Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My problem with a hard-to-eliminate browser hijacker


  • This topic is locked This topic is locked
2 replies to this topic

#1 CDTOE

CDTOE

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 01 August 2011 - 12:34 PM

Hi to all the great helpers on this forum!

Lately, I have been suffering from a browser hijacker that seems hard to eliminate by using regular ways, such as anti-spyware and anti-adaware programs. I have SuperAntiSpyware installed, and every time I turn on the system, a message from the program pops up saying that the homepage of Internet Explorer has been changed, then it prompts me to allow or to block the change. Blocking doesn't work, because each time I click 'Block' the message pops up again, and the only option left to get rid of it, is to allow the change.

Strangely, after getting rid of the message, SuperAntiSpyware doesn't launch anymore, whether I want to run it as a regular user, or as an admin, and when I try to press right click on the icon of the program on the desktop to see the list of the command choices, it doesn't appear, and a message pops up saying that Windows Explorer isn't responding, and the system freezes for a second. After that, pressing right click on an icon of any program on the desktop leads to the message of 'Windows Explorer is not responding'.

I have tried a number of anti-spyware and anti-adware programs, but none of them detected anything except MalWareBytes which detected 4 threats, one of them has an adaware description, but I don't know about the others.

I am in a position of needing a help from you, as experts in this field, to get rid of these threats. Thanks in advance.

A note: I run Windows 7, 64 bit.

Note-2: Although there's a message of 'IE homepage has changed' comes from SuperAntiSpyware, the homepage does not really change. The message says that it has changed from Google.com, which is my default homepage in IE, to a blank website (there's no URL), but when I launch IE, Google opens with no problems! Also, two days ago, when I launch Firefox 5.0.1, which is my default browser, the URL field is set to be blank, with my default homepage (Google) launches with no problems.

Edit: I just have followed the instructions given in this topic. The result of SuperAntiSpyware scan, in safe mode, was finding a couple of threats, two of which go by the name of 'iExplorer.exe[FAKE]'. I deleted them, and reboot the system into normal mode, but unfortunately, the problem still exists. The 'homepage has changed' message still pops up, and SuperAntiSpyware can't be launched as a normal user, but only as an admin. Though, now when I press right click on an icon of any program on the desktop, including SAS, the list of commands appear with no problem with Windows Explorer at all. In the current situation, I still want to get rid of the whole threat, and to get things back to normal.

Edit-2: Now, I can launch SuperAntiSpyware as a normal user, but it takes more time to open than the time before the infection. However, I still get that message of 'homepage of Internet Explorer has changed' from SAS as soon as it finishes loading during windows start-up.

Edit-3: The problem with pressing right click on the icons of the any program on the desktop is back again, SuperAntiSpyware doesn't work anymore, even as an admin.

Edit-4 : I have noticed that the problem with pressing right click on the icons isn't stable, which means that sometimes it works with no problems, and other times it doesn't work and causes system freeze for a second due to 'Windows Explorer isn't responding'. I don't know if this problem is related to the browser hijacker in the first place, so detailing it here might be relevant, as you experts will figure it out.

