Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Aug 2011
    Posts
    7
    Points
    0

    Default Firefox redirects/Proxy Settings issue

    Hi. I use mainly Firefox, and I noticed it, along with IE started redirecting links clicked in searches automatically. Usually if I go back and click the link again it works. I experienced a bigger issue today when I couldn't get on the internet on either Firefox or IE. Firefox said my proxy server settings needed to be configured and when I went into options and had it automatically choose my settings it started working again. I never had to do this before. IE also stopped working, and I attempted the same steps of having it automatically choose my settings, but it still does not work. Everytime I start my computer up and open Firefox, I get the same issue with having to change the proxy settings. I see other people have had issues with this in the past.

    Also, this could be completely unrelated, but every time I start my computer I get a notification saying Java needs to be updated, but it never actually lets me update it; it just says there was an error and closes.

    Occasionally my antivirus program finds malware and other issues on my computer, but I fear it may not be working properly at this point.

    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:12:49 PM, on 8/2/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16766)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFSA.EXE
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bentley University
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bentley University
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52222
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjg1MTU3MjUxLUZMMTArMS1GT0krMTEtRERUKzAtVFVHKzM"&"prod=90"&"ver=10.0.1390
    O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Windows\TEMP\E_S5409.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON Artisan 710 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFSA.EXE /FU "C:\Windows\TEMP\E_S57A1.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Amazon Unbox.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O15 - Trusted IP range: 141.133.112.169
    O15 - Trusted IP range: 141.133.112.169 (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
    O17 - HKLM\Software\..\Telephony: DomainName = blue.ad.bentley.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\Windows\system32\CCM\TSManager.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
    O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

    --
    End of file - 10871 bytes



    SuperAntiSpyware Log:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 08/02/2011 at 00:17 AM

    Application Version : 4.56.1000

    Core Rules Database Version : 7498
    Trace Rules Database Version: 5310

    Scan type : Complete Scan
    Total Scan Time : 01:38:57

    Memory items scanned : 459
    Memory threats detected : 0
    Registry items scanned : 11554
    Registry threats detected : 0
    File items scanned : 42348
    File threats detected : 36

    Adware.Tracking Cookie
    C:\Users\jenko_juli\AppData\Roaming\Microsoft\Windows\Cookies\Low\jenko_juli@atdmt[1].txt
    C:\Users\jenko_juli\AppData\Roaming\Microsoft\Windows\Cookies\Low\jenko_juli@doubleclick[1].txt
    C:\Users\jenko_juli\AppData\Roaming\Microsoft\Windows\Cookies\Low\jenko_juli@googleads.g.doubleclick[1].txt
    C:\Users\jenko_juli\AppData\Roaming\Microsoft\Windows\Cookies\Low\jenko_juli@questionmarket[1].txt
    adsatt.espn.go.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    b.ads2.msads.net [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    bbca.channelfinder.net [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    cdn.eyewonder.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    cdn.insights.gravity.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    cdn4.specificclick.net [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    core.insightexpressai.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    dcl.wdpromedia.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    dlr1.wdpromedia.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    files.youporn.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    freecamsexposed.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    i.blogads.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    ia.media-imdb.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    ictv-ic-ec.indieclicktv.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    media.cnbc.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    media.mtvnservices.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    media.mtvu.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    media.scanscout.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    media1.break.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    mediaplayer.linkinpark.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    melissasexmovie.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    msnbcmedia.msn.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    s0.2mdn.net [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    secure-us.imrworldwide.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    serving-sys.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    sftrack.searchforce.net [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    speed.pointroll.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    trinity-adserver-003.co.uk [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    wdw2.wdpromedia.com [ C:\Users\QUARTE_MATT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A7FC6DUG ]
    C:\Users\QUARTE_MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthew@teeniesland[1].txt
    C:\Users\QUARTE_MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\quarte_matt@teeniesland[2].txt
    C:\Users\QUARTE_MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\quarte_matt@www.teeniesland[2].txt


    MalwareBytes Log:
    Malwarebytes' Anti-Malware 1.51.1.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7350

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    8/2/2011 12:12:58 AM
    mbam-log-2011-08-02 (00-12-58).txt

