Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 tat_iva

tat_iva

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 26 July 2011 - 02:25 PM

Hi,

Please help me to clean my laptop from this nasty "Google redirect virus". Every time I run a search in Google and click on the link, I get redirected to unrelated, mostly advertising, sites. I ran Spyware Doctor, Microsoft security essentials and Hitman Pro programs. Accidentally they catch some trojans and viruses, like Virtool:Win32/Obfuscator.QG and Trojan Downloader: Win32/Tracur.Q and clean them, but the problem insists. Even when all my antiviruses show that everything is clear, I get redirected in Google search.

Thank you very much in advance.

Tatyana



P.S. This is my DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_17
Run by tatjana at 15:38:46 on 2011-07-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1499 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\tatjana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\tatjana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D494188-0120-4F75-9A90-A26C24A4F858} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~4\GOEC62~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO-X64: Updater For Verizon Toolbar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO-X64: Verizon Toolbar - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~4\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\
FF - prefs.js: keyword.URL - hxxp://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Tlbr-v6IE&q=
FF - component: C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency.dll
FF - component: C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.5.dll
FF - component: C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF - Ext: XUL Cache: {e07a9851-5970-4b38-ba6a-9aa6504851fd} - %profile%\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 151552]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-7-23 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-7-23 1150936]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-16 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-16 185640]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-2 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-10-26 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-25 21:55:52 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EE2F949-257E-4B8D-94D9-96E34F2E8ED2}\mpengine.dll
2011-07-24 16:04:30 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-24 16:04:30 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-24 07:41:21 -------- d-----w- C:\Windows\SysWow64\spool
2011-07-24 07:41:20 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2011-07-24 07:41:19 -------- d-----w- C:\Program Files\Windows Portable Devices
2011-07-24 07:21:27 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-07-24 07:19:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-07-24 07:19:01 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-07-24 07:19:00 736256 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-07-24 07:19:00 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-07-24 07:19:00 315904 ----a-w- C:\Windows\System32\oleacc.dll
2011-07-24 07:19:00 234496 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-07-24 07:02:05 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2011-07-24 07:02:05 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2011-07-24 07:02:04 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-07-24 07:02:04 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-07-24 07:02:03 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-07-24 07:02:02 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-07-23 16:02:52 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-07-23 16:02:51 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-07-23 16:02:49 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-23 16:02:49 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-23 16:02:49 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-23 16:00:59 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-07-23 16:00:59 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-07-23 16:00:59 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-07-23 15:57:55 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-07-23 15:57:55 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-07-23 15:57:51 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-07-23 15:57:51 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-07-23 15:57:44 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-07-23 15:57:27 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-07-23 15:57:27 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-07-23 15:57:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-07-23 15:56:48 -------- d-----w- C:\Users\tatjana\AppData\Roaming\PC Tools
2011-07-23 15:56:48 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-07-23 15:35:08 758784 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-23 15:35:07 1027584 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-23 04:21:31 -------- d-----w- C:\Windows\SysWow64\vi-VN
2011-07-23 04:21:31 -------- d-----w- C:\Windows\SysWow64\eu-ES
2011-07-23 04:21:31 -------- d-----w- C:\Windows\SysWow64\ca-ES
2011-07-23 04:21:31 -------- d-----w- C:\Windows\System32\eu-ES
2011-07-23 04:21:31 -------- d-----w- C:\Windows\System32\ca-ES
2011-07-23 04:21:30 -------- d-----w- C:\Windows\System32\vi-VN
2011-07-23 00:38:30 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-23 00:05:19 -------- d-----w- C:\Users\tatjana\AppData\Roaming\PCTools
2011-07-22 23:21:45 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-22 23:21:45 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-07-22 23:21:45 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-07-22 23:21:44 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-07-22 22:50:25 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-07-22 22:50:25 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-07-22 22:47:48 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-07-22 22:47:44 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B84BEE15-6589-49FE-87E8-0BAC3BBE6A60}\gapaengine.dll
2011-07-22 22:38:56 201184 ----a-w- C:\Windows\SysWow64\winrm.vbs
2011-07-22 22:32:40 599552 ----a-w- C:\Windows\System32\RMActivate.exe
2011-07-22 22:30:39 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-07-22 22:30:38 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-07-22 22:30:33 1927680 ----a-w- C:\Windows\System32\gameux.dll
2011-07-22 22:30:31 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2011-07-22 22:30:05 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2011-07-22 22:30:04 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2011-07-22 22:30:03 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2011-07-22 22:30:03 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2011-07-22 22:29:14 880640 ----a-w- C:\Windows\System32\timedate.cpl
2011-07-22 22:29:14 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-07-22 17:52:12 388096 ----a-r- C:\Users\tatjana\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 17:52:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-22 00:49:37 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-07-22 00:08:44 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-22 00:08:39 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-07-22 00:06:56 -------- d-----w- C:\ProgramData\Hitman Pro
2011-07-18 18:56:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-13 13:23:53 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-07-13 13:23:50 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-07-13 13:23:50 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-09 14:03:52 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-09 14:01:48 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-09 14:01:24 644360 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-09 14:01:15 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-07-09 00:48:19 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2011-07-09 00:48:19 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2011-07-09 00:47:53 -------- d-----w- C:\Program Files (x86)\verizontb
2011-07-09 00:46:31 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
2011-07-09 00:24:39 -------- d-----w- C:\Users\tatjana\AppData\Local\SupportSoft
2011-07-09 00:23:54 -------- d-----w- C:\Program Files (x86)\VERIZONDM
2011-07-09 00:23:44 9782784 ----a-w- C:\Windows\VerizonDM.msi
2011-07-09 00:23:22 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2011-07-09 00:23:21 -------- d-----w- C:\Program Files (x86)\Verizon
2011-07-06 16:16:42 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-07-06 16:16:42 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
.
==================== Find3M ====================
.
2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec
2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
.
============= FINISH: 15:39:43.21 ===============

