Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

huge amounts of issues within w7, missing text, security service stopped, redirect etc...


  • This topic is locked This topic is locked
2 replies to this topic

#1 ambernectar

ambernectar

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 29 April 2011 - 01:27 PM

hi guys, I have read the sticky, but my browsers (firefox and IE) are currently removing 90% of the text, i have no idea where to start, but it all started the other day with a dodgy word doc a customer sent me, since then windows security centre has gone off line and is completely un-restartable I have set it to automatic then started it and it works for a few mins then disables again, if I google serach anything it sends me to msdn if I go to normal webpages it it displays 50-90% of the text??? please help, I know you guys like to see hi-jack this logs so I've attached mine, I'm concerned I wont actually be able to read your replied so please email me directly at bleeping@willgill.co.uk because my blackberry isnt infected!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:41, on 29/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6155 bytes

thanks in advance

will

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 09/02/2011 02:10:11
System Uptime: 29/04/2011 18:57:27 (1 hours ago)
.
Motherboard: Dell Inc. | | 00YWG2
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz | U2E1 | 1734/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 6.09 GiB free.
D: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
AVG PC Tuneup 2011
Curse Client
D3DX10
Dell Wireless HSPA Mini-Card Drivers
eReg
ESET Online Scanner v3
FileZilla Client 3.3.5.1
Free Screen Video Recorder version 2.5.15.324
HiJackThis
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 24
JMicron Flash Media Controller Driver
LuxRiot Digital Video Recorder 1.7.5
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Morgan Multimedia Motion JPEG Codec 3.0.0.9
Mozilla Firefox (3.6.16)
MSVCRT
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
TeamSpeak 3 Client
TreeSize Free V2.5
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VentriloMIX
VirtualCloneDrive
Visual C++ 9.0 ATL (x86) WinSXS MSM
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual CertExam Suite 1.9
Visual Studio 2008 x64 Redistributables
Vuze
WebEx
WebEx Productivity Tools
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
28/04/2011 22:16:42, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Will Gill at 19:30:24.50 on 29/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4028.1922 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Will Gill\AppData\Local\Apps\2.0\MLMZL36Y.RVX\9C3XL0PT.7V8\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\WILLGI~1\AppData\Local\Temp\Rar$EX00.515\gmer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Will Gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KZN2EZV\dds[1].scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Will Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WILLGI~1\AppData\Roaming\Mozilla\Firefox\Profiles\svd6lukp.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.http - 91.198.27.139
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-9 2533400]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\System32\drivers\d554gps64.sys [2011-2-9 96296]
R3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;C:\Windows\System32\drivers\d554scard.sys [2011-2-9 60968]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\System32\drivers\wwuss64.sys [2011-2-9 26664]
R3 ecnssndisfltr;SSNDIS filter service;C:\Windows\System32\drivers\wwussf64.sys [2011-2-9 30248]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-9 56344]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-2-9 346624]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM;C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-2-9 370688]
R3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2011-2-9 19456]
R3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2011-2-9 427008]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-4-11 155752]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-2-9 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2011-2-9 268328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-2-9 160880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-9 98208]
S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-3-3 119608]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-9 13336]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-17 378984]
S4 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
.
=============== Created Last 30 ================
.
2011-04-29 18:10:10 -------- d-----w- C:\Program Files (x86)\ESET
2011-04-29 18:06:21 388096 ----a-r- C:\Users\WILLGI~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-29 18:06:21 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-04-28 21:51:17 -------- d-----w- C:\Users\WILLGI~1\AppData\Roaming\Malwarebytes
2011-04-28 21:51:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-28 21:51:13 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-28 21:51:11 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-28 21:51:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-28 15:22:03 50306 ----a-w- C:\Windows\SysWow64\byjpfsddbxhaxdh.exe
2011-04-28 15:22:01 447483 ----a-w- C:\Program Files (x86)\Drivers_pack_v3.25.63.exe
2011-04-28 15:21:31 122880 --sha-r- C:\Windows\SysWow64\KBDMAORIW.dll
2011-04-28 06:39:07 8802128 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{50BBB94A-455B-4343-91DB-721B22075204}\mpengine.dll
2011-04-27 07:21:55 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{9135A4AC-8C32-4770-838E-9F2B5077171A}
2011-04-26 06:15:11 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{63373678-A1A4-44AE-8B81-D77AD2F809B4}
2011-04-25 12:51:39 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{9060F3F9-6826-4915-8653-8ED56760FC1E}
2011-04-25 12:51:20 -------- d-----w- C:\Program Files (x86)\EXPAT SHIELD
2011-04-24 10:53:33 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{6576573F-04E7-4D4A-937E-31E445BE800A}
2011-04-23 07:00:33 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{8CD1CD69-6380-49CB-B223-ED1E3912C2F2}
2011-04-22 21:11:23 -------- d-----w- C:\Program Files\iPod
2011-04-22 21:11:22 -------- d-----w- C:\Program Files\iTunes
2011-04-22 21:11:22 -------- d-----w- C:\Program Files (x86)\iTunes
2011-04-22 21:09:44 -------- d-----w- C:\Program Files\Bonjour
2011-04-22 21:09:44 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-22 11:51:07 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{A5B69967-25B8-4D3B-955F-EA97CC8FBB0F}
2011-04-21 23:50:52 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{8956CCCC-3CF4-4061-95DA-077E12FCDE10}
2011-04-21 11:50:38 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{A1EEADFB-7E10-42D7-8759-9819C6204B29}
2011-04-20 15:03:35 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{08368D13-EEC9-4D05-BD78-EDF421A44E72}
2011-04-19 19:55:38 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{0903DB1B-85ED-4FEA-845D-AEDB83A0B7D9}
2011-04-19 07:55:23 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{BB5468AB-BF5B-4795-98CE-B22A0772262D}