    Scan type: Full scan (C:\|F:\|)
    Objects scanned: 349380
    Time elapsed: 1 hour(s), 36 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Aug 2011
    Posts
    7
    Points
    0

    Default

    DDS Log:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by Matthew at 21:46:39 on 2011-08-07
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3036.1708 [GMT -4:00]
    .
    AV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\Windows\system32\CCM\CcmExec.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFSA.EXE
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bentley.edu/
    uDefault_Page_URL = hxxp://www.bentley.edu
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRunOnce: [spchecker] "c:\program files\avg\avg10\notification\SPCheckerTE.exe"
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
    mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjg1MTU3MjUxLUZMMTArMS1GT0krMTEtRERUKzAtVFVHKzM"&"prod=90"&"ver=10.0.1390
    dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    mPolicies-system: disablecad = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    TCP: Interfaces\{9682893D-8F95-44B0-A953-DB94F2730FF6} : DhcpNameServer = 141.133.112.120 141.133.112.121
    TCP: Interfaces\{CD5B4F30-7694-4B1E-A0FD-8941832A33EC} : DhcpNameServer = 167.206.254.1 167.206.254.2
    TCP: Interfaces\{CD5B4F30-7694-4B1E-A0FD-8941832A33EC}\1786F6D656 : DhcpNameServer = 167.206.254.1 167.206.254.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
    Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
    LSA: Notification Packages = scecli DPPWDFLT
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\v2ygc2ta.default\
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPCentraUpdater.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-9-11 1811704]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2011-1-8 16896]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-11-7 25824]
    R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
    R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
    R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-25 599344]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-14 659328]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-7-21 228408]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-7-21 221912]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
    R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-8-5 71296]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-7-21 49152]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-1 41272]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-22 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-7-10 11520]
    .
    =============== Created Last 30 ================
    .
    2011-08-07 15:26:16 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0e431e6-7414-410d-8eb2-8051811b070d}\mpengine.dll
    2011-08-03 02:41:44 6881616 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{a66afe0e-82f5-4e18-b5ca-d0022e62205f}\mpengine.dll
    2011-08-03 02:41:42 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-08-02 02:23:02 -------- d-----w- c:\users\matthew\appdata\roaming\SUPERAntiSpyware.com
    2011-08-02 02:23:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-08-02 02:22:53 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-08-02 02:05:19 -------- d-----w- c:\users\matthew\appdata\roaming\Malwarebytes
    2011-08-02 02:05:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-02 02:05:09 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-02 02:05:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-02 02:05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-01 00:09:16 -------- d-----w- c:\users\matthew\appdata\local\Mozilla
    2011-08-01 00:05:48 -------- d-----w- c:\program files\Trend Micro
    2011-07-31 23:38:48 -------- d-----w- c:\users\matthew\appdata\roaming\AVG10
    2011-07-31 23:37:41 -------- d--h--w- c:\programdata\Common Files
    2011-07-31 23:36:23 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-07-31 23:36:23 -------- d-----w- c:\programdata\AVG10
    2011-07-31 23:35:59 -------- d-----w- c:\program files\AVG
    2011-07-31 23:30:58 -------- d-----w- c:\programdata\MFAData
    2011-07-28 02:07:19 -------- d-----w- c:\program files\Spotify
    .
    ==================== Find3M ====================
    .
    2011-05-27 15:22:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 21:46:52.79 ===============