Edited by tat_iva, 26 July 2011 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 29 July 2011 - 07:28 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 29 July 2011 - 09:16 PM

Hi,

Thanks for getting back to me.

As soon as I start scan at "aswMBR", my computer crushes. I did it twice. Are there any conflicts that make my computer crush?

Tatyana

Edited by tat_iva, 29 July 2011 - 09:19 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 29 July 2011 - 09:19 PM

are you able to boot into safe mode?

Try running it in safe mode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


If it still wont run, run the following:



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 29 July 2011 - 09:35 PM

I was not able to run the aswMBR.exe even in safe mode, the computer crushed again.
I ran TDSSKiller. It didn't find any infections. Here is a log:

2011/07/29 22:30:19.0452 2396 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/29 22:30:19.0869 2396 ================================================================================
2011/07/29 22:30:19.0869 2396 SystemInfo:
2011/07/29 22:30:19.0869 2396
2011/07/29 22:30:19.0869 2396 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/29 22:30:19.0869 2396 Product type: Workstation
2011/07/29 22:30:19.0869 2396 ComputerName: TATJANA-PC
2011/07/29 22:30:19.0869 2396 UserName: tatjana
2011/07/29 22:30:19.0869 2396 Windows directory: C:\Windows
2011/07/29 22:30:19.0869 2396 System windows directory: C:\Windows
2011/07/29 22:30:19.0869 2396 Running under WOW64
2011/07/29 22:30:19.0869 2396 Processor architecture: Intel x64
2011/07/29 22:30:19.0870 2396 Number of processors: 2
2011/07/29 22:30:19.0870 2396 Page size: 0x1000
2011/07/29 22:30:19.0870 2396 Boot type: Normal boot
2011/07/29 22:30:19.0870 2396 ================================================================================
2011/07/29 22:30:22.0222 2396 Initialize success
2011/07/29 22:30:28.0904 1056 ================================================================================
2011/07/29 22:30:28.0904 1056 Scan started
2011/07/29 22:30:28.0904 1056 Mode: Manual;
2011/07/29 22:30:28.0904 1056 ================================================================================
2011/07/29 22:30:30.0995 1056 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/29 22:30:31.0321 1056 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/07/29 22:30:31.0701 1056 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/07/29 22:30:31.0958 1056 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/07/29 22:30:32.0236 1056 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/07/29 22:30:32.0615 1056 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/29 22:30:33.0069 1056 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/07/29 22:30:33.0324 1056 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/29 22:30:33.0633 1056 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/07/29 22:30:33.0902 1056 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/07/29 22:30:34.0215 1056 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/07/29 22:30:34.0461 1056 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/07/29 22:30:34.0904 1056 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/07/29 22:30:35.0285 1056 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/29 22:30:35.0535 1056 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/07/29 22:30:35.0843 1056 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/29 22:30:36.0314 1056 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/29 22:30:36.0636 1056 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/07/29 22:30:36.0891 1056 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/29 22:30:37.0058 1056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/29 22:30:37.0372 1056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/29 22:30:37.0834 1056 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/29 22:30:38.0444 1056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/29 22:30:38.0736 1056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/29 22:30:38.0969 1056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/29 22:30:39.0912 1056 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/29 22:30:40.0371 1056 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/29 22:30:40.0669 1056 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/29 22:30:41.0085 1056 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/07/29 22:30:41.0693 1056 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/29 22:30:41.0998 1056 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/29 22:30:42.0180 1056 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/07/29 22:30:42.0639 1056 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/29 22:30:43.0054 1056 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/29 22:30:43.0357 1056 CtClsFlt (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/29 22:30:43.0991 1056 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/29 22:30:44.0506 1056 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/29 22:30:45.0251 1056 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/29 22:30:45.0617 1056 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/29 22:30:45.0878 1056 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/07/29 22:30:46.0118 1056 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/29 22:30:46.0450 1056 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/29 22:30:46.0859 1056 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/07/29 22:30:47.0217 1056 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/07/29 22:30:47.0730 1056 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/29 22:30:48.0022 1056 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/29 22:30:48.0408 1056 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/29 22:30:49.0242 1056 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/29 22:30:49.0513 1056 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/29 22:30:49.0803 1056 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/29 22:30:50.0006 1056 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/29 22:30:50.0361 1056 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/29 22:30:50.0464 1056 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/29 22:30:50.0753 1056 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/29 22:30:51.0002 1056 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/29 22:30:51.0258 1056 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/07/29 22:30:51.0660 1056 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/29 22:30:51.0956 1056 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/07/29 22:30:52.0364 1056 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/29 22:30:52.0732 1056 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/07/29 22:30:53.0131 1056 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/29 22:30:53.0492 1056 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/07/29 22:30:56.0043 1056 igfx (d4a887f145e96fa9f08c1d1d67ea6546) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/29 22:30:56.0519 1056 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/29 22:30:56.0771 1056 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/29 22:30:57.0023 1056 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/07/29 22:30:57.0284 1056 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/29 22:30:57.0810 1056 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/29 22:30:58.0273 1056 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/29 22:30:58.0555 1056 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/29 22:30:58.0792 1056 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/29 22:30:59.0106 1056 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/07/29 22:30:59.0356 1056 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/29 22:30:59.0654 1056 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/29 22:31:00.0374 1056 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/29 22:31:00.0761 1056 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/07/29 22:31:01.0183 1056 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/29 22:31:01.0557 1056 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/29 22:31:01.0989 1056 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/29 22:31:02.0333 1056 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/29 22:31:02.0822 1056 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/29 22:31:03.0205 1056 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/29 22:31:03.0288 1056 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/29 22:31:03.0361 1056 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/29 22:31:03.0409 1056 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/29 22:31:03.0494 1056 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/07/29 22:31:03.0661 1056 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/07/29 22:31:03.0837 1056 mfebopk (2064b902db521a23fca30dc256c2acca) C:\Windows\system32\drivers\mfebopk.sys
2011/07/29 22:31:04.0261 1056 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/07/29 22:31:04.0647 1056 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/07/29 22:31:04.0781 1056 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/29 22:31:04.0869 1056 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/29 22:31:04.0919 1056 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/29 22:31:05.0020 1056 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/29 22:31:05.0267 1056 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/29 22:31:05.0362 1056 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/29 22:31:05.0670 1056 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/07/29 22:31:05.0977 1056 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/29 22:31:06.0142 1056 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/29 22:31:06.0298 1056 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/29 22:31:06.0430 1056 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/29 22:31:06.0736 1056 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/29 22:31:07.0031 1056 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/29 22:31:07.0210 1056 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/29 22:31:07.0392 1056 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/07/29 22:31:07.0681 1056 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/07/29 22:31:07.0861 1056 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/29 22:31:08.0080 1056 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/29 22:31:08.0143 1056 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/29 22:31:08.0254 1056 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/29 22:31:08.0286 1056 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/29 22:31:08.0355 1056 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/29 22:31:08.0613 1056 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/29 22:31:08.0808 1056 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/29 22:31:08.0895 1056 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/29 22:31:09.0052 1056 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/29 22:31:09.0118 1056 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/29 22:31:09.0222 1056 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/29 22:31:09.0384 1056 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/29 22:31:09.0519 1056 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/29 22:31:09.0689 1056 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/29 22:31:09.0743 1056 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/29 22:31:09.0793 1056 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/29 22:31:10.0151 1056 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/29 22:31:10.0511 1056 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/29 22:31:10.0846 1056 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/29 22:31:10.0912 1056 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/29 22:31:11.0852 1056 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/29 22:31:12.0161 1056 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/07/29 22:31:12.0234 1056 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/29 22:31:12.0289 1056 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/07/29 22:31:12.0508 1056 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/07/29 22:31:12.0593 1056 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/07/29 22:31:13.0274 1056 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
2011/07/29 22:31:13.0505 1056 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
2011/07/29 22:31:13.0779 1056 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/29 22:31:14.0006 1056 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
2011/07/29 22:31:14.0098 1056 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/29 22:31:14.0149 1056 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/29 22:31:14.0284 1056 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/29 22:31:14.0358 1056 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/07/29 22:31:14.0405 1056 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/29 22:31:14.0527 1056 PCTCore (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
2011/07/29 22:31:14.0579 1056 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
2011/07/29 22:31:14.0735 1056 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
