Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:Siresef-PL according to Avast Engine Scan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Stuck Under

Stuck Under

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 14 July 2012 - 11:43 PM

Hi all. I'm new and hoping someone can please help me out. I don't really know how I got infected with this malware, but it's quite annoying to see it pop up redirecting me to other ad sites whenever I click on a google search link. I have comodo antivirus installed and it keeps detecting and quarantining malware files quite often so I'm not getting any redirects with it actively scanning.

Anywho, I'd like to see it gone and would appreciate some advice. I'm running Windows 7 64-bit and here are my DDS logs. I also attached the AVAST log.

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by heng at 21:24:16 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8124.5971 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avatron\Air Display\AVTHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
uWindows: Load=C:\Users\heng\LOCALS~1\Temp\msmutvxy.scr
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3F227DE-C0A0-4847-8649-934973486C50} : DhcpNameServer = 192.168.2.1
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\heng\AppData\Roaming\Mozilla\Firefox\Profiles\ucjvvo08.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-2 98208]
R2 AVTHelper;AVTHelper;C:\Program Files\Avatron\Air Display\AVTHelper.exe [2012-2-7 215448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-2 13592]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2012-6-12 60928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-2 1262400]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-6-2 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-6-2 567672]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 AirDisplay;Air Display Support;C:\Windows\system32\DRIVERS\AVVideoCard.sys --> C:\Windows\system32\DRIVERS\AVVideoCard.sys [?]
R3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys --> C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 hidkmdf;KMDF Driver;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\system32\DRIVERS\wachidrouter.sys --> C:\Windows\system32\DRIVERS\wachidrouter.sys [?]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\system32\DRIVERS\wacomrouterfilter.sys --> C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-12 1153368]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-14 1432400]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-2 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 Spyder2;ColorVision Spyder2;C:\Windows\system32\DRIVERS\Spyder2.sys --> C:\Windows\system32\DRIVERS\Spyder2.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-14 09:26:57 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-14 09:21:44 -------- d-----w- C:\Users\heng\AppData\Roaming\GetRightToGo
2012-07-14 08:31:21 -------- d-----w- C:\Users\heng\AppData\Local\COMODO
2012-07-14 07:19:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 07:19:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 08:54:30 -------- d-----w- C:\Users\heng\AppData\Roaming\X-Rite
2012-07-12 08:53:48 -------- d-----w- C:\Program Files (x86)\X-Rite
2012-07-12 08:53:27 -------- d-----w- C:\ProgramData\X-Rite
2012-07-12 08:17:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-12 08:17:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-11 12:34:01 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-11 12:33:06 -------- d--h--w- C:\VritualRoot
2012-07-11 12:31:16 -------- d-----w- C:\ProgramData\Comodo
2012-07-11 12:31:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-11 12:31:15 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-07-11 12:31:15 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-11 12:31:15 -------- d-----w- C:\Program Files\COMODO
2012-07-11 12:04:29 -------- d-----w- C:\Program Files\ESET
2012-07-11 11:35:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:35:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 11:03:00 -------- d-----w- C:\Users\heng\AppData\Roaming\Malwarebytes
2012-07-11 11:02:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 10:41:51 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-11 10:41:42 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-11 10:22:17 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-08 00:57:31 -------- d-----w- C:\Users\heng\PocketWizard Utility Profiles