    Attach Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/5/2010 3:56:23 PM
    System Uptime: 8/7/2011 5:10:05 PM (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30DC
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | Intel(R) Genuine processor | 2801/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 231 GiB total, 133.725 GiB free.
    D: is CDROM (CDFS)
    E: is Removable
    F: is FIXED (FAT32) - 2 GiB total, 1.994 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    32 Bit HP CIO Components Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    Amazon Unbox Video
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    Ask Toolbar
    Audacity 1.2.6
    AuthenTec Fingerprint Software
    Battlefield Vietnam(TM)
    BlackBerry Desktop Software 6.0
    BlackBerry Device Software Updater
    Bonjour
    Centra Client
    Command & Conquer Generals
    Configuration Manager Client
    Data Lifeguard Diagnostic for Windows
    Definition update for Microsoft Office 2010 (KB982726)
    DigitalPersona Personal 4.11
    ECL Viewer
    EPSON Artisan 710 Series Printer Uninstall
    EPSON CX7400 User's Guide
    Epson Event Manager
    Epson Print CD
    EPSON Printer Software
    EPSON Scan
    EPSON Stylus CX7400 Series Scanner Driver Update
    FileZilla Client 3.3.3
    Google Earth Plug-in
    Google Update Helper
    HiJackThis
    HP ESU for Microsoft Windows 7
    HP Quick Launch Buttons
    HP Webcam Application
    HP Wireless Assistant
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    LAME v3.98.3 for Audacity
    LSI HDA Modem
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MediaImpression 2.0 for PENTAX
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Forefront Client Security Antimalware Service
    Microsoft Forefront Client Security State Assessment Service
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Communicator 2005
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Operations Manager 2005 Agent
    Microsoft redistributable runtime DLLs VS2008 SP1(x86)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visio Professional 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4.0 redistributable
    Nitro PDF Reader
    OGA Notifier 2.0.0048.0
    Pharos
    Presto! BizCard 5
    PrimoPDF -- brought to you by Nitro PDF Software
    PunkBuster for Battlefield Vietnam
    QLBCASL
    QuickTime
    RealPlayer
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Business
    Roxio Creator Business v10
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD
    SAP Business Explorer
    SAP GUI for Windows 7.20
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartDraw 2010
    Sonic CinePlayer Decoder Pack
    Spotify
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Validity Sensors software
    vcredist_x86
    VLC media player 1.1.5
    WD Anywhere Backup
    WD Drive Manager (x86)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Movie Maker 2.6
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/7/2011 9:35:48 PM, Error: pcmcia [9] - The PCMCIA controller encountered an error powering up the inserted device.
    8/7/2011 9:35:48 PM, Error: atikmdag [43029] - Display is not active
    8/7/2011 7:21:58 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain BLUE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    8/7/2011 11:10:39 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    8/6/2011 9:59:20 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/6/2011 9:58:07 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    8/6/2011 10:01:31 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/3/2011 10:35:31 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    .
    ==== End Of File ===========================

    GMER Log:

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-08-07 22:34:23
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250410AS rev.0003HPM1
    Running: gmer.exe; Driver: C:\Users\Matthew\AppData\Local\Temp\kxlirpoc.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A94569 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB9092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91626000, 0x2D5378, 0xE8000020]
    ? C:\Windows\TEMP\mc261ED.tmp The system cannot find the file specified. !
    ? C:\Users\Matthew\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[604] ntdll.dll!LdrLoadDll 770BF5B5 5 Bytes JMP 00C71410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!SetWindowLongA 7619B1E3 5 Bytes JMP 593A8DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!SetWindowLongW 761A6614 5 Bytes JMP 593A8D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!GetWindowInfo 761A6A82 5 Bytes JMP 591D7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!TrackPopupMenu 761C4B3B 5 Bytes JMP 591D7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5700] kernel32.dll!SetUnhandledExceptionFilter 76523162 5 Bytes JMP 5C555B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5700] ole32.dll!OleLoadFromStream 765C5BF6 5 Bytes JMP 5C870DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\BTHUSB \Device\000000a4 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\BTHUSB \Device\000000a6 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8f8f9f
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8f8f9f (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Let's begin cleaning your machine up.

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    3.
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Things to include in your next reply::
    TDSSKiller log.
    Combofix.txt
    aswMBR.exe
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Aug 2011
    Posts
    7
    Points
    0

    Default

    Hi,

    Thank you for your help. Google links no longer redirect. Firefox still opens with manual proxy settings that I must turn off before I am able to access the internet. The manual proxy settings are configured for 127.0.0.1 if that helps at all. aswMBR crashed my computer twice before I was able to get it to work.