Edit-5 : I created a DDS log alongside its attachment as requested, but didn't do GMER log because my operating system is not 32 bit. The DDS log is copied below, and I attached the attachment file.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by cdtoe at 17:25:18 on 2011-08-02
Microsoft Windows 7 Home Basic 6.1.7601.1.1256.966.1033.18.2997.1619 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\sppsvc.exe
C:\windows\explorer.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.sa/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5E9640FC-BE27-4899-B3DE-0570E99A2001} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A335AABA-EEDC-4465-BAA0-F4317F6C44CF} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA920F5D-02E9-463D-A121-5CFA1FD89419} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO-X64: ZoneAlarm Security - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cdtoe\AppData\Roaming\Mozilla\Firefox\Profiles\axfxayzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: C:\Users\cdtoe\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll
FF - component: C:\Users\cdtoe\AppData\Roaming\Mozilla\Firefox\Profiles\axfxayzk.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
FF - component: C:\Users\cdtoe\AppData\Roaming\Mozilla\Firefox\Profiles\axfxayzk.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-13 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-3 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-3 269480]
R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-2-15 822264]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-7-4 8192]
S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys --> C:\windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-08-02 12:07:37 -------- d-----w- C:\Program Files (x86)\Microsoft AntiSpyware
2011-08-02 12:06:50 -------- d-----w- C:\windows\Downloaded Installations
2011-08-02 09:39:44 -------- d-----w- C:\Program Files (x86)\ESET
2011-08-02 09:18:15 -------- d-----w- C:\Users\cdtoe\AppData\Local\{4C0FA8FF-80D5-4E50-A0A7-A0DCE1366A2A}
2011-08-01 22:10:46 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-01 21:32:03 23112 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-08-01 21:31:27 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-01 21:08:35 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\SUPERAntiSpyware.com
2011-08-01 21:08:29 -------- d-----w- C:\ProgramData\!SASCORE
2011-08-01 17:59:15 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-01 15:41:43 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\Malwarebytes
2011-08-01 15:41:34 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-01 15:41:31 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-08-01 15:01:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-01 15:01:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-01 11:26:56 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-08-01 10:09:31 -------- d-----w- C:\ProgramData\STOPzilla!
2011-08-01 10:09:31 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-08-01 09:36:47 -------- d-----w- C:\Program Files (x86)\AA Antimalware
2011-08-01 09:26:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-01 08:54:46 -------- d-----w- C:\Users\cdtoe\AppData\Local\{678C4CC3-CE05-45F3-B430-E05C2FBE4D11}
2011-07-31 07:22:48 -------- d-----w- C:\Users\cdtoe\AppData\Local\{6E77800E-0607-428F-B456-9102632F00C4}
2011-07-30 06:40:35 -------- d-----w- C:\Users\cdtoe\AppData\Local\{DEF9697E-FFF5-4B7D-B77A-0B885BD65C39}
2011-07-29 08:45:08 -------- d-----w- C:\Users\cdtoe\AppData\Local\{55A3E628-5DA2-4995-8BBE-47579F42841A}
2011-07-28 10:28:43 -------- d-----w- C:\Users\cdtoe\AppData\Local\{71BA2151-4A2A-44F3-84B3-C506CB4FD898}
2011-07-27 08:00:53 -------- d-----w- C:\Users\cdtoe\AppData\Local\{365C8C1D-A745-4EDD-9BE6-BE7861A92161}
2011-07-26 09:32:23 -------- d-----w- C:\Users\cdtoe\AppData\Local\{5A000F16-EE1F-471A-9529-9D42FAD57796}
2011-07-25 06:08:52 -------- d-----w- C:\Users\cdtoe\AppData\Local\{871C0906-E316-4917-977F-0F0204C784D0}
2011-07-24 10:36:44 200704 ----a-w- C:\windows\SysWow64\vbalExpBar6.ocx
2011-07-24 10:36:41 40960 ----a-w- C:\windows\SysWow64\SSubTmr6.dll
2011-07-24 10:36:41 15360 ----a-w- C:\windows\SysWow64\inetfr.DLL
2011-07-24 10:36:41 119568 ----a-w- C:\windows\SysWow64\VB6FR.DLL
2011-07-24 10:36:41 115920 ----a-w- C:\windows\SysWow64\msinet.OCX
2011-07-24 10:36:41 101888 ----a-w- C:\windows\SysWow64\VB6STKIT.DLL
2011-07-24 10:36:40 32768 ----a-w- C:\windows\SysWow64\CMDLGFR.DLL
2011-07-24 10:36:40 152848 ----a-w- C:\windows\SysWow64\COMDLG32.OCX
2011-07-24 10:36:40 141312 ----a-w- C:\windows\SysWow64\MSCMCFR.DLL
2011-07-24 10:36:40 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\FreeBurner