2011/07/29 22:31:15.0130 1056 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/29 22:31:15.0621 1056 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/29 22:31:15.0901 1056 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/07/29 22:31:16.0677 1056 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/29 22:31:17.0011 1056 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/29 22:31:17.0397 1056 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/07/29 22:31:17.0806 1056 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/29 22:31:18.0158 1056 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/29 22:31:18.0643 1056 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/29 22:31:18.0953 1056 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/29 22:31:19.0240 1056 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/29 22:31:19.0457 1056 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/29 22:31:19.0571 1056 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/29 22:31:20.0100 1056 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/29 22:31:20.0809 1056 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/29 22:31:21.0265 1056 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/07/29 22:31:21.0768 1056 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/29 22:31:22.0235 1056 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/29 22:31:22.0597 1056 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/07/29 22:31:22.0881 1056 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/07/29 22:31:23.0293 1056 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/07/29 22:31:23.0904 1056 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/29 22:31:24.0378 1056 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/29 22:31:24.0879 1056 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/29 22:31:25.0289 1056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/29 22:31:25.0599 1056 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/29 22:31:25.0956 1056 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/29 22:31:26.0349 1056 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/29 22:31:26.0943 1056 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/07/29 22:31:27.0722 1056 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/29 22:31:28.0126 1056 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/29 22:31:28.0412 1056 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/29 22:31:28.0686 1056 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/07/29 22:31:28.0807 1056 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/07/29 22:31:28.0970 1056 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/29 22:31:29.0119 1056 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/29 22:31:29.0382 1056 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/29 22:31:29.0652 1056 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/29 22:31:29.0998 1056 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/29 22:31:30.0453 1056 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/29 22:31:30.0638 1056 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/29 22:31:30.0792 1056 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/29 22:31:30.0872 1056 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/29 22:31:30.0923 1056 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/29 22:31:31.0178 1056 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/29 22:31:31.0582 1056 Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
2011/07/29 22:31:32.0259 1056 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/29 22:31:32.0639 1056 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/29 22:31:32.0794 1056 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/29 22:31:32.0875 1056 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/29 22:31:33.0018 1056 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/29 22:31:33.0112 1056 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/29 22:31:33.0521 1056 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/29 22:31:33.0802 1056 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/29 22:31:34.0153 1056 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/29 22:31:34.0599 1056 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/07/29 22:31:34.0848 1056 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/29 22:31:35.0243 1056 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/29 22:31:35.0724 1056 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/07/29 22:31:36.0142 1056 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/29 22:31:36.0475 1056 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/29 22:31:36.0539 1056 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/29 22:31:36.0790 1056 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/29 22:31:37.0156 1056 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/29 22:31:37.0723 1056 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/29 22:31:38.0138 1056 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/29 22:31:38.0339 1056 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/07/29 22:31:38.0400 1056 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/07/29 22:31:38.0711 1056 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/29 22:31:38.0989 1056 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/29 22:31:39.0236 1056 VBoxDrv (e5af6997b59429bc44de616b5a963788) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/07/29 22:31:39.0507 1056 VBoxNetAdp (b4ffc1739b9bd3b0177b16b46caf8420) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/07/29 22:31:39.0828 1056 VBoxNetFlt (5eb23066803668b29d403bc76c63cc70) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/07/29 22:31:40.0116 1056 VBoxUSBMon (e6a42e54d4f7d7756e988f9135796572) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/07/29 22:31:40.0271 1056 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/29 22:31:40.0355 1056 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/29 22:31:40.0411 1056 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/07/29 22:31:40.0563 1056 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/29 22:31:40.0703 1056 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/29 22:31:40.0864 1056 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/29 22:31:41.0201 1056 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/07/29 22:31:41.0515 1056 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/29 22:31:41.0592 1056 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 22:31:41.0647 1056 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 22:31:42.0196 1056 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/07/29 22:31:42.0727 1056 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/29 22:31:43.0391 1056 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/29 22:31:44.0010 1056 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/29 22:31:44.0244 1056 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/29 22:31:44.0521 1056 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/29 22:31:44.0584 1056 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/29 22:31:44.0679 1056 Boot (0x1200) (f9f9a17fbe6b2ff973b24d8f4e1de333) \Device\Harddisk0\DR0\Partition0
2011/07/29 22:31:44.0690 1056 Boot (0x1200) (c2642dd03f7cefde8a8ff1850769fbea) \Device\Harddisk0\DR0\Partition1
2011/07/29 22:31:44.0701 1056 ================================================================================
2011/07/29 22:31:44.0701 1056 Scan finished
2011/07/29 22:31:44.0701 1056 ================================================================================
2011/07/29 22:31:44.0720 2084 Detected object count: 0
2011/07/29 22:31:44.0720 2084 Actual detected object count: 0