    TDSSKiller:

    2011/08/08 19:55:59.0404 5740 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
    2011/08/08 19:55:59.0779 5740 ================================================================================
    2011/08/08 19:55:59.0779 5740 SystemInfo:
    2011/08/08 19:55:59.0779 5740
    2011/08/08 19:55:59.0779 5740 OS Version: 6.1.7600 ServicePack: 0.0
    2011/08/08 19:55:59.0779 5740 Product type: Workstation
    2011/08/08 19:55:59.0779 5740 ComputerName: 2CE929CQCT
    2011/08/08 19:55:59.0779 5740 UserName: Matthew
    2011/08/08 19:55:59.0779 5740 Windows directory: C:\Windows
    2011/08/08 19:55:59.0779 5740 System windows directory: C:\Windows
    2011/08/08 19:55:59.0779 5740 Processor architecture: Intel x86
    2011/08/08 19:55:59.0779 5740 Number of processors: 2
    2011/08/08 19:55:59.0779 5740 Page size: 0x1000
    2011/08/08 19:55:59.0779 5740 Boot type: Normal boot
    2011/08/08 19:55:59.0779 5740 ================================================================================
    2011/08/08 19:56:01.0042 5740 Initialize success
    2011/08/08 19:56:06.0924 5316 ================================================================================
    2011/08/08 19:56:06.0924 5316 Scan started
    2011/08/08 19:56:06.0924 5316 Mode: Manual;
    2011/08/08 19:56:06.0924 5316 ================================================================================
    2011/08/08 19:56:07.0844 5316 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/08/08 19:56:07.0922 5316 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2011/08/08 19:56:08.0047 5316 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/08/08 19:56:08.0109 5316 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/08/08 19:56:08.0187 5316 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
    2011/08/08 19:56:08.0265 5316 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/08/08 19:56:08.0406 5316 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/08/08 19:56:08.0515 5316 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/08/08 19:56:08.0702 5316 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
    2011/08/08 19:56:08.0827 5316 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/08/08 19:56:08.0936 5316 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/08/08 19:56:09.0217 5316 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/08/08 19:56:09.0279 5316 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/08/08 19:56:09.0373 5316 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/08/08 19:56:09.0451 5316 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/08/08 19:56:09.0529 5316 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/08/08 19:56:09.0638 5316 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/08/08 19:56:09.0732 5316 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/08/08 19:56:09.0810 5316 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
    2011/08/08 19:56:09.0856 5316 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/08/08 19:56:09.0903 5316 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
    2011/08/08 19:56:09.0997 5316 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/08/08 19:56:10.0153 5316 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/08/08 19:56:10.0246 5316 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/08/08 19:56:10.0356 5316 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/08/08 19:56:10.0418 5316 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/08/08 19:56:10.0652 5316 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/08/08 19:56:11.0011 5316 ATSwpWDF (53ff3096d5d9ae2a75c16703a9819965) C:\Windows\system32\Drivers\ATSwpWDF.sys
    2011/08/08 19:56:11.0260 5316 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/08/08 19:56:11.0401 5316 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/08/08 19:56:11.0541 5316 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/08/08 19:56:11.0635 5316 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/08/08 19:56:12.0196 5316 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/08/08 19:56:12.0306 5316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/08/08 19:56:12.0430 5316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/08/08 19:56:12.0571 5316 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/08/08 19:56:12.0711 5316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/08/08 19:56:12.0836 5316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/08/08 19:56:12.0930 5316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/08/08 19:56:13.0023 5316 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/08/08 19:56:13.0148 5316 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/08/08 19:56:13.0242 5316 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/08/08 19:56:13.0288 5316 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/08/08 19:56:13.0366 5316 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/08/08 19:56:13.0460 5316 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/08/08 19:56:13.0600 5316 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/08/08 19:56:13.0756 5316 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/08/08 19:56:13.0866 5316 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/08/08 19:56:13.0959 5316 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/08/08 19:56:14.0084 5316 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/08/08 19:56:14.0178 5316 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/08/08 19:56:14.0256 5316 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/08/08 19:56:14.0334 5316 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/08/08 19:56:14.0427 5316 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/08/08 19:56:14.0568 5316 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/08/08 19:56:14.0708 5316 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/08/08 19:56:14.0802 5316 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/08/08 19:56:14.0864 5316 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/08/08 19:56:14.0989 5316 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/08/08 19:56:15.0114 5316 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/08/08 19:56:15.0270 5316 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