2011-07-24 10:36:40 -------- d-----w- C:\Program Files (x86)\Free Easy Burner
2011-07-23 21:48:28 -------- d-----w- C:\Users\cdtoe\AppData\Local\{54F96018-30A0-4B38-9943-C9867257FA8D}
2011-07-23 08:46:06 -------- d-----w- C:\Users\cdtoe\AppData\Local\{4721C338-CECC-47F6-AB3F-25B201183545}
2011-07-22 15:19:28 -------- d-----w- C:\Users\cdtoe\AppData\Local\{2240ABFF-5507-4258-A84C-19695FD5935A}
2011-07-22 09:58:21 -------- d-----w- C:\Users\cdtoe\AppData\Local\{C6578649-6554-40AD-B700-C07B978551A3}
2011-07-21 06:36:37 -------- d-----w- C:\Users\cdtoe\AppData\Local\{EE95F02A-DA08-4C21-BB12-2F0822126998}
2011-07-20 07:02:48 -------- d-----w- C:\Users\cdtoe\AppData\Local\{A7D03A03-2C5E-4699-9CA9-3C25FD98C8FE}
2011-07-18 21:54:01 -------- d-----w- C:\Users\cdtoe\AppData\Local\{0233E9AD-3B00-4E1E-A505-DA42AF1B9142}
2011-07-18 09:08:21 -------- d-----w- C:\Users\cdtoe\AppData\Local\{4E51AB0E-AD9C-45B4-A7DF-66E469226CC3}
2011-07-16 20:01:30 -------- d-----w- C:\Users\cdtoe\AppData\Local\Apps
2011-07-16 09:56:42 -------- d-----w- C:\Users\cdtoe\AppData\Local\{0961D2CA-6595-4853-ADD0-21D62594A8A7}
2011-07-16 06:31:06 -------- d-----w- C:\Users\cdtoe\AppData\Local\{6FABC518-1D58-47EC-BD55-83BC3C8F176C}
2011-07-15 09:50:01 -------- d-----w- C:\Users\cdtoe\AppData\Local\{26AE50CB-71FD-4559-9B4E-F61A2EB59006}
2011-07-14 11:23:39 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-07-14 11:23:39 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-07-14 11:23:39 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-07-14 11:23:39 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-14 11:23:39 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-14 11:23:39 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-07-14 11:23:39 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-07-13 22:51:08 -------- d-----w- C:\Users\cdtoe\AppData\Local\{403A4282-C153-4AAB-9266-0941B5640D82}
2011-07-13 06:39:26 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2011-07-13 06:38:52 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-13 06:38:52 338944 ----a-w- C:\windows\System32\conhost.exe
2011-07-13 06:38:52 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-13 06:38:52 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-13 06:38:52 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-13 06:38:51 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-13 06:38:51 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-13 06:38:51 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-13 06:38:51 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-13 06:38:51 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-13 06:38:50 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-13 06:24:25 -------- d-----w- C:\Users\cdtoe\AppData\Local\{061E7EDD-5B2C-4F74-9B3F-4B2812D74F19}
2011-07-12 06:25:37 -------- d-----w- C:\Users\cdtoe\AppData\Local\{6A233B18-7539-412F-ABA8-85236D7FD1D7}
2011-07-11 06:19:33 -------- d-----w- C:\Users\cdtoe\AppData\Local\{1A79A808-F295-48F7-92D6-512F8F3CD5D2}
2011-07-10 10:50:50 14744 ----a-w- C:\Users\cdtoe\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2011-07-10 10:45:04 -------- d-----w- C:\Program Files (x86)\MSECache
2011-07-10 09:34:47 -------- d-----w- C:\Users\cdtoe\AppData\Local\{AE766D61-6299-40D9-B5D1-686D26975887}
2011-07-10 09:34:43 -------- d-----w- C:\Users\cdtoe\AppData\Local\{2E952F71-EF12-4061-B598-C0785FC4F186}
2011-07-09 13:19:25 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2011-07-09 13:17:52 -------- d-----w- C:\ProgramData\HipSoft
2011-07-09 11:26:26 -------- d-----w- C:\windows\System32\SPReview
2011-07-09 09:31:29 -------- d-----w- C:\Users\cdtoe\AppData\Local\{EB18FC52-0F15-4602-B023-ABF3359549C5}
2011-07-08 18:14:07 -------- d-----w- C:\Users\cdtoe\AppData\Local\{87536876-B943-447B-AC2A-BAB5378C1C31}
2011-07-08 17:17:46 -------- d-----w- C:\windows\System32\EventProviders
2011-07-08 16:43:19 -------- d-----w- C:\Users\cdtoe\AppData\Local\{50C7ECC6-5285-4459-9DD9-1A97A10338C4}
2011-07-07 22:10:51 -------- d-----w- C:\Users\cdtoe\AppData\Local\{234E92C8-688B-4EAD-ADDC-EC275E7B9D8B}
2011-07-07 09:15:04 -------- d-----w- C:\Users\cdtoe\AppData\Local\{AC9079F0-1BD1-4360-9C7D-CD744626990B}
2011-07-05 06:34:04 48976 ----a-w- C:\windows\System32\netfxperf.dll
2011-07-05 06:34:04 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-07-05 06:32:59 577536 ----a-w- C:\windows\System32\WSDApi.dll
2011-07-05 06:31:59 90112 ----a-w- C:\windows\System32\nci.dll
2011-07-05 06:30:59 497664 ----a-w- C:\windows\System32\main.cpl
2011-07-05 06:29:44 399872 ----a-w- C:\windows\System32\dpx.dll
2011-07-05 06:29:44 189952 ----a-w- C:\windows\SysWow64\wdscore.dll
2011-07-05 06:29:28 606208 ----a-w- C:\windows\SysWow64\wbem\fastprox.dll