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 29 July 2011 - 09:37 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 29 July 2011 - 10:12 PM

Here is ComboFix's log:

ComboFix 11-07-29.03 - tatjana 07/29/2011 22:49:57.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2170 [GMT -4:00]
Running from: c:\users\tatjana\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}
c:\users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}\chrome.manifest
c:\users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}\chrome\xulcache.jar
c:\users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}\defaults\preferences\xulcache.js
c:\users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}\install.rdf
c:\users\tatjana\videos\flvplayer_setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 03:01 . 2011-07-30 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 02:46 . 2011-07-30 02:46 -------- d-----w- C:\32788R22FWJFW
2011-07-29 17:58 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02C06868-885C-45F4-BB37-E7B437BEC9E2}\mpengine.dll
2011-07-24 16:04 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-24 16:04 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-07-24 07:41 . 2011-07-24 07:41 -------- d-----w- c:\windows\SysWow64\spool
2011-07-24 07:41 . 2011-07-24 07:41 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2011-07-24 07:41 . 2011-07-24 07:41 -------- d-----w- c:\program files\Windows Portable Devices
2011-07-24 07:21 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2011-07-24 07:19 . 2009-10-08 21:07 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-07-24 07:19 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-24 07:19 . 2009-10-08 21:08 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-07-24 07:19 . 2009-10-08 21:08 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-07-24 07:19 . 2009-10-08 21:08 234496 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-07-24 07:19 . 2009-10-08 21:07 315904 ----a-w- c:\windows\system32\oleacc.dll
2011-07-24 07:02 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2011-07-24 07:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2011-07-24 07:02 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-07-24 07:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-07-24 07:02 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-07-24 07:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-07-23 16:02 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-07-23 16:02 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-07-23 16:02 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-07-23 16:02 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-07-23 16:02 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-23 16:00 . 2011-01-20 16:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-07-23 16:00 . 2011-01-20 16:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-07-23 16:00 . 2011-01-20 14:40 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-07-23 15:57 . 2010-07-16 18:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-07-23 15:57 . 2010-06-29 14:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-07-23 15:57 . 2010-11-17 14:20 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-07-23 15:57 . 2010-11-17 14:20 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-07-23 15:57 . 2010-11-25 14:43 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-07-23 15:57 . 2011-02-17 07:21 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-07-23 15:57 . 2011-02-17 06:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-23 15:57 . 2010-11-25 14:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-07-23 15:56 . 2011-07-30 02:46 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-07-23 15:56 . 2011-07-23 15:56 -------- d-----w- c:\users\tatjana\AppData\Roaming\PC Tools
2011-07-23 15:35 . 2011-04-30 06:09 758784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-23 15:35 . 2011-04-30 06:22 1027584 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-23 04:21 . 2011-07-23 04:22 -------- d-----w- c:\windows\SysWow64\ca-ES
2011-07-23 04:21 . 2011-07-23 04:22 -------- d-----w- c:\windows\SysWow64\eu-ES
2011-07-23 04:21 . 2011-07-23 04:22 -------- d-----w- c:\windows\SysWow64\vi-VN
2011-07-23 04:21 . 2011-07-23 04:22 -------- d-----w- c:\windows\system32\ca-ES
2011-07-23 04:21 . 2011-07-23 04:21 -------- d-----w- c:\windows\system32\eu-ES
2011-07-23 04:21 . 2011-07-23 04:21 -------- d-----w- c:\windows\system32\vi-VN
2011-07-23 00:38 . 2011-07-23 00:38 -------- d-----w- c:\windows\system32\EventProviders
2011-07-23 00:05 . 2011-07-23 00:05 -------- d-----w- c:\users\tatjana\AppData\Roaming\PCTools
2011-07-22 23:21 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-07-22 23:21 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-07-22 23:21 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-22 23:21 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-22 22:50 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-07-22 22:50 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-07-22 22:47 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-07-22 22:47 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B84BEE15-6589-49FE-87E8-0BAC3BBE6A60}\gapaengine.dll
