Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM blocking potentially malicious IPs (outbound)


  • This topic is locked This topic is locked
16 replies to this topic

#1 SigRanger

SigRanger

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 04 August 2011 - 12:04 PM

Hello,

I have recently been getting alot of blocked IP (outbound)notifications from MBAM. They occur every time I start Firefox or IE, and even occur when no one has been on the computer. I have been running Tcpview to try to determine what app is trying to reach out...not much luck. I can see that my browser is guilty when I launch it...I haven't been able to see what is causing it when no one is on computer. Any help would be appreciated. Thank you

MBAM log
00:23:58 Roger IP-BLOCK 121.10.115.132 (Type: outgoing)
00:24:00 Roger IP-BLOCK 121.10.115.132 (Type: outgoing)
00:24:01 Roger IP-BLOCK 121.10.115.132 (Type: outgoing)
00:57:42 Roger IP-BLOCK 222.186.18.5 (Type: outgoing)
00:57:43 Roger IP-BLOCK 222.186.18.5 (Type: outgoing)
00:57:45 Roger IP-BLOCK 222.186.18.5 (Type: outgoing)
07:59:19 Roger IP-BLOCK 59.34.196.137 (Type: outgoing)
07:59:20 Roger IP-BLOCK 59.34.196.137 (Type: outgoing)
07:59:22 Roger IP-BLOCK 59.34.196.137 (Type: outgoing)
11:41:16 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:19 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:25 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:28 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:28 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:29 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:29 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:29 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:29 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:29 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:30 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:30 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:38 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:39 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:41 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:42 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:42 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:48 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:48 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:48 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:50 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:52 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:41:58 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:01 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:07 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:33 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:34 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:35 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:35 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:37 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:42:41 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:43:06 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:43:09 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:43:15 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:43:37 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:43:40 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:43:46 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:44:21 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:44:24 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:44:30 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:44:46 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:44:49 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:44:55 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:45:11 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:45:15 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:45:21 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:45:44 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:45:47 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:45:53 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:47:40 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:47:43 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:47:49 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:48:05 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:48:08 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:48:14 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:48:52 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:48:55 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
11:49:01 Roger IP-BLOCK 64.20.54.67 (Type: outgoing)
13:08:16 Roger IP-BLOCK 222.186.40.227 (Type: outgoing)
13:08:17 Roger IP-BLOCK 222.186.40.227 (Type: outgoing)
13:08:19 Roger IP-BLOCK 222.186.40.227 (Type: outgoing)
14:31:48 Roger IP-BLOCK 121.10.127.74 (Type: outgoing)
14:31:50 Roger IP-BLOCK 121.10.127.74 (Type: outgoing)
14:31:51 Roger IP-BLOCK 121.10.127.74 (Type: outgoing)
16:32:21 Roger MESSAGE Scheduled update executed successfully
16:32:21 Roger MESSAGE IP Protection stopped
16:32:24 Roger MESSAGE Scheduled scan executed successfully
16:32:47 Roger MESSAGE Database updated successfully
16:32:49 Roger MESSAGE IP Protection started successfully