2011-07-05 06:29:28 363008 ----a-w- C:\windows\SysWow64\wbemcomn.dll
2011-07-05 06:26:37 529408 ----a-w- C:\windows\System32\wbemcomn.dll
2011-07-04 15:20:44 -------- d-----w- C:\Program Files (x86)\eclipse
2011-07-04 15:19:59 -------- d-----w- C:\Users\cdtoe\AppData\Local\Eclipse
2011-07-04 13:11:26 -------- d-----w- C:\Users\cdtoe\.jedit
2011-07-04 13:01:48 525544 ----a-w- C:\windows\System32\deployJava1.dll
2011-07-04 09:21:23 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-07-04 09:21:23 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-07-04 09:21:23 1544192 ----a-w- C:\windows\System32\DWrite.dll
2011-07-04 09:21:23 1139200 ----a-w- C:\windows\System32\FntCache.dll
2011-07-04 09:21:23 1076736 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-07-04 08:03:58 8192 ----a-w- C:\windows\SysWow64\srvany.exe
2011-07-04 07:35:06 404480 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-07-04 07:35:06 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-07-04 07:35:06 207872 ----a-w- C:\windows\System32\cfgmgr32.dll
2011-07-04 07:35:06 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-07-04 07:35:05 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-07-04 07:35:05 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-07-04 07:34:08 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-04 07:33:51 715776 ----a-w- C:\windows\System32\kerberos.dll
2011-07-04 07:33:51 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-07-04 07:33:47 -------- d-----w- C:\windows\SHELLNEW
2011-07-04 07:33:24 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-07-04 07:33:24 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-07-04 07:33:22 -------- d-----w- C:\Users\cdtoe\AppData\Local\Microsoft Help
2011-07-04 07:33:07 2871808 ----a-w- C:\windows\explorer.exe
2011-07-04 07:33:05 2616320 ----a-w- C:\windows\SysWow64\explorer.exe
2011-07-04 07:31:05 289280 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-04 07:31:04 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-07-04 07:31:04 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-07-04 07:30:52 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-07-04 07:30:52 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-07-04 07:30:44 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-07-04 07:30:42 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-07-04 07:30:41 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-07-04 07:30:02 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-07-04 07:30:02 1465344 ----a-w- C:\windows\System32\XpsPrint.dll
2011-07-04 07:30:01 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-07-04 07:30:01 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-07-04 07:30:00 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-07-04 07:30:00 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-07-04 07:29:10 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2011-07-04 07:29:10 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-07-04 07:29:10 367616 ----a-w- C:\windows\System32\atmfd.dll
2011-07-04 07:29:10 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-07-04 07:29:10 294912 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-07-04 07:29:10 100864 ----a-w- C:\windows\System32\fontsub.dll
2011-07-04 07:28:23 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-07-04 07:28:09 183296 ----a-w- C:\windows\System32\dnsrslvr.dll
2011-07-04 07:28:08 30208 ----a-w- C:\windows\System32\dnscacheugc.exe
2011-07-04 07:28:08 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe
2011-07-04 07:28:00 321024 ----a-w- C:\windows\System32\d3d10_1core.dll
2011-07-04 07:27:59 219136 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2011-07-04 07:27:59 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2011-07-04 07:27:59 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2011-07-04 07:27:52 467456 ----a-w- C:\windows\System32\drivers\srv.sys
2011-07-04 07:27:52 410112 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-07-04 07:27:52 168448 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-07-04 07:26:32 605552 ----a-w- C:\windows\System32\winload.exe
2011-07-04 07:26:31 642944 ----a-w- C:\windows\System32\winload.efi
2011-07-04 07:26:31 566208 ----a-w- C:\windows\System32\winresume.efi
2011-07-04 07:26:31 518672 ----a-w- C:\windows\System32\winresume.exe
2011-07-04 07:26:31 20352 ----a-w- C:\windows\System32\kdusb.dll
2011-07-04 07:26:31 19328 ----a-w- C:\windows\System32\kd1394.dll
2011-07-04 07:26:30 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
2011-07-04 07:26:30 17792 ----a-w- C:\windows\System32\kdcom.dll