2012-07-08 00:48:42 -------- d-----w- C:\Users\heng\AppData\Roaming\PocketWizard
2012-07-08 00:48:42 -------- d-----w- C:\Program Files (x86)\PocketWizard
2012-07-08 00:48:30 -------- d-----w- C:\Users\heng\AppData\Local\Downloaded Installations
2012-07-05 13:26:25 -------- d-----w- C:\Users\heng\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-07-05 13:14:04 -------- d-----w- C:\Users\heng\AppData\Roaming\PACE Anti-Piracy
2012-07-05 13:14:04 -------- d-----w- C:\Users\heng\AppData\Local\PACE Anti-Piracy
2012-07-05 13:14:04 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-07-05 12:46:43 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-07-05 12:46:43 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-07-05 12:46:43 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-07-05 12:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-07-05 12:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-07-05 12:46:39 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-06-28 02:30:39 -------- d-----w- C:\Users\heng\AppData\Local\Splashtop
2012-06-28 02:14:32 -------- d-----w- C:\ProgramData\Splashtop
2012-06-28 02:14:21 -------- d-----w- C:\Program Files (x86)\Splashtop
2012-06-28 02:14:16 -------- d-----w- C:\Users\heng\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-27 23:46:14 -------- d-----w- C:\Users\heng\AppData\Local\CrashDumps
2012-06-27 21:00:09 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5C87231-6BBD-4780-9C71-2B5D5430DA58}\mpengine.dll
2012-06-27 20:50:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-27 20:50:44 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-27 20:50:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-27 20:50:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-25 00:50:51 -------- d-----w- C:\Users\heng\AppData\Roaming\TechSmith
2012-06-21 18:12:22 -------- d-----w- C:\Program Files\Avatron
2012-06-21 18:11:27 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-21 18:11:27 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-21 18:11:27 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-21 18:11:10 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-21 18:11:10 -------- d-----w- C:\Program Files\iTunes
2012-06-21 18:11:10 -------- d-----w- C:\Program Files\iPod
2012-06-21 18:11:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-21 18:10:17 -------- d-----w- C:\Program Files\Bonjour
2012-06-21 18:10:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-21 00:28:55 -------- d-----w- C:\Program Files\Ventrilo
2012-06-21 00:28:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-15 20:38:22 -------- d-----w- C:\Users\heng\AppData\Local\Apple Computer
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-15 20:36:07 -------- d-----w- C:\Users\heng\AppData\Local\Apple
2012-06-15 19:40:13 -------- d-----w- C:\Users\heng\AppData\Local\TechSmith
2012-06-15 19:36:59 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
.
==================== Find3M ====================
.
2012-07-14 08:58:43 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-06-06 00:06:16 168201 ----a-w- C:\Windows\Blinkbid Uninstaller.exe
2012-06-02 19:47:17 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-02 19:47:17 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-02 18:02:56 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 19:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-18 16:47:16 1830776 ----a-w- C:\Windows\System32\Wintab32.dll
2012-04-18 16:47:16 1816440 ----a-w- C:\Windows\System32\WacomMT.dll
2012-04-18 16:47:16 1765240 ----a-w- C:\Windows\System32\Wacom_Tablet.dll
2012-04-18 16:47:16 1758584 ----a-w- C:\Windows\System32\Wacom_Touch_Tablet.dll
2012-04-18 16:47:16 1496952 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2012-04-18 16:47:16 1484152 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2012-04-18 16:47:16 1450872 ----a-w- C:\Windows\SysWow64\Wacom_Tablet.dll
2012-04-18 16:47:16 1444216 ----a-w- C:\Windows\SysWow64\Wacom_Touch_Tablet.dll
2012-04-16 18:47:44 258560 ----a-w- C:\Windows\SysWow64\tsc2_codec64.dll
2012-04-16 18:47:44 222208 ----a-w- C:\Windows\SysWow64\tsc2_codec32.dll
.
============= FINISH: 21:26:32.78 ===============