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Roger at 19:49:28 on 2011-08-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2340 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\svchost.exe -k hpdevmgmt
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
D:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HP\HP Software Update\HPWUCli.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z064&partner_id=284&product_id=379&affiliate_id=&channel=sonic&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110803&user_guid=2D2E9E7C93444C759BA68FC85651C765&machine_id=ca708499fbed462e547ce2238ac29c69&browser=IE&os=win&os_version=5.1-x86-SP3
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - d:\program files\startnow toolbar\Toolbar32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20110712210713.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - d:\program files\startnow toolbar\Toolbar32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - d:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DW6] "d:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [gStart] d:\program files\garmin\gStart.exe
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [IAAnotif] d:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [UIUCU] d:\docume~1\roger\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [CTDVDDET] "d:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "d:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "d:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "d:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] d:\windows\UpdReg.EXE
mRun: [NeroCheck] d:\windows\system32\NeroCheck.exe
mRun: [InCD] d:\program files\ahead\incd\InCD.exe
mRun: [EM_EXEC] d:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - d:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310521414171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{45E214A9-E387-4803-A1F5-777D161CB9FC} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\roger\application data\mozilla\firefox\profiles\vdwntrxa.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z064&partner_id=284&product_id=379&affiliate_id=&channel=sonic&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110803&user_guid=2D2E9E7C93444C759BA68FC85651C765&machine_id=ca708499fbed462e547ce2238ac29c69&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2011-7-12 89368]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McProxy;McAfee Proxy Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-12 165000]
R2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-12 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2011-7-12 148520]
R2 Toolbar Updater Service;Toolbar Updater Service;d:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2011-7-12 57432]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2011-7-12 179248]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2011-7-12 59288]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2011-7-12 337912]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S2 0057781312405835mcinstcleanup;McAfee Application Installer Cleanup (0057781312405835);d:\windows\temp\005778~1.exe d:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> d:\windows\temp\005778~1.exe d:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2011-7-12 85984]
.
=============== Created Last 30 ================
.
2011-08-03 15:34:54 -------- d-----w- d:\program files\StartNow Toolbar
2011-08-03 15:34:48 -------- d-----w- d:\documents and settings\roger\application data\Easy MP3 Recorder
2011-08-03 15:34:18 -------- d-----w- d:\program files\Moozy
2011-08-03 00:00:01 -------- d-----w- d:\documents and settings\roger\local settings\application data\Garmin
2011-08-02 23:59:59 -------- d-----w- d:\documents and settings\all users\application data\Garmin
2011-08-02 23:59:58 -------- d-----w- d:\documents and settings\roger\application data\Garmin
2011-08-02 23:59:13 -------- d-----w- d:\program files\Garmin
2011-08-02 17:29:44 -------- d-----w- d:\documents and settings\all users\application data\FUJIFILM
2011-08-02 17:29:36 -------- d-----w- d:\program files\FUJIFILM
2011-07-30 01:34:33 -------- d-----w- d:\program files\iTunes
2011-07-30 01:31:07 -------- d-----w- d:\program files\Bonjour
2011-07-28 00:08:06 -------- d-----w- d:\documents and settings\roger\application data\HpUpdate
2011-07-28 00:08:03 -------- d-----w- d:\windows\Hewlett-Packard
2011-07-25 20:06:47 -------- d-----w- d:\program files\Windows Media Connect 2
2011-07-25 20:05:27 -------- d-----w- d:\windows\system32\LogFiles
2011-07-25 12:53:22 -------- d-----w- d:\documents and settings\roger\local settings\application data\PassMark
2011-07-25 12:52:44 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-07-25 12:52:44 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-07-25 12:52:42 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-07-25 12:52:41 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2011-07-25 12:52:36 -------- d-----w- d:\windows\Logs
2011-07-25 12:52:34 -------- d-----w- d:\documents and settings\all users\application data\PassMark
2011-07-25 12:52:32 -------- d-----w- d:\program files\PerformanceTest
2011-07-24 21:34:24 5632 ----a-w- d:\windows\system32\ptpusb.dll
2011-07-24 21:34:23 159232 ----a-w- d:\windows\system32\ptpusd.dll
2011-07-20 16:55:56 -------- d-----w- d:\documents and settings\roger\application data\Malwarebytes
2011-07-20 16:55:46 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 16:55:44 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-07-20 16:55:40 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-20 16:55:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 19:48:39 -------- d-----w- d:\documents and settings\roger\local settings\application data\Temp
2011-07-15 16:32:19 -------- d-----w- d:\documents and settings\roger\local settings\application data\Google
2011-07-15 15:11:25 -------- d-----w- d:\program files\Microsoft ActiveSync
2011-07-15 15:10:49 -------- d-----w- d:\windows\ShellNew
2011-07-15 14:21:12 44928 -c--a-w- d:\windows\system32\dllcache\agpcpq.sys
2011-07-15 14:20:16 19569 ----a-w- d:\windows\003157_.tmp
2011-07-15 11:40:14 -------- d-sh--w- d:\documents and settings\roger\PrivacIE
2011-07-15 11:29:05 -------- d-sh--w- d:\documents and settings\roger\IETldCache
2011-07-15 07:03:40 -------- d-----w- d:\windows\system32\XPSViewer
2011-07-15 07:03:21 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-15 07:03:07 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-15 07:03:07 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-15 07:03:07 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-15 07:03:07 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2011-07-15 07:03:07 575488 ------w- d:\windows\system32\xpsshhdr.dll
2011-07-15 07:03:07 117760 ------w- d:\windows\system32\prntvpt.dll
2011-07-15 07:03:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2011-07-15 07:03:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2011-07-15 07:00:59 -------- d-----w- d:\program files\MSXML 6.0
2011-07-15 03:09:26 -------- d-----w- d:\windows\ie8updates
2011-07-15 03:09:10 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2011-07-15 03:09:09 602112 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2011-07-15 03:09:09 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2011-07-15 03:09:09 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2011-07-15 03:09:09 1991680 -c----w- d:\windows\system32\dllcache\iertutil.dll
2011-07-15 03:09:08 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2011-07-15 03:09:08 11081728 -c----w- d:\windows\system32\dllcache\ieframe.dll
2011-07-15 03:08:31 -------- dc-h--w- d:\windows\ie8
2011-07-14 17:43:30 -------- d-----w- d:\windows\system32\appmgmt
2011-07-14 17:17:35 -------- d-----w- d:\documents and settings\roger\application data\WinFF
2011-07-14 17:17:32 -------- d-----w- d:\program files\WinFF
2011-07-13 17:52:33 274288 ----a-w- d:\windows\system32\mucltui.dll
2011-07-13 17:52:33 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
2011-07-13 17:16:41 53248 ----a-w- d:\windows\system32\atiexdxx.dll
2011-07-13 17:16:34 -------- d-----w- d:\program files\ATI Technologies
2011-07-13 17:15:07 212992 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-07-13 03:24:51 -------- d-----w- d:\documents and settings\roger\local settings\application data\FUJIFILM
2011-07-13 03:22:53 -------- d-----w- d:\documents and settings\roger\local settings\application data\Adobe
2011-07-13 03:20:46 -------- d-----w- d:\documents and settings\all users\application data\McAfee Security Scan
2011-07-13 03:20:44 -------- d-----w- d:\program files\McAfee Security Scan
2011-07-13 02:52:34 -------- d-----w- d:\program files\MSXML 4.0
2011-07-13 02:12:15 -------- d-----w- d:\windows\ServicePackFiles
2011-07-13 01:56:33 2192768 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2011-07-13 01:56:16 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2011-07-13 01:55:10 272128 -c--a-w- d:\windows\system32\dllcache\bthport.sys
2011-07-13 01:55:10 272128 ------w- d:\windows\system32\drivers\bthport.sys
2011-07-13 01:50:17 23040 ------w- d:\windows\kb913800.exe
2011-07-13 01:40:03 28552 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-07-13 01:40:03 28040 ----a-w- d:\windows\system32\mdimon.dll
2011-07-13 01:07:13 24376 ----a-w- d:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-07-13 00:42:49 -------- d-----w- d:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-13 00:41:57 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-13 00:41:57 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-13 00:41:57 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-13 00:41:57 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-13 00:41:57 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-13 00:41:56 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-13 00:41:56 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-13 00:27:37 -------- d-----w- d:\program files\The Weather Channel FW
2011-07-13 00:27:09 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 23:56:48 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
2011-07-12 23:56:42 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
2011-07-12 23:56:02 -------- d-----w- d:\program files\Microsoft
2011-07-12 23:55:48 -------- d-----w- d:\program files\Windows Live SkyDrive
2011-07-12 23:55:16 4927864 ----a-w- d:\program files\common files\windows live\.cache\260485b61cc40ef\Silverlight.2.0.exe
2011-07-12 23:54:16 74520 ----a-w- d:\program files\common files\windows live\.cache\20ccbfa1cc40ef\DSETUP.dll
2011-07-12 23:54:16 484632 ----a-w- d:\program files\common files\windows live\.cache\20ccbfa1cc40ef\DXSETUP.exe
2011-07-12 23:54:16 1670936 ----a-w- d:\program files\common files\windows live\.cache\20ccbfa1cc40ef\dsetup32.dll
2011-07-12 23:54:01 1013800 ----a-w- d:\program files\common files\windows live\.cache\f8ff5e421cc40ee\WindowsXP-KB954708-x86-ENU.exe
2011-07-12 23:53:54 1229688 ----a-w- d:\program files\common files\windows live\.cache\f4f704081cc40ee\wic_x86_enu.exe
2011-07-12 23:50:10 -------- d-----w- d:\program files\common files\Windows Live
2011-07-12 23:25:21 -------- d-----w- d:\documents and settings\roger\local settings\application data\Mozilla
2011-07-12 23:23:14 -------- d-----w- d:\documents and settings\roger\local settings\application data\The Weather Channel
2011-07-12 22:47:53 -------- d-----w- d:\documents and settings\roger\Downloaded Program Updates
2011-07-12 22:33:49 38229 ------w- d:\windows\system32\drivers\StMp3Rec.sys
2011-07-12 22:33:43 -------- d-----w- d:\program files\iPod
2011-07-12 22:27:00 -------- d-----w- d:\windows\Downloaded Installations
2011-07-12 22:22:24 306688 ----a-w- d:\windows\IsUninst.exe
2011-07-12 22:19:19 1228800 ------w- d:\windows\UNNMP.exe
2011-07-12 22:18:38 22848 ------w- d:\windows\system32\drivers\incdrm.sys
2011-07-12 22:18:38 1204224 ------w- d:\windows\UNMRW.exe
2011-07-12 22:18:25 1228800 ------w- d:\windows\NuNinst.exe
2011-07-12 22:18:20 85552 ------w- d:\windows\system32\drivers\incdfs.sys
2011-07-12 22:18:20 5232 ------w- d:\windows\system32\drivers\incdrec.sys
2011-07-12 22:18:20 26976 ------w- d:\windows\system32\drivers\incdpass.sys
2011-07-12 22:18:13 -------- d-----w- d:\windows\InCD
2011-07-12 22:17:51 -------- d-----w- d:\documents and settings\roger\application data\NeroVision
2011-07-12 22:17:35 1228800 ------w- d:\windows\UNNeroVision.exe
2011-07-12 22:15:32 89184 ------w- d:\windows\system32\drivers\imagedrv.sys
2011-07-12 22:15:32 57344 ------w- d:\windows\system32\ImageDrive.cpl
2011-07-12 22:14:22 38912 ----a-r- d:\windows\system32\picn20.dll
2011-07-12 22:14:04 569344 ----a-r- d:\windows\system32\imagr5.dll
2011-07-12 22:14:04 544768 ----a-r- d:\windows\system32\imagx5.dll
2011-07-12 22:14:03 283920 ----a-r- d:\windows\system32\ImagXpr5.dll
2011-07-12 22:13:54 155648 ----a-r- d:\windows\system32\NeroCheck.exe
2011-07-12 22:10:59 -------- d-----w- d:\documents and settings\all users\application data\WEBREG
2011-07-12 22:10:24 -------- d-----w- d:\documents and settings\roger\local settings\application data\HP
2011-07-12 22:09:46 16496 ----a-r- d:\windows\system32\drivers\HPZipr12.sys
2011-07-12 22:09:45 49920 ----a-r- d:\windows\system32\drivers\HPZid412.sys
2011-07-12 22:09:28 315904 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
2011-07-12 22:09:27 452408 ----a-r- d:\windows\system32\hpzids01.dll
2011-07-12 22:09:27 123904 ----a-w- d:\windows\system32\hpf3l70w.dll
2011-07-12 22:09:22 21568 ----a-r- d:\windows\system32\drivers\HPZius12.sys
2011-07-12 22:09:08 372736 ----a-r- d:\windows\system32\hppldcoi.dll
2011-07-12 22:09:08 315392 ----a-r- d:\windows\system32\hpwvst01.dll
2011-07-12 22:09:08 309760 ----a-r- d:\windows\system32\difxapi.dll
2011-07-12 22:09:07 966656 ----a-r- d:\windows\system32\hpwtiop6.dll
2011-07-12 22:09:07 716288 ----a-r- d:\windows\system32\hpwwiax7.dll
2011-07-12 21:53:17 -------- d-----w- d:\program files\common files\HP
2011-07-12 21:53:15 -------- d-----w- d:\program files\common files\Hewlett-Packard
2011-07-12 21:52:59 -------- d-----w- d:\windows\hpoj4500g510a-f
2011-07-12 21:52:17 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2011-07-12 21:52:17 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2011-07-12 21:52:15 32128 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2011-07-12 21:52:15 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2011-07-12 21:52:14 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2011-07-12 21:52:14 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2011-07-12 21:51:35 -------- d-----w- d:\program files\HP
2011-07-12 21:49:12 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2011-07-12 21:46:57 -------- d-----w- d:\documents and settings\roger\local settings\application data\Apple
2011-07-12 21:46:47 -------- d-----w- d:\documents and settings\roger\local settings\application data\Apple Computer
2011-07-12 21:19:49 44032 ------w- d:\windows\system32\CTSVCCDA.EXE
2011-07-12 21:19:49 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2011-07-12 21:18:31 90112 ------w- d:\windows\Updreg.EXE
2011-07-12 21:17:22 3072 ----a-w- d:\windows\CTXFIRES.DLL
2011-07-12 21:17:22 11776 ----a-w- d:\windows\INRES.DLL
2011-07-12 21:17:22 10240 ----a-w- d:\windows\CTDCRES.DLL
2011-07-12 21:17:22 -------- d-----w- d:\windows\system32\Data
2011-07-12 21:14:00 77824 ------w- d:\windows\system32\ctdvda32.dll
2011-07-12 21:11:47 -------- d-----w- d:\program files\Creative
2011-07-12 21:04:20 208896 ----a-w- d:\windows\system32\nvudisp.exe
2011-07-12 21:04:20 -------- d-----w- d:\windows\nview
2011-07-12 21:03:48 208896 ----a-w- d:\windows\system32\NVUNINST.EXE
2011-07-12 21:02:05 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-07-12 21:02:05 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-07-12 20:58:00 -------- d-----w- d:\windows\system32\PreInstall
2011-07-12 20:57:59 -------- d--h--w- d:\windows\$hf_mig$
2011-07-12 20:55:38 -------- d-s---w- d:\documents and settings\roger\UserData
2011-07-12 20:39:45 9344 ----a-w- d:\windows\system32\drivers\mfeclnk.sys
2011-07-12 20:39:42 89368 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2011-07-12 20:39:42 85984 ----a-w- d:\windows\system32\drivers\mferkdet.sys
2011-07-12 20:39:42 83688 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2011-07-12 20:39:42 59288 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2011-07-12 20:39:42 57432 ----a-w- d:\windows\system32\drivers\cfwids.sys
2011-07-12 20:39:42 337912 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2011-07-12 20:39:42 179248 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2011-07-12 20:39:41 -------- d-----w- d:\program files\common files\Mcafee
2011-07-12 20:39:40 -------- d-----w- d:\program files\McAfee.com
2011-07-12 20:39:35 -------- d-----w- d:\program files\McAfee
2011-07-12 20:28:29 148520 ----a-w- d:\windows\system32\mfevtps.exe
2011-07-12 20:23:10 729088 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-07-12 20:23:10 69715 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-07-12 20:23:10 5632 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-07-12 20:23:10 311428 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-07-12 20:23:10 266240 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-07-12 20:23:10 192512 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-07-12 20:23:10 188548 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-07-12 20:22:10 53248 ----a-w- d:\windows\system32\mhwt.dll
2011-07-12 20:22:10 37048 ----a-w- d:\windows\system32\drivers\mohfilt.sys
2011-07-12 20:22:10 172032 ----a-w- d:\windows\system32\intelmoh.dll
2011-07-12 20:22:09 647929 ----a-w- d:\windows\system32\drivers\IntelC52.sys
2011-07-12 20:22:09 61157 ----a-w- d:\windows\system32\drivers\IntelC53.sys
2011-07-12 20:22:09 1233525 ----a-w- d:\windows\system32\drivers\IntelC51.sys
2011-07-12 20:20:09 -------- d-----w- d:\documents and settings\roger\local settings\application data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2011-07-12 20:12:41 -------- d-----w- d:\windows\system32\ReinstallBackups
2011-07-12 20:12:29 77824 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-07-12 20:12:29 32768 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-07-12 20:12:29 225280 ----a-w- d:\program files\common files\installshield\iscript\iscript.dll
2011-07-12 20:12:29 176128 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-07-12 20:12:28 610436 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-07-12 20:12:14 -------- d-----w- d:\windows\system32\SoftwareDistribution
2011-07-12 20:10:55 36864 ----a-w- d:\windows\system32\e100bmsg.dll
2011-07-12 20:10:55 19456 ----a-w- d:\windows\system32\IntelNic.dll
2011-07-12 20:10:55 155648 -c--a-w- d:\windows\system32\dllcache\e100b325.sys
2011-07-12 20:10:55 155648 ----a-w- d:\windows\system32\drivers\e100b325.sys
2011-07-12 20:10:55 126976 ----a-w- d:\windows\system32\Prounstl.exe
2011-07-12 20:10:55 -------- d-----w- D:\drvrtmp
2011-07-12 20:09:53 -------- d-----w- d:\windows\system32\vmm32
2011-07-12 20:09:53 -------- d-----w- d:\program files\Dell
2011-07-12 19:35:08 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
2011-07-12 15:20:54 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- d:\windows\system32\dnssdX.dll
2011-06-02 14:02:05 1858944 ----a-w- d:\windows\system32\win32k.sys
.
============= FINISH: 19:50:44.96 ===============
Attached File  ark.zip   73.12KB   3 downloads
Attached File  attach.zip   3.57KB   0 downloads

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 11 August 2011 - 03:55 AM

Hi,

If help still needed post fresh dds logs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 11 August 2011 - 11:01 AM