2011-07-22 22:38 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs
2011-07-22 22:32 . 2010-01-25 08:29 599552 ----a-w- c:\windows\system32\RMActivate.exe
2011-07-22 22:30 . 2011-05-02 12:00 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-07-22 22:30 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-22 22:30 . 2010-08-26 17:42 1927680 ----a-w- c:\windows\system32\gameux.dll
2011-07-22 22:30 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\SysWow64\gameux.dll
2011-07-22 22:30 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-07-22 22:30 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2011-07-22 22:30 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe
2011-07-22 22:30 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2011-07-22 22:29 . 2009-10-23 17:30 880640 ----a-w- c:\windows\system32\timedate.cpl
2011-07-22 22:29 . 2009-10-23 17:10 714240 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-07-22 17:52 . 2011-07-22 17:52 388096 ----a-r- c:\users\tatjana\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 17:52 . 2011-07-22 17:52 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-22 00:49 . 2011-07-29 17:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-22 00:08 . 2011-07-30 02:15 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-22 00:08 . 2011-07-22 00:08 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-22 00:06 . 2011-07-22 00:49 -------- d-----w- c:\programdata\Hitman Pro
2011-07-18 19:18 . 2011-07-18 19:18 -------- d-----w- c:\windows\Sun
2011-07-18 18:56 . 2011-07-18 18:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-14 23:04 . 2011-07-14 23:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-13 13:23 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 13:23 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 13:23 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-09 14:03 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-09 14:01 . 2011-07-09 14:01 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-09 14:01 . 2011-07-09 14:01 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-09 14:01 . 2011-07-09 14:01 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-07-09 00:48 . 2011-07-09 00:48 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2011-07-09 00:48 . 2011-07-09 00:48 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2011-07-09 00:47 . 2011-07-09 00:47 -------- d-----w- c:\program files (x86)\verizontb
2011-07-09 00:46 . 2011-05-26 19:00 23896576 ----a-w- c:\windows\VzInHomeAgentInstaller.msi
2011-07-09 00:24 . 2011-07-09 00:40 -------- d-----w- c:\users\tatjana\AppData\Local\SupportSoft
2011-07-09 00:23 . 2011-07-09 00:23 -------- d-----w- c:\program files (x86)\VERIZONDM
2011-07-09 00:23 . 2011-07-09 00:23 -------- d-----w- c:\programdata\SupportSoft
2011-07-09 00:23 . 2011-05-16 18:06 9782784 ----a-w- c:\windows\VerizonDM.msi
2011-07-09 00:23 . 2011-07-09 00:23 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft
2011-07-09 00:23 . 2011-07-09 00:48 -------- d-----w- c:\program files (x86)\Verizon
2011-07-06 16:16 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-07-06 16:16 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 12:57 . 2011-06-23 18:26 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE1803BE-269C-4765-8BA5-85FC4B3A657E}\mpengine.dll
2011-05-24 23:14 . 2010-10-24 19:31 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-22 18:01 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-02 17:13 . 2011-06-22 18:01 975360 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ----a-w- c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ----a-w- c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-18 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-26 30192]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-28 126976]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 206120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\tatjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-6-18 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-02 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-02 133104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-05-16 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-05-16 185640]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-18 15:34]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-02 23:26]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-02 23:26]
.
2011-07-29 c:\windows\Tasks\User_Feed_Synchronization-{E756E388-2405-40BE-90E0-DF15BB6AB60F}.job
- c:\windows\system32\msfeedssync.exe [2011-07-23 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-26 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-26 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-26 200216]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\
FF - prefs.js: keyword.URL - hxxp://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Tlbr-v6IE&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-(Default) - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-07-29 23:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 03:10
.
Pre-Run: 164,424,802,304 bytes free
Post-Run: 164,466,688,000 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4402E6E2969AEE7D2A5EA7384F099927