    2011/08/08 19:56:15.0504 5316 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/08/08 19:56:15.0784 5316 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/08/08 19:56:15.0925 5316 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/08/08 19:56:16.0050 5316 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/08/08 19:56:16.0159 5316 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/08/08 19:56:16.0330 5316 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/08/08 19:56:16.0440 5316 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/08/08 19:56:16.0486 5316 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/08/08 19:56:16.0580 5316 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/08/08 19:56:16.0689 5316 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/08/08 19:56:16.0767 5316 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/08/08 19:56:16.0845 5316 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/08/08 19:56:16.0908 5316 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/08/08 19:56:16.0986 5316 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/08/08 19:56:17.0095 5316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/08/08 19:56:17.0407 5316 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
    2011/08/08 19:56:17.0500 5316 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/08/08 19:56:17.0594 5316 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/08/08 19:56:17.0672 5316 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/08/08 19:56:17.0781 5316 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/08/08 19:56:17.0906 5316 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/08/08 19:56:18.0031 5316 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/08/08 19:56:18.0156 5316 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2011/08/08 19:56:18.0202 5316 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/08/08 19:56:18.0312 5316 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/08/08 19:56:18.0421 5316 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/08/08 19:56:18.0483 5316 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/08/08 19:56:18.0546 5316 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/08/08 19:56:18.0670 5316 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
    2011/08/08 19:56:18.0842 5316 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/08/08 19:56:18.0982 5316 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/08/08 19:56:19.0076 5316 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/08/08 19:56:19.0138 5316 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/08/08 19:56:19.0263 5316 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/08/08 19:56:19.0357 5316 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/08/08 19:56:19.0482 5316 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/08/08 19:56:19.0560 5316 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/08/08 19:56:19.0669 5316 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/08/08 19:56:19.0778 5316 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/08/08 19:56:19.0903 5316 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/08/08 19:56:19.0996 5316 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/08/08 19:56:20.0059 5316 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/08/08 19:56:20.0262 5316 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/08/08 19:56:20.0418 5316 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/08/08 19:56:20.0527 5316 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/08/08 19:56:20.0636 5316 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/08/08 19:56:20.0730 5316 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/08/08 19:56:20.0854 5316 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/08/08 19:56:20.0964 5316 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
    2011/08/08 19:56:21.0057 5316 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
    2011/08/08 19:56:21.0244 5316 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/08/08 19:56:21.0354 5316 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/08/08 19:56:21.0478 5316 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/08/08 19:56:21.0603 5316 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/08/08 19:56:21.0681 5316 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/08/08 19:56:21.0790 5316 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/08/08 19:56:21.0900 5316 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/08/08 19:56:21.0978 5316 MpFilter (356842aac621ab40f18992c01a590f71) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/08/08 19:56:22.0071 5316 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/08/08 19:56:22.0196 5316 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/08/08 19:56:22.0290 5316 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/08/08 19:56:22.0430 5316 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/08/08 19:56:22.0524 5316 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/08/08 19:56:22.0633 5316 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/08/08 19:56:22.0726 5316 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/08/08 19:56:22.0789 5316 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/08/08 19:56:22.0929 5316 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/08/08 19:56:23.0007 5316 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/08/08 19:56:23.0085 5316 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/08/08 19:56:23.0179 5316 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/08/08 19:56:23.0257 5316 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/08/08 19:56:23.0335 5316 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/08/08 19:56:23.0428 5316 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/08/08 19:56:23.0491 5316 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/08/08 19:56:23.0553 5316 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/08/08 