AVAST LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by heng at 21:24:16 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8124.5971 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avatron\Air Display\AVTHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
uWindows: Load=C:\Users\heng\LOCALS~1\Temp\msmutvxy.scr
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\Utility\ColorVisionStartup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3F227DE-C0A0-4847-8649-934973486C50} : DhcpNameServer = 192.168.2.1
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\heng\AppData\Roaming\Mozilla\Firefox\Profiles\ucjvvo08.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-2 98208]
R2 AVTHelper;AVTHelper;C:\Program Files\Avatron\Air Display\AVTHelper.exe [2012-2-7 215448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-2 13592]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2012-6-12 60928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-2 1262400]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-6-2 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-6-2 567672]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 AirDisplay;Air Display Support;C:\Windows\system32\DRIVERS\AVVideoCard.sys --> C:\Windows\system32\DRIVERS\AVVideoCard.sys [?]
R3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys --> C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 hidkmdf;KMDF Driver;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\system32\DRIVERS\wachidrouter.sys --> C:\Windows\system32\DRIVERS\wachidrouter.sys [?]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\system32\DRIVERS\wacomrouterfilter.sys --> C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-12 1153368]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-14 1432400]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-2 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 Spyder2;ColorVision Spyder2;C:\Windows\system32\DRIVERS\Spyder2.sys --> C:\Windows\system32\DRIVERS\Spyder2.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-14 09:26:57 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-14 09:21:44 -------- d-----w- C:\Users\heng\AppData\Roaming\GetRightToGo
2012-07-14 08:31:21 -------- d-----w- C:\Users\heng\AppData\Local\COMODO
2012-07-14 07:19:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 07:19:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 08:54:30 -------- d-----w- C:\Users\heng\AppData\Roaming\X-Rite
2012-07-12 08:53:48 -------- d-----w- C:\Program Files (x86)\X-Rite
2012-07-12 08:53:27 -------- d-----w- C:\ProgramData\X-Rite
2012-07-12 08:17:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-12 08:17:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-11 12:34:01 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-11 12:33:06 -------- d--h--w- C:\VritualRoot
2012-07-11 12:31:16 -------- d-----w- C:\ProgramData\Comodo
2012-07-11 12:31:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-11 12:31:15 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-07-11 12:31:15 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-11 12:31:15 -------- d-----w- C:\Program Files\COMODO
2012-07-11 12:04:29 -------- d-----w- C:\Program Files\ESET
2012-07-11 11:35:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:35:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 11:03:00 -------- d-----w- C:\Users\heng\AppData\Roaming\Malwarebytes
2012-07-11 11:02:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 10:41:51 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-11 10:41:42 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-11 10:22:17 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-08 00:57:31 -------- d-----w- C:\Users\heng\PocketWizard Utility Profiles
2012-07-08 00:48:42 -------- d-----w- C:\Users\heng\AppData\Roaming\PocketWizard
2012-07-08 00:48:42 -------- d-----w- C:\Program Files (x86)\PocketWizard
2012-07-08 00:48:30 -------- d-----w- C:\Users\heng\AppData\Local\Downloaded Installations
2012-07-05 13:26:25 -------- d-----w- C:\Users\heng\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-07-05 13:14:04 -------- d-----w- C:\Users\heng\AppData\Roaming\PACE Anti-Piracy
2012-07-05 13:14:04 -------- d-----w- C:\Users\heng\AppData\Local\PACE Anti-Piracy
2012-07-05 13:14:04 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-07-05 12:46:43 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-07-05 12:46:43 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-07-05 12:46:43 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-07-05 12:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-07-05 12:46:43 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-07-05 12:46:39 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-06-28 02:30:39 -------- d-----w- C:\Users\heng\AppData\Local\Splashtop
2012-06-28 02:14:32 -------- d-----w- C:\ProgramData\Splashtop
2012-06-28 02:14:21 -------- d-----w- C:\Program Files (x86)\Splashtop
2012-06-28 02:14:16 -------- d-----w- C:\Users\heng\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-27 23:46:14 -------- d-----w- C:\Users\heng\AppData\Local\CrashDumps
2012-06-27 21:00:09 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5C87231-6BBD-4780-9C71-2B5D5430DA58}\mpengine.dll
2012-06-27 20:50:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-27 20:50:44 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-27 20:50:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-27 20:50:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-25 00:50:51 -------- d-----w- C:\Users\heng\AppData\Roaming\TechSmith
2012-06-21 18:12:22 -------- d-----w- C:\Program Files\Avatron
2012-06-21 18:11:27 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-21 18:11:27 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-21 18:11:27 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-21 18:11:10 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-21 18:11:10 -------- d-----w- C:\Program Files\iTunes
2012-06-21 18:11:10 -------- d-----w- C:\Program Files\iPod
2012-06-21 18:11:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-21 18:10:17 -------- d-----w- C:\Program Files\Bonjour
2012-06-21 18:10:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-21 00:28:55 -------- d-----w- C:\Program Files\Ventrilo
2012-06-21 00:28:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-15 20:38:22 -------- d-----w- C:\Users\heng\AppData\Local\Apple Computer
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-15 20:36:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-15 20:36:07 -------- d-----w- C:\Users\heng\AppData\Local\Apple
2012-06-15 19:40:13 -------- d-----w- C:\Users\heng\AppData\Local\TechSmith
2012-06-15 19:36:59 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
.
==================== Find3M ====================
.
2012-07-14 08:58:43 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-06-06 00:06:16 168201 ----a-w- C:\Windows\Blinkbid Uninstaller.exe
2012-06-02 19:47:17 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-02 19:47:17 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-06-02 18:02:56 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 19:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-18 16:47:16 1830776 ----a-w- C:\Windows\System32\Wintab32.dll
2012-04-18 16:47:16 1816440 ----a-w- C:\Windows\System32\WacomMT.dll
2012-04-18 16:47:16 1765240 ----a-w- C:\Windows\System32\Wacom_Tablet.dll
2012-04-18 16:47:16 1758584 ----a-w- C:\Windows\System32\Wacom_Touch_Tablet.dll
2012-04-18 16:47:16 1496952 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2012-04-18 16:47:16 1484152 ----a-w- C:\Windows\SysWow64\WacomMT.dll
2012-04-18 16:47:16 1450872 ----a-w- C:\Windows\SysWow64\Wacom_Tablet.dll
2012-04-18 16:47:16 1444216 ----a-w- C:\Windows\SysWow64\Wacom_Touch_Tablet.dll
2012-04-16 18:47:44 258560 ----a-w- C:\Windows\SysWow64\tsc2_codec64.dll
2012-04-16 18:47:44 222208 ----a-w- C:\Windows\SysWow64\tsc2_codec32.dll
.
============= FINISH: 21:26:32.78 ===============






Any help appreciated. Thanks guys!

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:32 PM

Posted 15 July 2012 - 04:23 PM

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:32 PM

Posted 20 July 2012 - 03:52 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users