Blade,
As per your request

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Roger at 11:53:51 on 2011-08-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2229 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\WINDOWS\stsystra.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Garmin\gStart.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
svchost.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\svchost.exe -k hpdevmgmt
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20110712210713.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - d:\program files\startnow toolbar\Toolbar32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - d:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DW6] "d:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [gStart] d:\program files\garmin\gStart.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [IAAnotif] d:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [UIUCU] d:\docume~1\roger\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [CTDVDDET] "d:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "d:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "d:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "d:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] d:\windows\UpdReg.EXE
mRun: [NeroCheck] d:\windows\system32\NeroCheck.exe
mRun: [InCD] d:\program files\ahead\incd\InCD.exe
mRun: [EM_EXEC] d:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: d:\docume~1\roger\startm~1\programs\startup\logite~1.lnk - d:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - d:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310521414171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{45E214A9-E387-4803-A1F5-777D161CB9FC} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\roger\application data\mozilla\firefox\profiles\vdwntrxa.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z064&partner_id=284&product_id=379&affiliate_id=&channel=sonic&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110803&user_guid=2D2E9E7C93444C759BA68FC85651C765&machine_id=ca708499fbed462e547ce2238ac29c69&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2011-7-12 89368]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2011-7-18 123264]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2011-8-9 12184]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McProxy;McAfee Proxy Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-12 165000]
R2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-12 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2011-7-12 148520]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2011-7-12 57432]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2011-7-12 179248]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2011-7-12 59288]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2011-7-12 337912]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S2 Toolbar Updater Service;Toolbar Updater Service;d:\program files\startnow toolbar\toolbarupdaterservice.exe --> d:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2011-7-12 85984]
.
=============== Created Last 30 ================
.
2011-08-10 05:15:49 -------- d-----w- d:\program files\Microsoft ActiveSync
2011-08-10 05:15:11 -------- d-----w- d:\windows\SHELLNEW
2011-08-09 23:17:21 10240 -c--a-w- d:\windows\system32\dllcache\compbatt.sys
2011-08-09 23:17:21 10240 ----a-w- d:\windows\system32\drivers\compbatt.sys
2011-08-09 23:17:20 20352 -c--a-w- d:\windows\system32\dllcache\hidbatt.sys
2011-08-09 23:17:20 20352 ----a-w- d:\windows\system32\drivers\hidbatt.sys
2011-08-09 23:17:20 14208 -c--a-w- d:\windows\system32\dllcache\battc.sys
2011-08-09 23:17:20 14208 ----a-w- d:\windows\system32\drivers\battc.sys
2011-08-09 18:10:35 -------- d-----w- d:\documents and settings\roger\application data\SUPERAntiSpyware.com
2011-08-09 18:10:11 -------- d-----w- d:\documents and settings\all users\application data\!SASCORE
2011-08-09 18:10:06 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-08-09 18:10:06 -------- d-----w- d:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-09 17:16:49 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2011-08-09 17:16:40 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2011-08-09 17:14:54 53248 ----a-r- d:\documents and settings\roger\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-08-09 17:13:40 12184 ----a-w- d:\windows\system32\drivers\LBeepKE.sys
2011-08-09 17:08:28 -------- d-----w- d:\documents and settings\roger\application data\Logishrd
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-03 15:34:48 -------- d-----w- d:\documents and settings\roger\application data\Easy MP3 Recorder
2011-08-03 15:34:18 -------- d-----w- d:\program files\Moozy
2011-08-03 00:00:01 -------- d-----w- d:\documents and settings\roger\local settings\application data\Garmin
2011-08-02 23:59:59 -------- d-----w- d:\documents and settings\all users\application data\Garmin
2011-08-02 23:59:58 -------- d-----w- d:\documents and settings\roger\application data\Garmin
2011-08-02 23:59:13 -------- d-----w- d:\program files\Garmin
2011-08-02 17:29:44 -------- d-----w- d:\documents and settings\all users\application data\FUJIFILM
2011-08-02 17:29:36 -------- d-----w- d:\program files\FUJIFILM
2011-07-30 01:34:33 -------- d-----w- d:\program files\iTunes
2011-07-30 01:31:07 -------- d-----w- d:\program files\Bonjour
2011-07-28 00:08:06 -------- d-----w- d:\documents and settings\roger\application data\HpUpdate
2011-07-28 00:08:03 -------- d-----w- d:\windows\Hewlett-Packard
2011-07-25 20:06:47 -------- d-----w- d:\program files\Windows Media Connect 2
2011-07-25 20:05:27 -------- d-----w- d:\windows\system32\LogFiles
2011-07-25 12:53:22 -------- d-----w- d:\documents and settings\roger\local settings\application data\PassMark
2011-07-25 12:52:44 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-07-25 12:52:44 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-07-25 12:52:42 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-07-25 12:52:41 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2011-07-25 12:52:36 -------- d-----w- d:\windows\Logs
2011-07-25 12:52:34 -------- d-----w- d:\documents and settings\all users\application data\PassMark
2011-07-25 12:52:32 -------- d-----w- d:\program files\PerformanceTest
2011-07-24 21:34:24 5632 ----a-w- d:\windows\system32\ptpusb.dll
2011-07-24 21:34:23 159232 ----a-w- d:\windows\system32\ptpusd.dll
2011-07-20 16:55:56 -------- d-----w- d:\documents and settings\roger\application data\Malwarebytes
2011-07-20 16:55:46 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 16:55:44 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-07-20 16:55:40 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-20 16:55:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 19:48:39 -------- d-----w- d:\documents and settings\roger\local settings\application data\Temp
2011-07-15 16:32:19 -------- d-----w- d:\documents and settings\roger\local settings\application data\Google
2011-07-15 14:21:12 44928 -c--a-w- d:\windows\system32\dllcache\agpcpq.sys
2011-07-15 14:20:16 19569 ----a-w- d:\windows\003157_.tmp
2011-07-15 11:40:14 -------- d-sh--w- d:\documents and settings\roger\PrivacIE
2011-07-15 11:29:05 -------- d-sh--w- d:\documents and settings\roger\IETldCache
2011-07-15 07:03:40 -------- d-----w- d:\windows\system32\XPSViewer
2011-07-15 07:03:21 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-15 07:03:07 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-15 07:03:07 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-15 07:03:07 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-15 07:03:07 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2011-07-15 07:03:07 575488 ------w- d:\windows\system32\xpsshhdr.dll
2011-07-15 07:03:07 117760 ------w- d:\windows\system32\prntvpt.dll
2011-07-15 07:03:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2011-07-15 07:03:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2011-07-15 07:00:59 -------- d-----w- d:\program files\MSXML 6.0
2011-07-15 03:09:26 -------- d-----w- d:\windows\ie8updates
2011-07-15 03:09:10 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2011-07-15 03:09:09 602112 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2011-07-15 03:09:09 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2011-07-15 03:09:09 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2011-07-15 03:09:09 1991680 -c----w- d:\windows\system32\dllcache\iertutil.dll
2011-07-15 03:09:08 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2011-07-15 03:09:08 11081728 -c----w- d:\windows\system32\dllcache\ieframe.dll
2011-07-15 03:08:31 -------- dc-h--w- d:\windows\ie8
2011-07-14 17:43:30 -------- d-----w- d:\windows\system32\appmgmt
2011-07-14 17:17:35 -------- d-----w- d:\documents and settings\roger\application data\WinFF
2011-07-14 17:17:32 -------- d-----w- d:\program files\WinFF
2011-07-13 17:52:33 274288 ----a-w- d:\windows\system32\mucltui.dll
2011-07-13 17:52:33 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
2011-07-13 17:16:41 53248 ----a-w- d:\windows\system32\atiexdxx.dll
2011-07-13 17:16:34 -------- d-----w- d:\program files\ATI Technologies
2011-07-13 17:15:07 212992 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-07-13 03:24:51 -------- d-----w- d:\documents and settings\roger\local settings\application data\FUJIFILM
2011-07-13 03:22:53 -------- d-----w- d:\documents and settings\roger\local settings\application data\Adobe
2011-07-13 03:20:46 -------- d-----w- d:\documents and settings\all users\application data\McAfee Security Scan
2011-07-13 03:20:44 -------- d-----w- d:\program files\McAfee Security Scan
2011-07-13 02:52:34 -------- d-----w- d:\program files\MSXML 4.0
2011-07-13 02:12:15 -------- d-----w- d:\windows\ServicePackFiles
2011-07-13 01:56:33 2192768 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2011-07-13 01:56:16 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2011-07-13 01:55:10 272128 -c--a-w- d:\windows\system32\dllcache\bthport.sys
2011-07-13 01:55:10 272128 ------w- d:\windows\system32\drivers\bthport.sys
2011-07-13 01:50:17 23040 ------w- d:\windows\kb913800.exe
2011-07-13 01:40:03 28552 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-07-13 01:40:03 28040 ----a-w- d:\windows\system32\mdimon.dll
2011-07-13 01:07:13 24376 ----a-w- d:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-07-13 00:42:49 -------- d-----w- d:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-13 00:27:37 -------- d-----w- d:\program files\The Weather Channel FW
2011-07-13 00:27:09 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 23:56:48 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
2011-07-12 23:56:42 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
2011-07-12 23:56:02 -------- d-----w- d:\program files\Microsoft
2011-07-12 23:55:48 -------- d-----w- d:\program files\Windows Live SkyDrive
2011-07-12 23:55:16 4927864 ----a-w- d:\program files\common files\windows live\.cache\260485b61cc40ef\Silverlight.2.0.exe
2011-07-12 23:54:16 74520 ----a-w- d:\program files\common files\windows live\.cache\20ccbfa1cc40ef\DSETUP.dll
2011-07-12 23:54:16 484632 ----a-w- d:\program files\common files\windows live\.cache\20ccbfa1cc40ef\DXSETUP.exe
2011-07-12 23:54:16 1670936 ----a-w- d:\program files\common files\windows live\.cache\20ccbfa1cc40ef\dsetup32.dll
2011-07-12 23:54:01 1013800 ----a-w- d:\program files\common files\windows live\.cache\f8ff5e421cc40ee\WindowsXP-KB954708-x86-ENU.exe
2011-07-12 23:53:54 1229688 ----a-w- d:\program files\common files\windows live\.cache\f4f704081cc40ee\wic_x86_enu.exe
2011-07-12 23:50:10 -------- d-----w- d:\program files\common files\Windows Live
2011-07-12 23:25:21 -------- d-----w- d:\documents and settings\roger\local settings\application data\Mozilla
2011-07-12 23:23:14 -------- d-----w- d:\documents and settings\roger\local settings\application data\The Weather Channel
2011-07-12 22:47:53 -------- d-----w- d:\documents and settings\roger\Downloaded Program Updates
2011-07-12 22:33:49 38229 ------w- d:\windows\system32\drivers\StMp3Rec.sys
2011-07-12 22:33:43 -------- d-----w- d:\program files\iPod
2011-07-12 22:27:00 -------- d-----w- d:\windows\Downloaded Installations
2011-07-12 22:22:24 306688 ----a-w- d:\windows\IsUninst.exe
2011-07-12 22:19:19 1228800 ------w- d:\windows\UNNMP.exe
2011-07-12 22:18:38 22848 ------w- d:\windows\system32\drivers\incdrm.sys
2011-07-12 22:18:38 1204224 ------w- d:\windows\UNMRW.exe
2011-07-12 22:18:25 1228800 ------w- d:\windows\NuNinst.exe
2011-07-12 22:18:20 85552 ------w- d:\windows\system32\drivers\incdfs.sys
2011-07-12 22:18:20 5232 ------w- d:\windows\system32\drivers\incdrec.sys
2011-07-12 22:18:20 26976 ------w- d:\windows\system32\drivers\incdpass.sys
2011-07-12 22:18:13 -------- d-----w- d:\windows\InCD
2011-07-12 22:17:51 -------- d-----w- d:\documents and settings\roger\application data\NeroVision
2011-07-12 22:17:35 1228800 ------w- d:\windows\UNNeroVision.exe
2011-07-12 22:15:32 89184 ------w- d:\windows\system32\drivers\imagedrv.sys
2011-07-12 22:15:32 57344 ------w- d:\windows\system32\ImageDrive.cpl
2011-07-12 22:14:22 38912 ----a-r- d:\windows\system32\picn20.dll
2011-07-12 22:14:04 569344 ----a-r- d:\windows\system32\imagr5.dll
2011-07-12 22:14:04 544768 ----a-r- d:\windows\system32\imagx5.dll
2011-07-12 22:14:03 283920 ----a-r- d:\windows\system32\ImagXpr5.dll
2011-07-12 22:13:54 155648 ----a-r- d:\windows\system32\NeroCheck.exe
2011-07-12 22:10:59 -------- d-----w- d:\documents and settings\all users\application data\WEBREG
2011-07-12 22:10:24 -------- d-----w- d:\documents and settings\roger\local settings\application data\HP
2011-07-12 22:09:46 16496 ----a-r- d:\windows\system32\drivers\HPZipr12.sys
2011-07-12 22:09:45 49920 ----a-r- d:\windows\system32\drivers\HPZid412.sys
2011-07-12 22:09:28 315904 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
2011-07-12 22:09:27 452408 ----a-r- d:\windows\system32\hpzids01.dll
2011-07-12 22:09:27 123904 ----a-w- d:\windows\system32\hpf3l70w.dll
2011-07-12 22:09:22 21568 ----a-r- d:\windows\system32\drivers\HPZius12.sys
2011-07-12 22:09:08 372736 ----a-r- d:\windows\system32\hppldcoi.dll
2011-07-12 22:09:08 315392 ----a-r- d:\windows\system32\hpwvst01.dll
2011-07-12 22:09:08 309760 ----a-r- d:\windows\system32\difxapi.dll
2011-07-12 22:09:07 966656 ----a-r- d:\windows\system32\hpwtiop6.dll
2011-07-12 22:09:07 716288 ----a-r- d:\windows\system32\hpwwiax7.dll
2011-07-12 21:53:17 -------- d-----w- d:\program files\common files\HP
2011-07-12 21:53:15 -------- d-----w- d:\program files\common files\Hewlett-Packard
2011-07-12 21:52:59 -------- d-----w- d:\windows\hpoj4500g510a-f
2011-07-12 21:52:17 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2011-07-12 21:52:17 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2011-07-12 21:52:15 32128 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2011-07-12 21:52:15 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2011-07-12 21:52:14 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2011-07-12 21:52:14 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2011-07-12 21:51:35 -------- d-----w- d:\program files\HP
2011-07-12 21:49:12 3495784 ----a-w- d:\windows\system32\d3dx9_33.dll
2011-07-12 21:46:57 -------- d-----w- d:\documents and settings\roger\local settings\application data\Apple
2011-07-12 21:46:47 -------- d-----w- d:\documents and settings\roger\local settings\application data\Apple Computer
2011-07-12 21:19:49 44032 ------w- d:\windows\system32\CTSVCCDA.EXE
2011-07-12 21:19:49 25088 ------w- d:\windows\system32\CTSVCCTL.EXE
2011-07-12 21:18:31 90112 ------w- d:\windows\Updreg.EXE
2011-07-12 21:17:22 3072 ----a-w- d:\windows\CTXFIRES.DLL
2011-07-12 21:17:22 11776 ----a-w- d:\windows\INRES.DLL
2011-07-12 21:17:22 10240 ----a-w- d:\windows\CTDCRES.DLL
2011-07-12 21:17:22 -------- d-----w- d:\windows\system32\Data
2011-07-12 21:14:00 77824 ------w- d:\windows\system32\ctdvda32.dll
2011-07-12 21:11:47 -------- d-----w- d:\program files\Creative
2011-07-12 21:04:20 208896 ----a-w- d:\windows\system32\nvudisp.exe
2011-07-12 21:04:20 -------- d-----w- d:\windows\nview
2011-07-12 21:03:48 208896 ----a-w- d:\windows\system32\NVUNINST.EXE
2011-07-12 21:02:05 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-07-12 21:02:05 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-07-12 20:58:00 -------- d-----w- d:\windows\system32\PreInstall
2011-07-12 20:57:59 -------- d--h--w- d:\windows\$hf_mig$
2011-07-12 20:55:38 -------- d-sh--w- d:\documents and settings\roger\UserData
2011-07-12 20:39:45 9344 ----a-w- d:\windows\system32\drivers\mfeclnk.sys
2011-07-12 20:39:42 89368 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2011-07-12 20:39:42 85984 ----a-w- d:\windows\system32\drivers\mferkdet.sys
2011-07-12 20:39:42 83688 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2011-07-12 20:39:42 59288 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2011-07-12 20:39:42 57432 ----a-w- d:\windows\system32\drivers\cfwids.sys
2011-07-12 20:39:42 337912 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2011-07-12 20:39:42 179248 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2011-07-12 20:39:41 -------- d-----w- d:\program files\common files\Mcafee
2011-07-12 20:39:40 -------- d-----w- d:\program files\McAfee.com
2011-07-12 20:39:35 -------- d-----w- d:\program files\McAfee
2011-07-12 20:28:29 148520 ----a-w- d:\windows\system32\mfevtps.exe
2011-07-12 20:23:10 729088 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-07-12 20:23:10 69715 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-07-12 20:23:10 5632 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-07-12 20:23:10 311428 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-07-12 20:23:10 266240 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-07-12 20:23:10 192512 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-07-12 20:23:10 188548 ----a-w- d:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-07-12 20:22:10 53248 ----a-w- d:\windows\system32\mhwt.dll
2011-07-12 20:22:10 37048 ----a-w- d:\windows\system32\drivers\mohfilt.sys
2011-07-12 20:22:10 172032 ----a-w- d:\windows\system32\intelmoh.dll
2011-07-12 20:22:09 647929 ----a-w- d:\windows\system32\drivers\IntelC52.sys
2011-07-12 20:22:09 61157 ----a-w- d:\windows\system32\drivers\IntelC53.sys
2011-07-12 20:22:09 1233525 ----a-w- d:\windows\system32\drivers\IntelC51.sys
2011-07-12 20:20:09 -------- d-----w- d:\documents and settings\roger\local settings\application data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2011-07-12 20:12:41 -------- d-----w- d:\windows\system32\ReinstallBackups
2011-07-12 20:12:29 77824 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-07-12 20:12:29 32768 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-07-12 20:12:29 225280 ----a-w- d:\program files\common files\installshield\iscript\iscript.dll
2011-07-12 20:12:29 176128 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-07-12 20:12:28 610436 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-07-12 20:12:14 -------- d-----w- d:\windows\system32\SoftwareDistribution
2011-07-12 20:10:55 36864 ----a-w- d:\windows\system32\e100bmsg.dll
2011-07-12 20:10:55 19456 ----a-w- d:\windows\system32\IntelNic.dll
2011-07-12 20:10:55 155648 -c--a-w- d:\windows\system32\dllcache\e100b325.sys
2011-07-12 20:10:55 155648 ----a-w- d:\windows\system32\drivers\e100b325.sys
2011-07-12 20:10:55 126976 ----a-w- d:\windows\system32\Prounstl.exe
2011-07-12 20:10:55 -------- d-----w- D:\drvrtmp
2011-07-12 20:09:53 -------- d-----w- d:\windows\system32\vmm32
2011-07-12 20:09:53 -------- d-----w- d:\program files\Dell
2011-07-12 19:35:08 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- d:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- d:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- d:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- d:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- d:\windows\system32\win32k.sys
.
============= FINISH: 11:55:31.51 ===============