19:56:23.0631 5316 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/08/08 19:56:23.0725 5316 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/08/08 19:56:23.0803 5316 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/08/08 19:56:23.0928 5316 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/08/08 19:56:23.0990 5316 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/08/08 19:56:24.0068 5316 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/08/08 19:56:24.0162 5316 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/08/08 19:56:24.0240 5316 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/08/08 19:56:24.0333 5316 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/08/08 19:56:24.0442 5316 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/08/08 19:56:24.0536 5316 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/08/08 19:56:24.0832 5316 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
    2011/08/08 19:56:25.0176 5316 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/08/08 19:56:25.0285 5316 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/08/08 19:56:25.0378 5316 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/08/08 19:56:25.0488 5316 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    2011/08/08 19:56:25.0597 5316 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/08/08 19:56:25.0706 5316 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
    2011/08/08 19:56:25.0831 5316 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
    2011/08/08 19:56:25.0940 5316 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/08/08 19:56:26.0080 5316 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/08/08 19:56:26.0268 5316 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/08/08 19:56:26.0361 5316 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/08/08 19:56:26.0408 5316 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/08/08 19:56:26.0502 5316 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/08/08 19:56:26.0548 5316 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/08/08 19:56:26.0642 5316 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/08/08 19:56:26.0689 5316 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/08/08 19:56:26.0751 5316 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/08/08 19:56:26.0985 5316 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/08/08 19:56:27.0110 5316 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
    2011/08/08 19:56:27.0204 5316 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/08/08 19:56:27.0328 5316 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/08/08 19:56:27.0375 5316 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/08/08 19:56:27.0484 5316 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/08/08 19:56:27.0656 5316 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/08/08 19:56:27.0796 5316 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/08/08 19:56:27.0874 5316 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/08/08 19:56:27.0984 5316 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/08/08 19:56:28.0093 5316 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/08/08 19:56:28.0202 5316 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/08/08 19:56:28.0342 5316 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/08/08 19:56:28.0405 5316 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/08/08 19:56:28.0483 5316 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/08/08 19:56:28.0576 5316 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/08/08 19:56:28.0639 5316 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/08/08 19:56:28.0748 5316 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/08/08 19:56:28.0826 5316 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/08/08 19:56:28.0888 5316 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/08/08 19:56:28.0998 5316 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/08/08 19:56:29.0076 5316 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/08/08 19:56:29.0232 5316 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/08/08 19:56:29.0294 5316 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/08/08 19:56:29.0403 5316 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    2011/08/08 19:56:29.0544 5316 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/08/08 19:56:29.0653 5316 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\Windows\system32\DRIVERS\rismc32.sys
    2011/08/08 19:56:29.0762 5316 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/08/08 19:56:29.0871 5316 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
    2011/08/08 19:56:30.0012 5316 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/08/08 19:56:30.0105 5316 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/08/08 19:56:30.0261 5316 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/08/08 19:56:30.0402 5316 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/08/08 19:56:30.0542 5316 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/08/08 19:56:30.0604 5316 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/08/08 19:56:30.0729 5316 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/08/08 19:56:30.0854 5316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/08/08 19:56:30.0963 5316 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/08/08 19:56:31.0072 5316 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/08/08 19:56:31.0213 5316 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/08/08 19:56:31.0353 5316 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/08/08 19:56:31.0447 5316 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/08/08 19:56:31.0525 5316 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/08/08 19:56:31.0618 5316 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/08/08 19:56:31.0743 5316 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/08/08 19:56:31.0852 5316 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/08/08 19:56:31.0977 5316 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/08/08 19:56:32.0086 5316 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/08/08 19:56:32.0305 5316 SNP2UVC (869d33035d5ca4b5bc58777b8fd1f47f) C:\Windows\system32\DRIVERS\snp2uvc.sys