2011-04-18 19:55:07 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{5A1B8749-87FB-4BB8-A4DE-6D41762379E1}
2011-04-18 07:54:11 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{59D508C6-A52C-4913-A6EB-3C8AD749F9AF}
2011-04-17 11:06:11 -------- d-----w- C:\Users\WILLGI~1\AppData\Roaming\TS3Client
2011-04-17 11:05:48 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2011-04-17 07:53:51 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{584823C3-A8E1-4A5D-A624-1C98E95B8BB6}
2011-04-15 19:53:07 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{62A519FE-D6E1-4208-BDD6-28E3277C4369}
2011-04-15 07:52:42 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{F87CB32C-240D-45D2-BBA6-2D5923DE8306}
2011-04-14 19:52:28 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{71FB2C05-BC59-490C-8DAB-A0973376EBBD}
2011-04-14 07:52:12 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{69E30EA3-B0D3-496F-89E6-60D215F140DD}
2011-04-13 19:51:58 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{B71EC9E6-7A7B-4E34-B455-156A76381266}
2011-04-13 09:42:54 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\DVDVideoSoft_Ltd
2011-04-13 09:40:50 -------- d-----w- C:\Users\WILLGI~1\AppData\Roaming\DVDVideoSoft
2011-04-13 09:40:35 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2011-04-13 09:40:35 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2011-04-13 07:51:44 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{133212BD-E49A-4809-A765-1CEA9FC9C63C}
2011-04-12 19:51:30 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{1CB8F05A-9105-4FF1-85D8-B0F6323A46B7}
2011-04-12 07:51:16 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{229F2597-0E34-43A4-ADFE-44002CBB0B67}
2011-04-11 21:49:04 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-04-11 21:48:00 8121448 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-04-11 21:48:00 6042216 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2011-04-11 21:48:00 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-04-11 21:48:00 20473960 ----a-w- C:\Windows\System32\nvoglv64.dll
2011-04-11 21:48:00 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-04-11 21:48:00 15047272 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2011-04-11 21:48:00 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2011-04-11 21:48:00 12963176 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2011-04-11 19:02:59 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{1578EB53-9E99-4AE6-AEF7-68217D9D0965}
2011-04-11 12:41:42 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\HPVirtualRooms
2011-04-11 07:02:45 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{7EEC275C-4D2A-4349-B4C3-3B578AC9E000}
2011-04-10 17:14:23 -------- d-----w- C:\Users\WILLGI~1\AppData\Roaming\Mumble
2011-04-10 17:14:23 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\Mumble
2011-04-10 17:09:16 -------- d-----w- C:\Program Files (x86)\Mumble
2011-04-10 13:01:24 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{6C26423F-3623-4CA2-9787-4BA544E14B2D}
2011-04-10 01:01:20 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{A20CEC43-9ED0-4DFC-8CCA-5423295A54BD}
2011-04-09 13:01:15 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{0613CC70-C3DD-4A0D-86AA-0B3159C75E28}
2011-04-08 07:11:45 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{E194C460-9021-442C-A31C-EACCBB9EE0AB}
2011-04-07 19:11:31 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{EDAC544A-1FA2-4631-88F5-0F89262D9898}
2011-04-07 07:11:17 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{9C960CF1-FB71-4E8E-9FD0-3E72A7EE9CEA}
2011-04-06 19:11:03 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{C8EECB0C-4811-476F-8B80-B96B58387A2C}
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-04-06 10:06:22 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{A7AD815A-F3B0-4A19-9749-D3C21EC79534}\gapaengine.dll
2011-04-06 07:10:10 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{6041B9EA-4D84-4816-B5DA-8304BB131A92}
2011-04-05 19:10:08 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{CDB5A3CE-19D1-4164-A6EA-AC81ADA01701}
2011-04-05 07:09:44 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{7D5F9726-6751-48FD-85A0-0076EE3787D1}
2011-04-04 19:09:34 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{C00D8A1E-7E69-4E5F-BD1C-522567F50945}
2011-04-04 07:09:11 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{1372BDB0-9EBF-45B8-BF34-0278CA007409}
2011-04-03 15:47:23 -------- d-----w- C:\LuxRiot
2011-04-03 15:39:59 742760 ----a-w- C:\Windows\SysWow64\DVRCodecs.dll
2011-04-03 15:39:59 185704 ----a-w- C:\Windows\SysWow64\DVRCodecsF.dll
2011-04-03 15:39:59 1213800 ----a-w- C:\Windows\SysWow64\DVRCodecsI.dll
2011-04-03 15:39:32 -------- d-----w- C:\Program Files (x86)\LuxRiot Digital Video Recorder
2011-04-03 12:19:21 -------- d-----w- C:\Users\Will Gill\Zero G Registry
2011-04-03 10:41:03 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{5F023C02-B396-40AD-86F6-5B6C43CDC92F}
2011-04-02 22:40:51 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{139C02E2-3C0E-485E-BFE5-72B2FD7E720F}
2011-04-02 12:19:44 304128 ----a-w- C:\Windows\IsUninst.exe
2011-04-01 22:40:17 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{73F6216F-E897-4300-9D18-9DE3ADA0B0B8}
2011-04-01 07:28:37 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{F0D5FCE8-EAFC-4444-8E82-30BE728DAB11}
2011-03-31 18:05:25 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{853B7FEE-6963-441F-9C22-685B35B4E8EF}
2011-03-31 12:36:14 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-03-31 11:44:03 -------- d-----w- C:\Program Files\roadhawk
2011-03-31 11:43:56 284 ----a-w- C:\Program Files\X-driven_del.bat
2011-03-31 11:34:09 703488 ----a-w- C:\Windows\System32\xvidcore.dll
2011-03-31 11:34:09 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-03-31 11:34:09 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-03-31 11:34:09 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-03-31 11:34:09 173056 ----a-w- C:\Windows\System32\xvid.ax
2011-03-31 11:34:09 152064 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-03-31 11:34:03 -------- d-----w- C:\Program Files (x86)\Xvid
2011-03-31 06:05:01 -------- d-----w- C:\Users\WILLGI~1\AppData\Local\{EECEDE58-D5FE-4AE6-9468-4EE74F598245}
.
==================== Find3M ====================
.
2011-04-26 10:04:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-04-02 16:11:28 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2011-03-17 03:03:44 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-03-17 03:03:38 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-03-17 03:03:24 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-03-17 03:03:00 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-03-17 03:02:58 61032 ----a-w- C:\Windows\System32\nvshext.dll
2011-03-17 03:02:58 313448 ----a-w- C:\Windows\System32\nvhotkey.dll
2011-03-17 03:02:58 2558568 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-03-17 03:02:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-03-15 10:18:08 8427 ----a-w- C:\IORRT 3.5.cmd
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 14:53:53 119608 ----a-w- C:\Windows\SysWow64\atashost.exe
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 19:30:39.28 ===============

