.168.30.197 11
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.30.197 286
169.254.255.255 255.255.255.255 On-link 192.168.30.197 266
192.168.30.0 255.255.255.0 On-link 192.168.30.197 266
192.168.30.197 255.255.255.255 On-link 192.168.30.197 266
192.168.30.255 255.255.255.255 On-link 192.168.30.197 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.30.197 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.30.197 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.19.60.0 255.255.255.0 192.168.30.7 1
0.0.0.0 0.0.0.0 192.168.30.6 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::348a:cc06:2b87:59a0/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#11 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 28 February 2011 - 12:19 AM

Hi Gringo,

I have noticed today that sometimes the redirect happens when I just click on an empty area of a web page, in order to bring the window to the foreground. I get a pop-up window which goes full-screen, and is blocked by Trend Micro. The URL is the same as before (http://drvtrf.com). This is not new behaviour, but happens in addition to the normal link redirection described in the OP. I just did not remember it when describing the original problem (sorry).

This suggests it is not a Zlob-type router DNS hijack (just my guess - you're the expert! :) )

Thanks again for your help.

James.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 28 February 2011 - 08:28 AM

sorry thought I replied yesterday



Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 28 February 2011 - 08:54 AM

oops double post

Edited by gringo_pr, 28 February 2011 - 08:55 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JamesAF

JamesAF
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 01 March 2011 - 02:43 AM

Here's the log from the router.bat script. Same as before I reset the router. Are those the correct IPs?


Windows IP Configuration

Host Name . . . . . . . . . . . . : 7TWO
Primary Dns Suffix . . . . . . . : pcdoctor.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pcdoctor.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-40-F4-93-4D-B3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::348a:cc06:2b87:59a0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.30.197(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.30.6
DHCPv6 IAID . . . . . . . . . . . : 234897652
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A6-54-78-00-40-F4-93-4D-B3
DNS Servers . . . . . . . . . . . : 192.168.30.8
192.168.30.6
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5543582C-DA8A-44B5-B1F7-789EDC80F6DD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: sbs2008.pcdoctor.local
Address: 192.168.30.8

Name: google.com
Addresses: 74.125.237.83
74.125.237.81
74.125.237.84
74.125.237.80
74.125.237.82

Server: sbs2008.pcdoctor.local
Address: 192.168.30.8

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging google.com [74.125.237.83] with 32 bytes of data:
Reply from 74.125.237.83: bytes=32 time=88ms TTL=53
Reply from 74.125.237.83: bytes=32 time=113ms TTL=52

Ping statistics for 74.125.237.83:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 113ms, Average = 100ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=374ms TTL=45
Reply from 67.195.160.76: bytes=32 time=342ms TTL=45

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 342ms, Maximum = 374ms, Average = 358ms
===========================================================================
Interface List
11...00 40 f4 93 4d b3 ......Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.30.6 192.168.30.197 266
10.19.60.0 255.255.255.0 192.168.30.7 192.168.30.197 11
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.30.197 286
169.254.255.255 255.255.255.255 On-link 192.168.30.197 266
192.168.30.0 255.255.255.0 On-link 192.168.30.197 266
192.168.30.197 255.255.255.255 On-link 192.168.30.197 266
192.168.30.255 255.255.255.255 On-link 192.168.30.197 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.30.197 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.30.197 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.19.60.0 255.255.255.0 192.168.30.7 1
0.0.0.0 0.0.0.0 192.168.30.6 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::348a:cc06:2b87:59a0/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:17 PM

Posted 01 March 2011 - 02:58 AM

are you still getting redirects?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users