    2011/08/08 19:56:32.0476 5316 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/08/08 19:56:32.0601 5316 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/08/08 19:56:32.0695 5316 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/08/08 19:56:32.0773 5316 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/08/08 19:56:32.0866 5316 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/08/08 19:56:33.0007 5316 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/08/08 19:56:33.0069 5316 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/08/08 19:56:33.0163 5316 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/08/08 19:56:33.0272 5316 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/08/08 19:56:33.0459 5316 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/08/08 19:56:33.0584 5316 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/08/08 19:56:33.0678 5316 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/08/08 19:56:33.0740 5316 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/08/08 19:56:33.0818 5316 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/08/08 19:56:33.0896 5316 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/08/08 19:56:33.0990 5316 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/08/08 19:56:34.0146 5316 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    2011/08/08 19:56:34.0270 5316 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/08/08 19:56:34.0364 5316 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/08/08 19:56:34.0489 5316 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/08/08 19:56:34.0598 5316 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys
    2011/08/08 19:56:34.0738 5316 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/08/08 19:56:34.0863 5316 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/08/08 19:56:34.0941 5316 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/08/08 19:56:35.0097 5316 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/08/08 19:56:35.0206 5316 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/08/08 19:56:35.0316 5316 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/08/08 19:56:35.0425 5316 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/08/08 19:56:35.0550 5316 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/08/08 19:56:35.0659 5316 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
    2011/08/08 19:56:35.0752 5316 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/08/08 19:56:35.0846 5316 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/08/08 19:56:35.0955 5316 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/08/08 19:56:36.0049 5316 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/08/08 19:56:36.0158 5316 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/08/08 19:56:36.0252 5316 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/08/08 19:56:36.0439 5316 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/08/08 19:56:36.0517 5316 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/08/08 19:56:36.0642 5316 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/08/08 19:56:36.0751 5316 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/08/08 19:56:36.0860 5316 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/08/08 19:56:36.0969 5316 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/08/08 19:56:37.0047 5316 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/08/08 19:56:37.0156 5316 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/08/08 19:56:37.0219 5316 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/08/08 19:56:37.0297 5316 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/08/08 19:56:37.0375 5316 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/08/08 19:56:37.0484 5316 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/08/08 19:56:37.0578 5316 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/08/08 19:56:37.0687 5316 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/08/08 19:56:37.0796 5316 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/08 19:56:37.0874 5316 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/08/08 19:56:37.0999 5316 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/08/08 19:56:38.0108 5316 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    2011/08/08 19:56:38.0202 5316 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/08/08 19:56:38.0342 5316 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/08/08 19:56:38.0420 5316 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/08/08 19:56:38.0623 5316 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/08/08 19:56:38.0748 5316 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/08/08 19:56:38.0872 5316 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/08/08 19:56:38.0997 5316 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/08/08 19:56:39.0122 5316 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/08/08 19:56:39.0247 5316 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/08/08 19:56:39.0325 5316 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    2011/08/08 19:56:39.0387 5316 Boot (0x1200) (457229bc9c4f1cd0b396d217c6c73bb9) \Device\Harddisk0\DR0\Partition0
    2011/08/08 19:56:39.0450 5316 Boot (0x1200) (870dbe9fcc506b16b5532640b9ad1552) \Device\Harddisk0\DR0\Partition1
    2011/08/08 19:56:39.0496 5316 Boot (0x1200) (482d7ee68567105b9ebbf0e53a8bc8c4) \Device\Harddisk0\DR0\Partition2
    2011/08/08 19:56:39.0528 5316 Boot (0x1200) (099dd00afe851df9d587d0849f2fa5e0) \Device\Harddisk1\DR1\Partition0
    2011/08/08 19:56:39.0543 5316 ================================================================================
    2011/08/08 19:56:39.0543 5316 Scan finished
    2011/08/08 19:56:39.0543 5316 ================================================================================
    2011/08/08 19:56:39.0574 5624 Detected object count: 0
    2011/08/08 19:56:39.0574 5624 Actual detected object count: 0
    2011/08/08 19:56:49.0777 5296 Deinitialize success