Attached File  attach.zip   4.05KB   2 downloads


Thank you

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 11 August 2011 - 11:43 PM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 12 August 2011 - 12:16 PM

Blade

As per your request


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Roger at 13:04:56 on 2011-08-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2301 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Garmin\gStart.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
svchost.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\svchost.exe -k hpdevmgmt
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20110712210713.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - d:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DW6] "d:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [gStart] d:\program files\garmin\gStart.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [IAAnotif] d:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [CTDVDDET] "d:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "d:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "d:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "d:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] d:\windows\UpdReg.EXE
mRun: [NeroCheck] d:\windows\system32\NeroCheck.exe
mRun: [InCD] d:\program files\ahead\incd\InCD.exe
mRun: [EM_EXEC] d:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: d:\docume~1\roger\startm~1\programs\startup\logite~1.lnk - d:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - d:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310521414171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{45E214A9-E387-4803-A1F5-777D161CB9FC} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\roger\application data\mozilla\firefox\profiles\vdwntrxa.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z064&partner_id=284&product_id=379&affiliate_id=&channel=sonic&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110803&user_guid=2D2E9E7C93444C759BA68FC85651C765&machine_id=ca708499fbed462e547ce2238ac29c69&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2011-7-12 89368]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2011-8-9 12184]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McProxy;McAfee Proxy Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-12 165000]
R2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-12 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2011-7-12 148520]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2011-7-12 57432]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2011-7-12 179248]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2011-7-12 59288]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2011-7-12 337912]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2011-7-12 85984]
.
=============== Created Last 30 ================
.
2011-08-12 15:24:11 98816 ----a-w- d:\windows\sed.exe
2011-08-12 15:24:11 518144 ----a-w- d:\windows\SWREG.exe
2011-08-12 15:24:11 256000 ----a-w- d:\windows\PEV.exe
2011-08-12 15:24:11 208896 ----a-w- d:\windows\MBR.exe
2011-08-12 00:02:56 -------- d-----w- d:\documents and settings\roger\local settings\application data\Crystal Reports
2011-08-11 23:57:09 -------- d-----w- d:\documents and settings\roger\application data\Business Objects
2011-08-11 23:56:46 -------- d-----w- d:\documents and settings\roger\application data\Macrovision
2011-08-11 23:41:13 -------- d-----w- d:\program files\SAP BusinessObjects
2011-08-10 05:15:49 -------- d-----w- d:\program files\Microsoft ActiveSync
2011-08-10 05:15:11 -------- d-----w- d:\windows\SHELLNEW
2011-08-09 23:17:21 10240 -c--a-w- d:\windows\system32\dllcache\compbatt.sys
2011-08-09 23:17:21 10240 ----a-w- d:\windows\system32\drivers\compbatt.sys
2011-08-09 23:17:20 20352 -c--a-w- d:\windows\system32\dllcache\hidbatt.sys
2011-08-09 23:17:20 20352 ----a-w- d:\windows\system32\drivers\hidbatt.sys
2011-08-09 23:17:20 14208 -c--a-w- d:\windows\system32\dllcache\battc.sys
2011-08-09 23:17:20 14208 ----a-w- d:\windows\system32\drivers\battc.sys
2011-08-09 18:10:35 -------- d-----w- d:\documents and settings\roger\application data\SUPERAntiSpyware.com
2011-08-09 18:10:11 -------- d-----w- d:\documents and settings\all users\application data\!SASCORE
2011-08-09 18:10:06 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-08-09 18:10:06 -------- d-----w- d:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-09 17:16:49 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2011-08-09 17:16:40 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2011-08-09 17:14:54 53248 ----a-r- d:\documents and settings\roger\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-08-09 17:13:40 12184 ----a-w- d:\windows\system32\drivers\LBeepKE.sys
2011-08-09 17:08:28 -------- d-----w- d:\documents and settings\roger\application data\Logishrd
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-03 15:34:48 -------- d-----w- d:\documents and settings\roger\application data\Easy MP3 Recorder
2011-08-03 15:34:18 -------- d-----w- d:\program files\Moozy
2011-08-03 00:00:01 -------- d-----w- d:\documents and settings\roger\local settings\application data\Garmin
2011-08-02 23:59:59 -------- d-----w- d:\documents and settings\all users\application data\Garmin
2011-08-02 23:59:58 -------- d-----w- d:\documents and settings\roger\application data\Garmin
2011-08-02 23:59:13 -------- d-----w- d:\program files\Garmin
2011-08-02 17:29:44 -------- d-----w- d:\documents and settings\all users\application data\FUJIFILM
2011-08-02 17:29:36 -------- d-----w- d:\program files\FUJIFILM
2011-07-30 01:34:33 -------- d-----w- d:\program files\iTunes
2011-07-30 01:31:07 -------- d-----w- d:\program files\Bonjour
2011-07-28 00:08:06 -------- d-----w- d:\documents and settings\roger\application data\HpUpdate
2011-07-28 00:08:03 -------- d-----w- d:\windows\Hewlett-Packard
2011-07-25 20:06:47 -------- d-----w- d:\program files\Windows Media Connect 2
2011-07-25 20:05:27 -------- d-----w- d:\windows\system32\LogFiles
2011-07-25 12:53:22 -------- d-----w- d:\documents and settings\roger\local settings\application data\PassMark
2011-07-25 12:52:44 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-07-25 12:52:44 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-07-25 12:52:42 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-07-25 12:52:41 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2011-07-25 12:52:36 -------- d-----w- d:\windows\Logs
2011-07-25 12:52:34 -------- d-----w- d:\documents and settings\all users\application data\PassMark
2011-07-25 12:52:32 -------- d-----w- d:\program files\PerformanceTest
2011-07-24 21:34:24 5632 ----a-w- d:\windows\system32\ptpusb.dll
2011-07-24 21:34:23 159232 ----a-w- d:\windows\system32\ptpusd.dll
2011-07-20 16:55:56 -------- d-----w- d:\documents and settings\roger\application data\Malwarebytes
2011-07-20 16:55:46 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 16:55:44 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-07-20 16:55:40 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-20 16:55:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 19:48:39 -------- d-----w- d:\documents and settings\roger\local settings\application data\Temp
2011-07-15 16:32:19 -------- d-----w- d:\documents and settings\roger\local settings\application data\Google
2011-07-15 14:21:12 44928 -c--a-w- d:\windows\system32\dllcache\agpcpq.sys
2011-07-15 14:20:16 19569 ----a-w- d:\windows\003157_.tmp
2011-07-15 11:40:14 -------- d-sh--w- d:\documents and settings\roger\PrivacIE
2011-07-15 11:29:05 -------- d-sh--w- d:\documents and settings\roger\IETldCache
2011-07-15 07:03:40 -------- d-----w- d:\windows\system32\XPSViewer
2011-07-15 07:03:21 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-15 07:03:07 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-15 07:03:07 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-15 07:03:07 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-15 07:03:07 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2011-07-15 07:03:07 575488 ------w- d:\windows\system32\xpsshhdr.dll
2011-07-15 07:03:07 117760 ------w- d:\windows\system32\prntvpt.dll
2011-07-15 07:03:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2011-07-15 07:03:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2011-07-15 07:00:59 -------- d-----w- d:\program files\MSXML 6.0
2011-07-15 03:09:26 -------- d-----w- d:\windows\ie8updates
2011-07-15 03:09:10 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2011-07-15 03:09:09 602112 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2011-07-15 03:09:09 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2011-07-15 03:09:09 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2011-07-15 03:09:09 1991680 -c----w- d:\windows\system32\dllcache\iertutil.dll
2011-07-15 03:09:08 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2011-07-15 03:09:08 11081728 -c----w- d:\windows\system32\dllcache\ieframe.dll
2011-07-15 03:08:31 -------- dc-h--w- d:\windows\ie8
2011-07-14 17:43:30 -------- d-----w- d:\windows\system32\appmgmt
2011-07-14 17:17:35 -------- d-----w- d:\documents and settings\roger\application data\WinFF
2011-07-14 17:17:32 -------- d-----w- d:\program files\WinFF
2011-07-13 17:52:33 274288 ----a-w- d:\windows\system32\mucltui.dll
2011-07-13 17:52:33 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
2011-07-13 17:16:41 53248 ----a-w- d:\windows\system32\atiexdxx.dll
2011-07-13 17:16:34 -------- d-----w- d:\program files\ATI Technologies
2011-07-13 17:15:07 212992 ----a-w- d:\program files\common files\installshield\engine\6\intel 32\ILog.dll
.
==================== Find3M ====================
.
2011-08-11 18:01:33 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-12 21:01:54 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-07-12 21:01:54 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-07-12 15:20:54 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- d:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- d:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- d:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- d:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- d:\windows\system32\win32k.sys
.
============= FINISH: 13:06:00.78 ===============