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 30 July 2011 - 04:51 AM

Hi

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 30 July 2011 - 04:52 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 30 July 2011 - 11:34 AM

Hi,

Here is the report from Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7326

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/30/2011 10:30:33 AM
mbam-log-2011-07-30 (10-30-33).txt

Scan type: Quick scan
Objects scanned: 171379
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**********************************************************************************


And, here is the report from ESET online scanner:

C:\Qoobox\Quarantine\C\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{e07a9851-5970-4b38-ba6a-9aa6504851fd}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 30 July 2011 - 11:45 AM

Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 17 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 30 July 2011 - 12:54 PM

Hi,

Java is missing from my Control Panel. How can I get it back there?

#12 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 30 July 2011 - 12:58 PM

I think I get it. I clicked on Additional Options/View 32-bit Control panel items and I can see Java now.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 30 July 2011 - 01:05 PM

That seems to be a common issue on 64bit systems, there should be an option to show 32 bit icons

see if it opens with pasting javacpl.cpl into a run box (winkey + R opens a run box)


If not > manually download and install it

http://java.com/en/download/index.jsp

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:18 PM

Posted 30 July 2011 - 01:06 PM

:thumbup2:

(just saw your post)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 tat_iva

tat_iva
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 30 July 2011 - 01:22 PM

I have installed the latest versions of acrobat and java. I ran several searches in Google and no re-directions!!! I thing the program is gone! Google search works perfectly!