2011-07-04 07:26:28 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-07-04 07:26:28 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-07-04 07:25:42 31232 ----a-w- C:\windows\SysWow64\prevhost.exe
2011-07-04 07:25:42 31232 ----a-w- C:\windows\System32\prevhost.exe
2011-07-04 07:25:31 974336 ----a-w- C:\windows\System32\WFS.exe
2011-07-04 07:25:31 267776 ----a-w- C:\windows\System32\FXSCOVER.exe
2011-07-04 07:25:20 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-07-04 07:25:19 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-07-04 07:25:13 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2011-07-03 22:31:57 -------- d-----w- C:\Users\cdtoe\AppData\Local\WinZip
2011-07-03 22:29:58 -------- d-----w- C:\Users\cdtoe\AppData\Local\Google
2011-07-03 22:12:45 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\MathWorks
2011-07-03 21:54:14 -------- d-----w- C:\Program Files\MATLAB
2011-07-03 21:41:52 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-03 21:31:24 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-07-03 21:30:12 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-03 21:30:12 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-07-03 21:15:47 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\DMCache
2011-07-03 20:59:47 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-03 20:58:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-03 20:56:48 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\Avira
2011-07-03 20:44:37 -------- d-----w- C:\Users\cdtoe\AppData\Roaming\CheckPoint
2011-07-03 20:44:21 -------- d-----w- C:\Program Files (x86)\Conduit
2011-07-03 20:44:20 -------- d-----w- C:\Users\cdtoe\AppData\Local\Conduit
2011-07-03 20:44:19 -------- d-----w- C:\Program Files (x86)\ZoneAlarm_Security
2011-07-03 20:43:42 -------- d-----w- C:\Program Files\CheckPoint
2011-07-03 20:43:05 1238528 ----a-w- C:\windows\SysWow64\zpeng25.dll
2011-07-03 20:43:04 -------- d-----w- C:\windows\SysWow64\ZoneLabs
2011-07-03 20:43:03 458840 ----a-w- C:\windows\System32\drivers\~GLH0023.TMP
2011-07-03 20:42:59 458840 ------w- C:\windows\System32\drivers\vsdatant.sys
2011-07-03 20:42:58 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-07-03 20:42:36 -------- d-----w- C:\ProgramData\CheckPoint
2011-07-03 20:42:35 -------- d-----w- C:\windows\Internet Logs
2011-07-03 20:36:08 88288 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2011-07-03 20:36:07 -------- d-----w- C:\ProgramData\Avira
2011-07-03 20:36:07 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-03 20:35:00 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D19001B-4A8C-4D84-ABA6-1C243F4409CF}\mpengine.dll
2011-07-03 20:34:59 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-07-03 20:04:59 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2011-07-03 19:06:48 -------- d-----w- C:\Users\cdtoe\AppData\Local\Diagnostics
2011-07-03 18:57:04 -------- d-----w- C:\Users\cdtoe\Tracing
2011-07-03 18:52:56 -------- d-----w- C:\Users\cdtoe\AppData\Local\ATI
2011-07-03 18:52:50 -------- d-----w- C:\Users\cdtoe\AppData\Local\SRS Labs
2011-07-03 18:52:50 -------- d-----w- C:\Users\cdtoe\AppData\Local\Power2Go
2011-07-03 18:48:15 -------- d-----r- C:\Program Files (x86)\Skype
2011-07-03 18:48:04 -------- d-----w- C:\Users\cdtoe\AppData\Local\Adobe
2011-07-03 18:47:38 -------- d-----w- C:\Program Files\Synaptics
2011-07-03 18:46:56 -------- d-----w- C:\Users\cdtoe\AppData\Local\VirtualStore
2011-07-03 18:46:40 39464 ----a-w- C:\windows\System32\drivers\btwl2cap.sys
2011-07-03 18:46:40 340520 ----a-w- C:\windows\System32\drivers\btwampfl.sys
2011-07-03 18:46:40 21544 ----a-w- C:\windows\System32\drivers\btwrchid.sys
2011-07-03 18:46:40 135720 ----a-w- C:\windows\System32\drivers\btwavdt.sys
2011-07-03 18:46:40 102440 ----a-w- C:\windows\System32\drivers\btwaudio.sys
2011-07-03 18:42:38 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-07-09 11:38:25 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-07-09 11:38:25 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\windows\System32\win32k.sys
2011-06-03 06:56:38 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-17 06:41:20 15144 ----a-w- C:\windows\SysWow64\drivers\rtport.sys
.
============= FINISH: 17:26:37.29 ===============

Attached Files


Edited by CDTOE, 02 August 2011 - 09:50 AM.


BC AdBot (Login to Remove)

 


#2 CDTOE

CDTOE
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 02 August 2011 - 02:03 PM

I couldn't edit the post anymore, so I just wanted to say that I solved the whole problem by restoring the system to a previous state before the infection. Everything runs well right now.

Thanks.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:46 PM

Posted 04 August 2011 - 11:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users