ComboFix 11-08-12.01 - Roger 08/12/2011 12:50:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2193 [GMT -4:00]
Running from: d:\documents and settings\Roger\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
H:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Toolbar_Updater_Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-12 00:02 . 2011-08-12 00:02 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Crystal Reports
2011-08-11 23:57 . 2011-08-11 23:57 -------- d-----w- d:\documents and settings\Roger\Application Data\Business Objects
2011-08-11 23:56 . 2011-08-11 23:56 -------- d-----w- d:\documents and settings\Roger\Application Data\Macrovision
2011-08-11 23:54 . 2011-08-11 23:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Macrovision
2011-08-11 23:41 . 2011-08-12 00:53 -------- d-----w- d:\program files\SAP BusinessObjects
2011-08-10 05:15 . 2011-08-10 05:15 -------- d-----w- d:\program files\Microsoft ActiveSync
2011-08-10 05:15 . 2011-08-10 05:15 -------- d-----w- d:\windows\SHELLNEW
2011-08-10 05:15 . 2011-08-10 05:15 -------- d-----w- d:\program files\Microsoft.NET
2011-08-09 23:17 . 2008-04-14 04:06 10240 -c--a-w- d:\windows\system32\dllcache\compbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 10240 ----a-w- d:\windows\system32\drivers\compbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 20352 -c--a-w- d:\windows\system32\dllcache\hidbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 20352 ----a-w- d:\windows\system32\drivers\hidbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 14208 -c--a-w- d:\windows\system32\dllcache\battc.sys
2011-08-09 23:17 . 2008-04-14 04:06 14208 ----a-w- d:\windows\system32\drivers\battc.sys
2011-08-09 18:10 . 2011-08-09 18:10 -------- d-----w- d:\documents and settings\Roger\Application Data\SUPERAntiSpyware.com
2011-08-09 18:10 . 2011-08-09 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\!SASCORE
2011-08-09 18:10 . 2011-08-11 18:06 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-08-09 18:10 . 2011-08-09 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-09 17:16 . 2011-08-09 23:14 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2011-08-09 17:16 . 2008-11-07 22:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2011-08-09 17:15 . 2011-08-09 17:15 -------- d-----w- d:\documents and settings\Roger\Application Data\Leadertech
2011-08-09 17:14 . 2011-08-09 17:14 53248 ----a-r- d:\documents and settings\Roger\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-09 17:13 . 2011-04-30 11:59 12184 ----a-w- d:\windows\system32\drivers\LBeepKE.sys
2011-08-09 17:12 . 2011-08-09 17:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Logishrd
2011-08-09 17:11 . 2011-08-09 17:14 -------- d-----w- d:\program files\Common Files\Logishrd
2011-08-09 17:08 . 2011-08-09 17:15 -------- d-----w- d:\documents and settings\Roger\Application Data\Logitech
2011-08-09 17:08 . 2011-08-09 17:08 -------- d-----w- d:\documents and settings\Roger\Application Data\Logishrd
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-06 01:33 . 2011-08-06 01:35 -------- d-----w- d:\program files\QuickTime
2011-08-06 01:22 . 2011-08-06 01:22 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-08-03 15:34 . 2011-08-03 15:36 -------- d-----w- d:\documents and settings\Roger\Application Data\Easy MP3 Recorder
2011-08-03 15:34 . 2011-08-03 15:40 -------- d-----w- d:\program files\Moozy
2011-08-03 00:00 . 2011-08-03 00:00 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Garmin
2011-08-02 23:59 . 2011-08-03 00:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Garmin
2011-08-02 23:59 . 2011-08-03 00:00 -------- d-----w- d:\documents and settings\Roger\Application Data\Garmin
2011-08-02 23:59 . 2011-08-02 23:59 -------- d-----w- d:\program files\DIFX
2011-08-02 23:59 . 2011-08-03 00:13 -------- d-----w- d:\program files\Garmin
2011-08-02 17:29 . 2011-08-02 17:29 -------- d-----w- d:\documents and settings\All Users\Application Data\FUJIFILM
2011-08-02 17:29 . 2011-08-02 17:29 -------- d-----w- d:\program files\FUJIFILM
2011-07-30 01:34 . 2011-07-30 01:35 -------- d-----w- d:\program files\iTunes
2011-07-30 01:31 . 2011-07-30 01:31 -------- d-----w- d:\program files\Bonjour
2011-07-28 17:58 . 2008-04-14 09:42 26624 ----a-w- d:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-07-28 00:08 . 2011-08-10 23:52 -------- d-----w- d:\documents and settings\Roger\Application Data\HpUpdate
2011-07-28 00:08 . 2011-07-28 00:08 -------- d-----w- d:\windows\Hewlett-Packard
2011-07-26 00:20 . 2011-07-26 00:20 -------- d-----w- d:\documents and settings\Administrator
2011-07-25 20:06 . 2011-07-25 20:06 -------- d-----w- d:\program files\Windows Media Connect 2
2011-07-25 20:05 . 2011-07-25 20:06 -------- d-----w- d:\windows\system32\drivers\UMDF
2011-07-25 20:05 . 2011-07-25 20:05 -------- d-----w- d:\windows\system32\LogFiles
2011-07-25 12:53 . 2011-07-25 12:53 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\PassMark
2011-07-25 12:52 . 2008-07-12 12:18 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-07-25 12:52 . 2008-07-12 12:18 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-07-25 12:52 . 2008-07-12 12:18 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-07-25 12:52 . 2006-09-28 20:05 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2011-07-25 12:52 . 2011-07-25 12:52 -------- d-----w- d:\windows\Logs
2011-07-25 12:52 . 2011-07-25 12:52 -------- d-----w- d:\documents and settings\All Users\Application Data\PassMark
2011-07-25 12:52 . 2011-08-02 02:30 -------- d-----w- d:\program files\PerformanceTest
2011-07-24 21:47 . 2011-07-24 21:47 -------- d-----w- d:\documents and settings\Roger\Application Data\FUJIFILM
2011-07-24 21:34 . 2001-08-18 02:36 5632 ----a-w- d:\windows\system32\ptpusb.dll
2011-07-24 21:34 . 2008-04-14 09:42 159232 ----a-w- d:\windows\system32\ptpusd.dll
2011-07-20 16:55 . 2011-07-20 16:55 -------- d-----w- d:\documents and settings\Roger\Application Data\Malwarebytes
2011-07-20 16:55 . 2011-07-06 23:52 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 16:55 . 2011-07-20 16:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-20 16:55 . 2011-07-06 23:52 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-20 16:55 . 2011-07-20 17:07 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 19:48 . 2011-07-18 19:48 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Temp
2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- d:\windows\Sun
2011-07-18 15:14 . 2011-07-18 15:14 -------- d-----w- d:\documents and settings\LocalService\Application Data\McAfee
2011-07-15 16:32 . 2011-07-15 16:34 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Google
2011-07-15 16:32 . 2011-07-15 16:34 -------- d-----w- d:\program files\Google
2011-07-15 14:21 . 2008-04-14 09:41 4255 -c--a-w- d:\windows\system32\dllcache\adv01nt5.dll
2011-07-15 14:20 . 2006-12-29 04:31 19569 ----a-w- d:\windows\003157_.tmp
2011-07-15 12:16 . 2011-07-15 12:16 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache
2011-07-15 11:40 . 2011-07-15 11:40 -------- d-sh--w- d:\documents and settings\Roger\PrivacIE
2011-07-15 11:29 . 2011-07-15 11:29 -------- d-sh--w- d:\documents and settings\Roger\IETldCache
2011-07-15 07:03 . 2011-07-15 07:03 -------- d-----w- d:\windows\system32\XPSViewer
2011-07-15 07:03 . 2011-07-15 07:03 -------- d-----w- d:\program files\MSBuild
2011-07-15 07:03 . 2011-07-15 07:03 -------- d-----w- d:\program files\Reference Assemblies
2011-07-15 07:03 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-15 07:03 . 2008-07-06 12:06 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-15 07:03 . 2008-07-06 12:06 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2011-07-15 07:03 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\xpsshhdr.dll
2011-07-15 07:03 . 2008-07-06 12:06 117760 ------w- d:\windows\system32\prntvpt.dll
2011-07-15 07:03 . 2008-07-06 10:50 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-15 07:03 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-15 07:03 . 2008-07-06 12:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2011-07-15 07:03 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
2011-07-15 07:00 . 2011-07-15 07:00 -------- d-----w- d:\program files\MSXML 6.0
2011-07-15 03:09 . 2011-06-23 18:36 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2011-07-15 03:09 . 2011-06-23 18:36 602112 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2011-07-15 03:09 . 2011-06-23 18:36 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2011-07-15 03:09 . 2011-06-23 18:36 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2011-07-15 03:09 . 2011-06-23 18:36 1991680 -c----w- d:\windows\system32\dllcache\iertutil.dll
2011-07-15 03:09 . 2011-06-23 18:36 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2011-07-15 03:09 . 2011-06-23 18:36 11081728 -c----w- d:\windows\system32\dllcache\ieframe.dll
2011-07-15 03:08 . 2011-07-15 03:09 -------- dc-h--w- d:\windows\ie8
2011-07-14 17:17 . 2011-07-14 17:17 -------- d-----w- d:\documents and settings\Roger\Application Data\WinFF
2011-07-14 17:17 . 2011-07-14 17:17 -------- d-----w- d:\program files\WinFF
2011-07-13 17:52 . 2009-08-06 23:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2011-07-13 17:16 . 2003-08-14 14:07 53248 ----a-w- d:\windows\system32\atiexdxx.dll
2011-07-13 17:16 . 2011-07-13 17:16 -------- d-----w- d:\program files\ATI Technologies
2011-07-13 17:15 . 2005-08-06 01:05 212992 ----a-w- d:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 18:01 . 2011-07-13 00:27 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 11:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-12 21:01 . 2011-07-12 21:02 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-07-12 21:01 . 2011-07-12 21:02 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- d:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 11:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- d:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2011-07-12 18:14 139656 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 11:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 11:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 11:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 11:00 385024 ----a-w- d:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 11:00 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-10 11:00 1858944 ----a-w- d:\windows\system32\win32k.sys
2011-07-08 07:16 . 2011-07-12 23:19 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"gStart"="d:\program files\Garmin\gStart.exe" [2008-08-13 1891416]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-11 4600704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="d:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"CTDVDDET"="d:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="d:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="d:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="d:\program files\Ahead\InCD\InCD.exe" [2003-06-23 1134642]
"EM_EXEC"="d:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 35328]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
.
d:\documents and settings\Roger\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - d:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"d:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [7/12/2011 4:39 PM 89368]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [8/9/2011 1:13 PM 12184]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2011 12:55 PM 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/12/2011 4:39 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/12/2011 4:39 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/12/2011 4:39 PM 214904]
R2 mfefire;McAfee Firewall Core Service;d:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/12/2011 4:39 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [7/12/2011 4:28 PM 148520]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [7/12/2011 4:39 PM 57432]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [7/20/2011 12:55 PM 22712]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [7/12/2011 4:39 PM 337912]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [7/12/2011 4:39 PM 83688]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 12:32 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 12:32 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [7/12/2011 4:39 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [7/12/2011 4:39 PM 85984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-12 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 16:32]
.
2011-08-12 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 16:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
FF - ProfilePath - d:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\vdwntrxa.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z064&partner_id=284&product_id=379&affiliate_id=&channel=sonic&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110803&user_guid=2D2E9E7C93444C759BA68FC85651C765&machine_id=ca708499fbed462e547ce2238ac29c69&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Yahoo! Toolbar - d:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\WININET.dll
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1360)
d:\windows\system32\WININET.dll
d:\progra~1\mcafee\sitead~1\saHook.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\IEFRAME.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-12 12:57:29
ComboFix-quarantined-files.txt 2011-08-12 16:57
.
Pre-Run: 84,136,222,720 bytes free
Post-Run: 84,064,731,136 bytes free
.
- - End Of File - - 1766348DD3E86AE9800ABF49E3DD4852