Here is the log from the DDS:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by tatjana at 14:07:10 on 2011-07-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1905 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\msiexec.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\tatjana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\tatjana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D494188-0120-4F75-9A90-A26C24A4F858} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO-X64: Updater For Verizon Toolbar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO-X64: Verizon Toolbar - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\
FF - prefs.js: keyword.URL - hxxp://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Tlbr-v6IE&q=
FF - component: C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency.dll
FF - component: C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.5.dll
FF - component: C:\Users\tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\8exjf7xa.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 151552]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-30 366640]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-16 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-16 185640]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-2 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-7-23 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-7-23 1150936]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-10-26 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-30 18:02:59 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-30 18:02:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-30 14:38:12 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-30 14:25:13 -------- d-----w- C:\Users\tatjana\AppData\Roaming\Malwarebytes
2011-07-30 14:24:52 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 14:24:51 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-30 14:24:47 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-30 14:24:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-30 03:13:20 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69F10594-E682-4674-8BB5-B74C5E198732}\mpengine.dll
2011-07-30 03:03:44 -------- d-----w- C:\$RECYCLE.BIN
2011-07-30 02:47:04 98816 ----a-w- C:\Windows\sed.exe
2011-07-30 02:47:04 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-30 02:47:04 256000 ----a-w- C:\Windows\PEV.exe
2011-07-30 02:47:04 208896 ----a-w- C:\Windows\MBR.exe
2011-07-24 16:04:30 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-24 16:04:30 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-24 07:41:21 -------- d-----w- C:\Windows\SysWow64\spool
2011-07-24 07:41:20 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2011-07-24 07:41:19 -------- d-----w- C:\Program Files\Windows Portable Devices
2011-07-24 07:21:27 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-07-24 07:19:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-07-24 07:19:01 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-07-24 07:19:00 736256 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-07-24 07:19:00 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-07-24 07:19:00 315904 ----a-w- C:\Windows\System32\oleacc.dll
2011-07-24 07:19:00 234496 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-07-24 07:02:05 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2011-07-24 07:02:05 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2011-07-24 07:02:04 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-07-24 07:02:04 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-07-24 07:02:03 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-07-24 07:02:02 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-07-23 16:02:52 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-07-23 16:02:51 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-07-23 16:02:49 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-23 16:02:49 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-23 16:02:49 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-23 16:00:59 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-07-23 16:00:59 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-07-23 16:00:59 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-07-23 15:57:55 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-07-23 15:57:55 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-07-23 15:57:51 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-07-23 15:57:51 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-07-23 15:57:44 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-07-23 15:57:27 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-07-23 15:57:27 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-07-23 15:57:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-07-23 15:56:48 -------- d-----w- C:\Users\tatjana\AppData\Roaming\PC Tools
2011-07-23 15:56:48 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-07-23 15:35:08 758784 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-23 15:35:07 1027584 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-23 04:21:31 -------- d-----w- C:\Windows\SysWow64\vi-VN
2011-07-23 04:21:31 -------- d-----w- C:\Windows\SysWow64\eu-ES
2011-07-23 04:21:31 -------- d-----w- C:\Windows\SysWow64\ca-ES
2011-07-23 04:21:31 -------- d-----w- C:\Windows\System32\eu-ES
2011-07-23 04:21:31 -------- d-----w- C:\Windows\System32\ca-ES
2011-07-23 04:21:30 -------- d-----w- C:\Windows\System32\vi-VN
2011-07-23 00:38:30 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-23 00:05:19 -------- d-----w- C:\Users\tatjana\AppData\Roaming\PCTools
2011-07-22 23:21:45 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-07-22 23:21:45 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-07-22 23:21:45 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-07-22 23:21:44 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-07-22 22:50:25 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-07-22 22:50:25 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-07-22 22:47:48 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-07-22 22:47:44 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B84BEE15-6589-49FE-87E8-0BAC3BBE6A60}\gapaengine.dll
2011-07-22 22:38:56 201184 ----a-w- C:\Windows\SysWow64\winrm.vbs
2011-07-22 22:32:40 599552 ----a-w- C:\Windows\System32\RMActivate.exe
2011-07-22 22:30:39 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-07-22 22:30:38 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-07-22 22:30:33 1927680 ----a-w- C:\Windows\System32\gameux.dll
2011-07-22 22:30:31 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2011-07-22 22:30:05 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2011-07-22 22:30:04 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2011-07-22 22:30:03 372736 ----a-w- C:\Windows\System32\unregmp2.exe
2011-07-22 22:30:03 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2011-07-22 22:29:14 880640 ----a-w- C:\Windows\System32\timedate.cpl
2011-07-22 22:29:14 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-07-22 17:52:12 388096 ----a-r- C:\Users\tatjana\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-22 17:52:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-22 00:49:37 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-07-22 00:08:44 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-22 00:08:39 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-07-22 00:06:56 -------- d-----w- C:\ProgramData\Hitman Pro
2011-07-18 18:56:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-13 13:23:53 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-07-13 13:23:50 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-07-13 13:23:50 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-09 14:03:52 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-09 14:01:48 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-09 14:01:24 644360 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-09 14:01:15 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-07-09 00:48:19 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2011-07-09 00:48:19 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2011-07-09 00:47:53 -------- d-----w- C:\Program Files (x86)\verizontb
2011-07-09 00:46:31 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
2011-07-09 00:24:39 -------- d-----w- C:\Users\tatjana\AppData\Local\SupportSoft
2011-07-09 00:23:54 -------- d-----w- C:\Program Files (x86)\VERIZONDM
2011-07-09 00:23:44 9782784 ----a-w- C:\Windows\VerizonDM.msi
2011-07-09 00:23:22 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2011-07-09 00:23:21 -------- d-----w- C:\Program Files (x86)\Verizon
2011-07-06 16:16:42 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-07-06 16:16:42 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
.
==================== Find3M ====================
.
2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec
2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
.
============= FINISH: 14:08:31.09 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users