I know you guys say not to post logs without being asked, but I cannot read any replies here so I'm just trying to think ahead :(

also if my writing is completely reversed this is the "virus" and how i view everything ATM :(

gmer output

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-29 19:38:33
Windows 6.1.7600
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Will Gill\AppData\Local\Temp\NODDC02.tmp 39390027 bytes
File C:\Users\Will Gill\AppData\Local\Temp\NODDD5A.tmp 5603049 bytes
File C:\Users\Will Gill\AppData\Local\Temp\NODEA31.tmp 323889 bytes
File C:\Users\Will Gill\AppData\Local\Temp\NODEC08.tmp 0 bytes
File C:\Users\Will Gill\AppData\Roaming\Microsoft\Windows\Cookies\will_gill@scorecardresearch[2].txt 114 bytes
File C:\Users\Will Gill\AppData\Roaming\Microsoft\Windows\Cookies\will_gill@www.bleepingcomputer[1].txt 291 bytes
File C:\Users\Will Gill\AppData\Roaming\Microsoft\Windows\Cookies\will_gill@ads.bleepingcomputer[1].txt 111 bytes
File C:\Users\Will Gill\AppData\Roaming\Microsoft\Windows\Cookies\will_gill@bleepingcomputer[2].txt 917 bytes
File C:\Users\Will Gill\AppData\Roaming\Microsoft\Windows\Cookies\will_gill@crowdscience[2].txt 93 bytes

---- EOF - GMER 1.0.15 ----

FYI esnet online scanner found no threats, I had microsoft security centre installed but obviously as i can't start the service this is currently useless :(

combofix details

[b]Merged 6 posts. ~ OB[b]

Attached Files


Edited by Orange Blossom, 01 May 2011 - 03:12 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:41 PM

Posted 08 May 2011 - 04:16 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:41 PM

Posted 22 May 2011 - 03:59 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users