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 13 August 2011 - 03:32 AM

Hello again,


Open notepad and copy/paste the text in the quotebox below into it:

Firefox::
FF - ProfilePath - d:\documents and settings\roger\application data\mozilla\firefox\profiles\vdwntrxa.default\
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z064&partner_id=284&product_id=379&affiliate_id=&channel=sonic&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110803&user_guid=2D2E9E7C93444C759BA68FC85651C765&machine_id=ca708499fbed462e547ce2238ac29c69&browser=FF&os=win&os_version=5.1-x86-SP3&q=


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall this old Java:
Java 2 Runtime Environment, SE v1.4.2_03


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Do you still get those notifications about blocked IPs with both of your browsers?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 15 August 2011 - 10:06 AM

Blade,
Here are the logs you requested, ESET didn't find anything. I removed the old Java program. Still getting about 6 notifications a day, but only when no one is on computer. I really appreciate you taking the time to assist me.



ComboFix 11-08-15.06 - Roger 08/14/2011 22:09:15.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2342 [GMT -4:00]
Running from: d:\documents and settings\Roger\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Roger\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-14 23:11 . 2011-08-14 23:11 -------- d-----w- d:\program files\ESET
2011-08-14 19:58 . 2011-08-14 19:58 -------- d-sh--w- d:\documents and settings\Roger\IECompatCache
2011-08-12 00:02 . 2011-08-12 00:02 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Crystal Reports
2011-08-11 23:57 . 2011-08-11 23:57 -------- d-----w- d:\documents and settings\Roger\Application Data\Business Objects
2011-08-11 23:56 . 2011-08-11 23:56 -------- d-----w- d:\documents and settings\Roger\Application Data\Macrovision
2011-08-11 23:54 . 2011-08-11 23:54 -------- d-----w- d:\documents and settings\All Users\Application Data\Macrovision
2011-08-11 23:41 . 2011-08-12 00:53 -------- d-----w- d:\program files\SAP BusinessObjects
2011-08-10 05:15 . 2011-08-10 05:15 -------- d-----w- d:\program files\Microsoft ActiveSync
2011-08-10 05:15 . 2011-08-10 05:15 -------- d-----w- d:\windows\SHELLNEW
2011-08-10 05:15 . 2011-08-10 05:15 -------- d-----w- d:\program files\Microsoft.NET
2011-08-09 23:17 . 2008-04-14 04:06 10240 -c--a-w- d:\windows\system32\dllcache\compbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 10240 ----a-w- d:\windows\system32\drivers\compbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 20352 -c--a-w- d:\windows\system32\dllcache\hidbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 20352 ----a-w- d:\windows\system32\drivers\hidbatt.sys
2011-08-09 23:17 . 2008-04-14 04:06 14208 -c--a-w- d:\windows\system32\dllcache\battc.sys
2011-08-09 23:17 . 2008-04-14 04:06 14208 ----a-w- d:\windows\system32\drivers\battc.sys
2011-08-09 18:10 . 2011-08-09 18:10 -------- d-----w- d:\documents and settings\Roger\Application Data\SUPERAntiSpyware.com
2011-08-09 18:10 . 2011-08-09 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\!SASCORE
2011-08-09 18:10 . 2011-08-11 18:06 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-08-09 18:10 . 2011-08-09 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-09 17:16 . 2011-08-09 23:14 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2011-08-09 17:16 . 2008-11-07 22:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2011-08-09 17:15 . 2011-08-09 17:15 -------- d-----w- d:\documents and settings\Roger\Application Data\Leadertech
2011-08-09 17:14 . 2011-08-09 17:14 53248 ----a-r- d:\documents and settings\Roger\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-09 17:13 . 2011-04-30 11:59 12184 ----a-w- d:\windows\system32\drivers\LBeepKE.sys
2011-08-09 17:12 . 2011-08-09 17:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Logishrd
2011-08-09 17:11 . 2011-08-09 17:14 -------- d-----w- d:\program files\Common Files\Logishrd
2011-08-09 17:08 . 2011-08-09 17:15 -------- d-----w- d:\documents and settings\Roger\Application Data\Logitech
2011-08-09 17:08 . 2011-08-09 17:08 -------- d-----w- d:\documents and settings\Roger\Application Data\Logishrd
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-06 01:35 . 2011-08-06 01:35 159744 ----a-w- d:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-06 01:33 . 2011-08-06 01:35 -------- d-----w- d:\program files\QuickTime
2011-08-06 01:22 . 2011-08-06 01:22 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-08-03 15:34 . 2011-08-03 15:36 -------- d-----w- d:\documents and settings\Roger\Application Data\Easy MP3 Recorder
2011-08-03 15:34 . 2011-08-03 15:40 -------- d-----w- d:\program files\Moozy
2011-08-03 00:00 . 2011-08-03 00:00 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Garmin
2011-08-02 23:59 . 2011-08-03 00:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Garmin
2011-08-02 23:59 . 2011-08-03 00:00 -------- d-----w- d:\documents and settings\Roger\Application Data\Garmin
2011-08-02 23:59 . 2011-08-02 23:59 -------- d-----w- d:\program files\DIFX
2011-08-02 23:59 . 2011-08-03 00:13 -------- d-----w- d:\program files\Garmin
2011-08-02 17:29 . 2011-08-02 17:29 -------- d-----w- d:\documents and settings\All Users\Application Data\FUJIFILM
2011-08-02 17:29 . 2011-08-02 17:29 -------- d-----w- d:\program files\FUJIFILM
2011-07-30 01:34 . 2011-07-30 01:35 -------- d-----w- d:\program files\iTunes
2011-07-30 01:31 . 2011-07-30 01:31 -------- d-----w- d:\program files\Bonjour
2011-07-28 17:58 . 2008-04-14 09:42 26624 ----a-w- d:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-07-28 00:08 . 2011-08-10 23:52 -------- d-----w- d:\documents and settings\Roger\Application Data\HpUpdate
2011-07-28 00:08 . 2011-07-28 00:08 -------- d-----w- d:\windows\Hewlett-Packard
2011-07-26 00:20 . 2011-07-26 00:20 -------- d-----w- d:\documents and settings\Administrator
2011-07-25 20:06 . 2011-07-25 20:06 -------- d-----w- d:\program files\Windows Media Connect 2
2011-07-25 20:05 . 2011-07-25 20:06 -------- d-----w- d:\windows\system32\drivers\UMDF
2011-07-25 20:05 . 2011-07-25 20:05 -------- d-----w- d:\windows\system32\LogFiles
2011-07-25 12:53 . 2011-07-25 12:53 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\PassMark
2011-07-25 12:52 . 2008-07-12 12:18 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-07-25 12:52 . 2008-07-12 12:18 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-07-25 12:52 . 2008-07-12 12:18 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-07-25 12:52 . 2006-09-28 20:05 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2011-07-25 12:52 . 2011-07-25 12:52 -------- d-----w- d:\windows\Logs
2011-07-25 12:52 . 2011-07-25 12:52 -------- d-----w- d:\documents and settings\All Users\Application Data\PassMark
2011-07-25 12:52 . 2011-08-02 02:30 -------- d-----w- d:\program files\PerformanceTest
2011-07-24 21:47 . 2011-07-24 21:47 -------- d-----w- d:\documents and settings\Roger\Application Data\FUJIFILM
2011-07-24 21:34 . 2001-08-18 02:36 5632 ----a-w- d:\windows\system32\ptpusb.dll
2011-07-24 21:34 . 2008-04-14 09:42 159232 ----a-w- d:\windows\system32\ptpusd.dll
2011-07-20 16:55 . 2011-07-20 16:55 -------- d-----w- d:\documents and settings\Roger\Application Data\Malwarebytes
2011-07-20 16:55 . 2011-07-06 23:52 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 16:55 . 2011-07-20 16:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-20 16:55 . 2011-07-06 23:52 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-20 16:55 . 2011-07-20 17:07 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 19:48 . 2011-07-18 19:48 -------- d-----w- d:\documents and settings\Roger\Local Settings\Application Data\Temp
2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- d:\windows\Sun
2011-07-18 15:14 . 2011-07-18 15:14 -------- d-----w- d:\documents and settings\LocalService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 18:01 . 2011-07-13 00:27 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 11:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-12 21:01 . 2011-07-12 21:02 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-07-12 21:01 . 2011-07-12 21:02 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- d:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 11:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- d:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2011-07-12 18:14 139656 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 11:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 11:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 11:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 11:00 385024 ----a-w- d:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 11:00 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-10 11:00 1858944 ----a-w- d:\windows\system32\win32k.sys
2011-07-08 07:16 . 2011-07-12 23:19 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_16.55.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-14 23:00 . 2011-08-14 23:00 16384 d:\windows\Temp\Perflib_Perfdata_a78.dat
+ 2001-08-17 13:48 . 2001-08-17 17:48 12160 d:\windows\system32\drivers\mouhid.sys
- 2001-08-17 13:48 . 2004-08-10 11:00 12160 d:\windows\system32\drivers\mouhid.sys
- 2011-07-12 18:22 . 2011-08-12 11:16 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-07-12 18:22 . 2011-08-14 22:12 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-07-12 20:20 . 2011-07-12 21:01 145184 d:\windows\system32\javaw.exe
- 2011-07-12 20:20 . 2003-11-19 20:36 145184 d:\windows\system32\javaw.exe
+ 2011-07-12 20:20 . 2011-07-12 21:01 145184 d:\windows\system32\java.exe
- 2011-07-12 20:20 . 2003-11-19 20:36 145184 d:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"gStart"="d:\program files\Garmin\gStart.exe" [2008-08-13 1891416]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-11 4600704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="d:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"mcui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"CTDVDDET"="d:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="d:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="d:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="d:\program files\Ahead\InCD\InCD.exe" [2003-06-23 1134642]
"EM_EXEC"="d:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 35328]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
.
d:\documents and settings\Roger\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - d:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"d:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [7/12/2011 4:39 PM 89368]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [8/9/2011 1:13 PM 12184]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2011 12:55 PM 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/12/2011 4:39 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/12/2011 4:39 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/12/2011 4:39 PM 214904]
R2 mfefire;McAfee Firewall Core Service;d:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/12/2011 4:39 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [7/12/2011 4:28 PM 148520]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [7/12/2011 4:39 PM 57432]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [7/20/2011 12:55 PM 22712]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [7/12/2011 4:39 PM 337912]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [7/12/2011 4:39 PM 83688]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 12:32 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [7/15/2011 12:32 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [7/12/2011 4:39 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [7/12/2011 4:39 PM 85984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-14 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 16:32]
.
2011-08-15 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-07-15 16:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
FF - ProfilePath - d:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\vdwntrxa.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 22:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\WININET.dll
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(5624)
d:\windows\system32\WININET.dll
d:\progra~1\mcafee\sitead~1\saHook.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\IEFRAME.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-14 22:16:28
ComboFix-quarantined-files.txt 2011-08-15 02:16
ComboFix2.txt 2011-08-14 22:53
ComboFix3.txt 2011-08-12 16:57
.
Pre-Run: 84,202,983,424 bytes free
Post-Run: 84,167,233,536 bytes free
.
- - End Of File - - 46149023CB8776B09D7176C26BD07EFC




.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Roger at 10:54:43 on 2011-08-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2438 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\Program Files\Ahead\InCD\InCD.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
D:\Program Files\Garmin\gStart.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
svchost.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\svchost.exe -k hpdevmgmt
D:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20110712210713.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - d:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DW6] "d:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [gStart] d:\program files\garmin\gStart.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [ehTray] d:\windows\ehome\ehtray.exe
mRun: [IAAnotif] d:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [CTDVDDET] "d:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "d:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "d:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "d:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] d:\windows\UpdReg.EXE
mRun: [NeroCheck] d:\windows\system32\NeroCheck.exe
mRun: [InCD] d:\program files\ahead\incd\InCD.exe
mRun: [EM_EXEC] d:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: d:\docume~1\roger\startm~1\programs\startup\logite~1.lnk - d:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - d:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310521414171
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{45E214A9-E387-4803-A1F5-777D161CB9FC} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\roger\application data\mozilla\firefox\profiles\vdwntrxa.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2011-7-12 89368]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2011-8-9 12184]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McProxy;McAfee Proxy Service;d:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-12 165000]
R2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-12 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2011-7-12 148520]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2011-7-12 57432]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2011-7-12 179248]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2011-7-12 59288]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2011-7-12 337912]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-7-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2011-7-12 83688]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2011-7-12 85984]
.
=============== Created Last 30 ================
.
2011-08-14 23:11:33 -------- d-----w- d:\program files\ESET
2011-08-14 19:58:23 -------- d-sh--w- d:\documents and settings\roger\IECompatCache
2011-08-12 15:24:11 98816 ----a-w- d:\windows\sed.exe
2011-08-12 15:24:11 518144 ----a-w- d:\windows\SWREG.exe
2011-08-12 15:24:11 256000 ----a-w- d:\windows\PEV.exe
2011-08-12 15:24:11 208896 ----a-w- d:\windows\MBR.exe
2011-08-12 00:02:56 -------- d-----w- d:\documents and settings\roger\local settings\application data\Crystal Reports
2011-08-11 23:57:09 -------- d-----w- d:\documents and settings\roger\application data\Business Objects
2011-08-11 23:56:46 -------- d-----w- d:\documents and settings\roger\application data\Macrovision
2011-08-11 23:41:13 -------- d-----w- d:\program files\SAP BusinessObjects
2011-08-10 05:15:49 -------- d-----w- d:\program files\Microsoft ActiveSync
2011-08-10 05:15:11 -------- d-----w- d:\windows\SHELLNEW
2011-08-09 23:17:21 10240 -c--a-w- d:\windows\system32\dllcache\compbatt.sys
2011-08-09 23:17:21 10240 ----a-w- d:\windows\system32\drivers\compbatt.sys
2011-08-09 23:17:20 20352 -c--a-w- d:\windows\system32\dllcache\hidbatt.sys
2011-08-09 23:17:20 20352 ----a-w- d:\windows\system32\drivers\hidbatt.sys
2011-08-09 23:17:20 14208 -c--a-w- d:\windows\system32\dllcache\battc.sys
2011-08-09 23:17:20 14208 ----a-w- d:\windows\system32\drivers\battc.sys
2011-08-09 18:10:35 -------- d-----w- d:\documents and settings\roger\application data\SUPERAntiSpyware.com
2011-08-09 18:10:11 -------- d-----w- d:\documents and settings\all users\application data\!SASCORE
2011-08-09 18:10:06 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-08-09 18:10:06 -------- d-----w- d:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-09 17:16:49 16400 ----a-w- d:\windows\system32\drivers\LNonPnP.sys
2011-08-09 17:16:40 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2011-08-09 17:14:54 53248 ----a-r- d:\documents and settings\roger\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-08-09 17:13:40 12184 ----a-w- d:\windows\system32\drivers\LBeepKE.sys
2011-08-09 17:08:28 -------- d-----w- d:\documents and settings\roger\application data\Logishrd
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-06 01:35:01 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-03 15:34:48 -------- d-----w- d:\documents and settings\roger\application data\Easy MP3 Recorder
2011-08-03 15:34:18 -------- d-----w- d:\program files\Moozy
2011-08-03 00:00:01 -------- d-----w- d:\documents and settings\roger\local settings\application data\Garmin
2011-08-02 23:59:59 -------- d-----w- d:\documents and settings\all users\application data\Garmin
2011-08-02 23:59:58 -------- d-----w- d:\documents and settings\roger\application data\Garmin
2011-08-02 23:59:13 -------- d-----w- d:\program files\Garmin
2011-08-02 17:29:44 -------- d-----w- d:\documents and settings\all users\application data\FUJIFILM
2011-08-02 17:29:36 -------- d-----w- d:\program files\FUJIFILM
2011-07-30 01:34:33 -------- d-----w- d:\program files\iTunes
2011-07-30 01:31:07 -------- d-----w- d:\program files\Bonjour
2011-07-28 00:08:06 -------- d-----w- d:\documents and settings\roger\application data\HpUpdate
2011-07-28 00:08:03 -------- d-----w- d:\windows\Hewlett-Packard
2011-07-25 20:06:47 -------- d-----w- d:\program files\Windows Media Connect 2
2011-07-25 20:05:27 -------- d-----w- d:\windows\system32\LogFiles
2011-07-25 12:53:22 -------- d-----w- d:\documents and settings\roger\local settings\application data\PassMark
2011-07-25 12:52:44 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2011-07-25 12:52:44 1493528 ----a-w- d:\windows\system32\D3DCompiler_39.dll
2011-07-25 12:52:42 3851784 ----a-w- d:\windows\system32\D3DX9_39.dll
2011-07-25 12:52:41 2414360 ----a-w- d:\windows\system32\d3dx9_31.dll
2011-07-25 12:52:36 -------- d-----w- d:\windows\Logs
2011-07-25 12:52:34 -------- d-----w- d:\documents and settings\all users\application data\PassMark
2011-07-25 12:52:32 -------- d-----w- d:\program files\PerformanceTest
2011-07-24 21:34:24 5632 ----a-w- d:\windows\system32\ptpusb.dll
2011-07-24 21:34:23 159232 ----a-w- d:\windows\system32\ptpusd.dll
2011-07-20 16:55:56 -------- d-----w- d:\documents and settings\roger\application data\Malwarebytes
2011-07-20 16:55:46 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 16:55:44 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-07-20 16:55:40 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-20 16:55:39 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-07-18 19:48:39 -------- d-----w- d:\documents and settings\roger\local settings\application data\Temp
.
==================== Find3M ====================
.
2011-08-11 18:01:33 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-12 21:01:54 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-07-12 21:01:54 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-07-12 15:20:54 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- d:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- d:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- d:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- d:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- d:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- d:\windows\system32\win32k.sys
.
============= FINISH: 10:55:38.39 ===============

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 15 August 2011 - 03:24 PM

Still getting about 6 notifications a day, but only when no one is on computer.

Is it always the same IP? Are those popping up when no one is on computer but browser instance (which browser) is left running or even when no instance is running?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 15 August 2011 - 06:31 PM

Blade,

Here is today's log...no one was on the computer prior to 0630. Both browsers were closed. Today was the first day I've noticed an incoming block.

I do appreciate the help...I don't understand exactly what all this means.


00:41:49 Roger IP-BLOCK 222.186.25.135 (Type: outgoing)
00:41:50 Roger IP-BLOCK 222.186.25.135 (Type: outgoing)
00:41:51 Roger IP-BLOCK 222.186.25.135 (Type: outgoing)
03:05:50 Roger IP-BLOCK 222.186.42.172 (Type: outgoing)
03:05:51 Roger IP-BLOCK 222.186.42.172 (Type: outgoing)
03:05:53 Roger IP-BLOCK 222.186.42.172 (Type: outgoing)
05:02:45 Roger IP-BLOCK 218.10.17.28 (Type: outgoing)
05:02:46 Roger IP-BLOCK 218.10.17.28 (Type: outgoing)
05:02:48 Roger IP-BLOCK 218.10.17.28 (Type: outgoing)
06:08:23 Roger IP-BLOCK 109.235.48.246 (Type: incoming)
06:18:34 Roger IP-BLOCK 109.235.48.246 (Type: incoming)
10:49:40 Roger IP-BLOCK 208.91.207.10 (Type: outgoing)
10:49:43 Roger IP-BLOCK 208.91.207.10 (Type: outgoing)
10:49:49 Roger IP-BLOCK 208.91.207.10 (Type: outgoing)
16:32:08 Roger MESSAGE Scheduled update executed successfully
16:32:08 Roger MESSAGE IP Protection stopped
16:32:11 Roger MESSAGE Scheduled scan executed successfully
16:32:39 Roger MESSAGE Database updated successfully
16:32:41 Roger MESSAGE IP Protection started successfully

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 16 August 2011 - 12:05 AM

Hi,

Update MBAM and run a quick scan with it. Post back the report.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 16 August 2011 - 02:24 PM

Blade,
Here is the latest scan. Thanks


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2011 3:21:56 PM
mbam-log-2011-08-16 (15-21-56).txt

Scan type: Quick scan
Objects scanned: 174740
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 16 August 2011 - 11:40 PM

Hi,

I'm starting believe that message can be ignored. Have you noticed any symptoms with the system other than the messages?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 18 August 2011 - 03:42 PM

Blade,
A few things I have noticed, sometimes I have to restart several times before it will actually restart...ie I will attempt to start but it will stop on the screen where it shows you the hard drive info. Once I get past that and Windows starts, it takes at least 15 minutes before I can do anything on the computer. I ran task manager right after the desktop came up... no applications are running and between 69-74 processes running..yet I can't open any programs. I'm thinking about doing a clean install...any thoughts? BTW Just did a clean install about a month ago and the local drive shows up as D: instead of C: I don't know why.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:45 PM

Posted 18 August 2011 - 11:50 PM

Hi,

I'm thinking about doing a clean install...any thoughts?

Might be a good idea but let's give TDSSKiller a try first.

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

BTW Just did a clean install about a month ago and the local drive shows up as D: instead of C: I don't know why.

Does drive C: exist?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 19 August 2011 - 10:51 AM

Blade,
Here is the log from TDSSKiller

2011/08/19 11:44:57.0546 1012 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/19 11:44:58.0265 1012 ================================================================================
2011/08/19 11:44:58.0265 1012 SystemInfo:
2011/08/19 11:44:58.0265 1012
2011/08/19 11:44:58.0265 1012 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/19 11:44:58.0265 1012 Product type: Workstation
2011/08/19 11:44:58.0265 1012 ComputerName: SIGRANGER
2011/08/19 11:44:58.0281 1012 UserName: Roger
2011/08/19 11:44:58.0281 1012 Windows directory: D:\WINDOWS
2011/08/19 11:44:58.0281 1012 System windows directory: D:\WINDOWS
2011/08/19 11:44:58.0281 1012 Processor architecture: Intel x86
2011/08/19 11:44:58.0281 1012 Number of processors: 2
2011/08/19 11:44:58.0281 1012 Page size: 0x1000
2011/08/19 11:44:58.0281 1012 Boot type: Normal boot
2011/08/19 11:44:58.0281 1012 ================================================================================
2011/08/19 11:44:58.0906 1012 Initialize success
2011/08/19 11:45:00.0437 3768 ================================================================================
2011/08/19 11:45:00.0437 3768 Scan started
2011/08/19 11:45:00.0437 3768 Mode: Manual;
2011/08/19 11:45:00.0437 3768 ================================================================================
2011/08/19 11:45:01.0078 3768 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/19 11:45:01.0125 3768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/19 11:45:01.0203 3768 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
2011/08/19 11:45:01.0296 3768 AFD (355556d9e580915118cd7ef736653a89) D:\WINDOWS\System32\drivers\afd.sys
2011/08/19 11:45:01.0875 3768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/19 11:45:01.0921 3768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/19 11:45:02.0000 3768 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/19 11:45:02.0078 3768 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/19 11:45:02.0140 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/08/19 11:45:02.0281 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/19 11:45:02.0468 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/19 11:45:02.0515 3768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/19 11:45:02.0609 3768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/19 11:45:02.0687 3768 cercsr6 (84853b3fd012251690570e9e7e43343f) D:\WINDOWS\system32\drivers\cercsr6.sys
2011/08/19 11:45:02.0875 3768 cfwids (ecaf4a51580244fef1aa32cb984f13bf) D:\WINDOWS\system32\drivers\cfwids.sys
2011/08/19 11:45:03.0000 3768 Compbatt (6e4c9f21f0fae8940661144f41b13203) D:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/19 11:45:03.0125 3768 ctac32k (177bc4ee3840119a780eafad5a010f8f) D:\WINDOWS\system32\drivers\ctac32k.sys
2011/08/19 11:45:03.0359 3768 ctaud2k (eb0c0d62d8d2b8f41da149c866e93397) D:\WINDOWS\system32\drivers\ctaud2k.sys
2011/08/19 11:45:03.0453 3768 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) D:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/08/19 11:45:03.0640 3768 ctprxy2k (7d7eea7ffbc19e1b712d241490be51ed) D:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/08/19 11:45:03.0812 3768 ctsfm2k (538122d33dd4b04cc189d5ca72bd6706) D:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/08/19 11:45:04.0046 3768 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/19 11:45:04.0109 3768 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
2011/08/19 11:45:04.0281 3768 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
2011/08/19 11:45:04.0375 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/08/19 11:45:04.0453 3768 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
2011/08/19 11:45:04.0531 3768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/19 11:45:04.0640 3768 E100B (95974e66d3de4951d29e28e8bc0b644c) D:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/19 11:45:04.0781 3768 emupia (8e0eb62be9f9bee7c2e4c50685038e8d) D:\WINDOWS\system32\drivers\emupia2k.sys
2011/08/19 11:45:04.0984 3768 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/19 11:45:05.0062 3768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys
2011/08/19 11:45:05.0125 3768 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
2011/08/19 11:45:05.0203 3768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/19 11:45:05.0250 3768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/19 11:45:05.0281 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/19 11:45:05.0328 3768 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/19 11:45:05.0437 3768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/19 11:45:05.0578 3768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/19 11:45:05.0671 3768 ha20x2k (f2607d0d89f57d3564cf65a61a237f1a) D:\WINDOWS\system32\drivers\ha20x2k.sys
2011/08/19 11:45:05.0906 3768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/19 11:45:05.0968 3768 HidBatt (748031ff4fe45ccc47546294905feab8) D:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/08/19 11:45:06.0015 3768 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/19 11:45:06.0078 3768 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) D:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/19 11:45:06.0203 3768 HPZipr12 (89f41658929393487b6b7d13c8528ce3) D:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/19 11:45:06.0343 3768 HPZius12 (abcb05ccdbf03000354b9553820e39f8) D:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/19 11:45:06.0578 3768 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/19 11:45:06.0859 3768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\drivers\i8042prt.sys
2011/08/19 11:45:06.0968 3768 iastor (9a65e42664d1534b68512caad0efe963) D:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/19 11:45:07.0078 3768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/19 11:45:07.0156 3768 InCDfs (6de66afdc5f3c78432a6f5e3e3fae00d) D:\WINDOWS\system32\drivers\InCDfs.sys
2011/08/19 11:45:07.0218 3768 InCDPass (dd4de4d251cd0951cb569e76194c1514) D:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/08/19 11:45:07.0328 3768 InCDrec (99def2708d08e067c2fe05fd3326a87b) D:\WINDOWS\system32\drivers\InCDrec.sys
2011/08/19 11:45:07.0453 3768 incdrm (3f2ac131b5a10f1a1c53af665b7f9516) D:\WINDOWS\system32\drivers\incdrm.sys
2011/08/19 11:45:07.0765 3768 intelppm (8c953733d8f36eb2133f5bb58808b66b) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/19 11:45:07.0812 3768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/19 11:45:07.0921 3768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/19 11:45:08.0015 3768 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/19 11:45:08.0062 3768 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/19 11:45:08.0125 3768 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/19 11:45:08.0203 3768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/19 11:45:08.0281 3768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/19 11:45:08.0343 3768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/19 11:45:08.0421 3768 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/19 11:45:08.0468 3768 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
2011/08/19 11:45:08.0546 3768 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/19 11:45:08.0593 3768 LBeepKE (5644acfa1b281ce2212353552147d1a0) D:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/08/19 11:45:08.0921 3768 LHidFilt (05d6b85ecc3204931923ab7940b9596e) D:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/19 11:45:09.0062 3768 LMouFilt (053dbcc1082fdf74ab145a71917a6556) D:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/19 11:45:09.0234 3768 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) D:\WINDOWS\system32\drivers\mbam.sys
2011/08/19 11:45:09.0312 3768 mfeapfk (688b626fca708ee9eb161cad1f7363a9) D:\WINDOWS\system32\drivers\mfeapfk.sys
2011/08/19 11:45:09.0406 3768 mfeavfk (693a8d924b640223974e0a88f2baf0f4) D:\WINDOWS\system32\drivers\mfeavfk.sys
2011/08/19 11:45:09.0515 3768 mfebopk (52c40d19873528bd15823c969d3ad227) D:\WINDOWS\system32\drivers\mfebopk.sys
2011/08/19 11:45:09.0640 3768 mfefirek (e37b98d49df546f4059483d49e349a53) D:\WINDOWS\system32\drivers\mfefirek.sys
2011/08/19 11:45:09.0796 3768 mfehidk (44184f32392fa2e94d08d056ce750d56) D:\WINDOWS\system32\drivers\mfehidk.sys
2011/08/19 11:45:09.0828 3768 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) D:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/08/19 11:45:09.0921 3768 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) D:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/08/19 11:45:09.0953 3768 mferkdet (5f5313bfd1e73233885a26ab77488f6f) D:\WINDOWS\system32\drivers\mferkdet.sys
2011/08/19 11:45:10.0125 3768 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) D:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/08/19 11:45:10.0296 3768 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) D:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/19 11:45:10.0515 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/19 11:45:10.0625 3768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
2011/08/19 11:45:10.0734 3768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/19 11:45:10.0796 3768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/19 11:45:10.0890 3768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/19 11:45:10.0937 3768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/19 11:45:10.0984 3768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/19 11:45:11.0031 3768 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
2011/08/19 11:45:11.0078 3768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/19 11:45:11.0093 3768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/19 11:45:11.0171 3768 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/19 11:45:11.0250 3768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/19 11:45:11.0328 3768 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\WINDOWS\system32\drivers\Mup.sys
2011/08/19 11:45:11.0453 3768 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
2011/08/19 11:45:11.0515 3768 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/19 11:45:11.0703 3768 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/19 11:45:11.0765 3768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/19 11:45:11.0843 3768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/19 11:45:11.0937 3768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/19 11:45:11.0984 3768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/19 11:45:12.0046 3768 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
2011/08/19 11:45:12.0093 3768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/19 11:45:12.0156 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/08/19 11:45:12.0375 3768 nv (2282ad3b19b00967c6e48531c25bfe01) D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/19 11:45:12.0656 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/19 11:45:12.0750 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/19 11:45:12.0796 3768 ossrv (611b58c2fd89aa9e80743a197ba62277) D:\WINDOWS\system32\drivers\ctoss2k.sys
2011/08/19 11:45:13.0000 3768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\drivers\Parport.sys
2011/08/19 11:45:13.0078 3768 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/19 11:45:13.0156 3768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/19 11:45:13.0203 3768 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/19 11:45:13.0312 3768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/19 11:45:13.0421 3768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/19 11:45:13.0828 3768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/19 11:45:13.0890 3768 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/19 11:45:13.0953 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/19 11:45:14.0015 3768 PxHelp20 (617accada2e0a0f43ec6030bbac49513) D:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/19 11:45:14.0140 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/19 11:45:14.0187 3768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/19 11:45:14.0218 3768 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/19 11:45:14.0250 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/19 11:45:14.0281 3768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/19 11:45:14.0312 3768 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/19 11:45:14.0421 3768 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/19 11:45:14.0484 3768 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/19 11:45:14.0828 3768 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/19 11:45:14.0890 3768 SASDIFSV (39763504067962108505bff25f024345) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/19 11:45:14.0921 3768 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/19 11:45:14.0968 3768 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/19 11:45:15.0031 3768 Ser2pl (b490ad520257dda26c1d587a71e527b5) D:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/08/19 11:45:15.0156 3768 Serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/19 11:45:15.0250 3768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\drivers\Serial.sys
2011/08/19 11:45:15.0312 3768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/19 11:45:15.0515 3768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
2011/08/19 11:45:15.0671 3768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/19 11:45:15.0781 3768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/19 11:45:15.0875 3768 STHDA (2a2dc39623adef8ab3703ab9fac4b440) D:\WINDOWS\system32\drivers\sthda.sys
2011/08/19 11:45:15.0984 3768 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/19 11:45:16.0109 3768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
2011/08/19 11:45:16.0453 3768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/19 11:45:16.0546 3768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/19 11:45:16.0671 3768 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/19 11:45:16.0750 3768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/19 11:45:16.0812 3768 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/19 11:45:16.0906 3768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
2011/08/19 11:45:17.0046 3768 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
2011/08/19 11:45:17.0171 3768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/19 11:45:17.0296 3768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/19 11:45:17.0390 3768 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/19 11:45:17.0468 3768 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/19 11:45:17.0500 3768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/19 11:45:17.0515 3768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/19 11:45:17.0546 3768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/19 11:45:17.0640 3768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
2011/08/19 11:45:17.0796 3768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/19 11:45:17.0843 3768 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/19 11:45:17.0937 3768 Wdf01000 (d918617b46457b9ac28027722e30f647) D:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/19 11:45:18.0328 3768 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/19 11:45:18.0421 3768 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/19 11:45:18.0500 3768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/19 11:45:18.0531 3768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/19 11:45:18.0718 3768 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR4
2011/08/19 11:45:19.0531 3768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR5
2011/08/19 11:45:19.0546 3768 Boot (0x1200) (1c7dabb66bdab11f9d82e8e7ca47767b) \Device\Harddisk0\DR0\Partition0
2011/08/19 11:45:19.0546 3768 Boot (0x1200) (ecf8de157d3dbef632a3df5eaf7d3d81) \Device\Harddisk0\DR0\Partition1
2011/08/19 11:45:19.0593 3768 Boot (0x1200) (c8cdd1676fdb09cfbbe6ea7f8f8106c4) \Device\Harddisk0\DR0\Partition2
2011/08/19 11:45:19.0609 3768 Boot (0x1200) (269fb1e8eab793a99aaee1731d23370a) \Device\Harddisk1\DR4\Partition0
2011/08/19 11:45:19.0625 3768 Boot (0x1200) (ecec43986a223aed454739b45c80aaea) \Device\Harddisk2\DR5\Partition0
2011/08/19 11:45:19.0625 3768 ================================================================================
2011/08/19 11:45:19.0625 3768 Scan finished
2011/08/19 11:45:19.0625 3768 ================================================================================
2011/08/19 11:45:19.0640 5680 Detected object count: 0
2011/08/19 11:45:19.0640 5680 Actual detected object count: 0


As for the drive letters...C: does exist. It used to be my local drive and D: was my back up. After install they were switched C: is now back up and D: is local. Don't know if I did something wrong during install or not. Thanks for the help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users