    ComboFix:

    ComboFix 11-08-08.03 - Matthew 08/08/2011 20:15:50.1.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3036.1813 [GMT -4:00]
    Running from: c:\users\Matthew\Downloads\ComboFix.exe
    AV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\windows\jestertb.dll
    c:\windows\system32\no
    c:\windows\system32\no\DPCrProv.dll.mui
    c:\windows\system32\no\DPSDApi.dll.mui
    c:\windows\system32\SV
    c:\windows\system32\SV\DPCrProv.dll.mui
    c:\windows\system32\SV\DPSDApi.dll.mui
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-09 00:23 . 2011-08-09 00:23 -------- d-----w- c:\users\sysadmin\AppData\Local\temp
    2011-08-07 15:26 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0E431E6-7414-410D-8EB2-8051811B070D}\mpengine.dll
    2011-08-03 02:41 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A66AFE0E-82F5-4E18-B5CA-D0022E62205F}\mpengine.dll
    2011-08-02 02:36 . 2011-08-02 02:36 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\SUPERAntiSpyware.com
    2011-08-02 02:32 . 2011-08-02 02:32 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\Malwarebytes
    2011-08-02 02:23 . 2011-08-02 02:23 -------- d-----w- c:\users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
    2011-08-02 02:23 . 2011-08-02 02:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-08-02 02:22 . 2011-08-02 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-08-02 02:05 . 2011-08-02 02:05 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes
    2011-08-02 02:05 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-02 02:05 . 2011-08-02 02:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-02 02:05 . 2011-08-02 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-02 02:05 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-01 00:09 . 2011-08-01 00:09 -------- d-----w- c:\users\Matthew\AppData\Local\Mozilla
    2011-08-01 00:05 . 2011-08-01 00:05 388096 ----a-r- c:\users\QUARTE_MATT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-01 00:05 . 2011-08-01 00:05 -------- d-----w- c:\program files\Trend Micro
    2011-07-31 23:48 . 2011-07-31 23:48 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\AVG Security Toolbar
    2011-07-31 23:42 . 2011-07-31 23:42 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\AVG10
    2011-07-31 23:38 . 2011-07-31 23:38 -------- d-----w- c:\users\Matthew\AppData\Roaming\AVG10
    2011-07-31 23:37 . 2011-07-31 23:37 -------- d--h--w- c:\programdata\Common Files
    2011-07-31 23:36 . 2011-08-02 02:26 -------- d-----w- c:\programdata\AVG10
    2011-07-31 23:36 . 2011-08-02 02:23 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-07-31 23:35 . 2011-07-31 23:35 -------- d-----w- c:\program files\AVG
    2011-07-31 23:30 . 2011-08-02 02:24 -------- d-----w- c:\programdata\MFAData
    2011-07-28 02:07 . 2011-08-01 00:03 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\Spotify
    2011-07-28 02:07 . 2011-07-28 02:07 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\Spotify
    2011-07-28 02:07 . 2011-07-28 02:07 -------- d-----w- c:\program files\Spotify
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-13 03:39 . 2010-08-05 20:00 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-27 15:22 . 2011-05-27 15:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 23:14 . 2010-07-21 20:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-14 16:26 . 2011-05-07 19:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-22 202256]
    "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-10-23 842816]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
    "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
    "WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-12 113664]
    Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    "disablecad"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\0\0]
    "Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\1\0]
    "Script"=\\blue.ad.bentley.edu\SysVol\blue.ad.bentley.edu\scripts\SMS.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28266\Scripts\Logon\0\0]
    "Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-42593\Scripts\Logon\0\0]
    "Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-22 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-07-10 11520]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-11 1811704]
    S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2011-01-08 16896]
    S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 73120]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
    S2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [2005-07-21 134656]
    S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-09-25 599344]
    S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-14 659328]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-12 221912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
    .
    2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bentley.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\v2ygc2ta.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc26354.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4752)
    c:\program files\DigitalPersona\Bin\DpoFeedb.dll
    c:\program files\DigitalPersona\Bin\DpoSet.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\DigitalPersona\Bin\DpHostW.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\system32\AEADISRV.EXE
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\PHAROS~1\Core\CTskMstr.exe
    c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\wbem\WmiApSrv.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files\Epson Software\Event Manager\EEventManager.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
    c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-08 20:31:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-09 00:31
    .
    Pre-Run: 144,677,687,296 bytes free
    Post-Run: 145,338,757,120 bytes free
    .
    - - End Of File - - A07FE7B703D7C61A8109D2C5084BBC26

    aswMBR Log:

    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-08 20:53:53
    -----------------------------
    20:53:53.707 OS Version: Windows 6.1.7600
    20:53:53.707 Number of processors: 2 586 0x1706
    20:53:53.707 ComputerName: 2CE929CQCT UserName: Matthew
    20:54:19.822 Initialize success
    20:54:28.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:54:28.110 Disk 0 Vendor: ST9250410AS 0003HPM1 Size: 238475MB BusType: 11
    20:54:28.110 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000083
    20:54:28.126 Disk 1 Vendor: RICOH 01 Size: 483MB BusType: 0
    20:54:30.138 Disk 0 MBR read successfully
    20:54:30.138 Disk 0 MBR scan
    20:54:30.154 Disk 0 Windows 7 default MBR code
    20:54:30.154 Disk 0 scanning sectors +488395120
    20:54:30.247 Disk 0 scanning C:\Windows\system32\drivers
    20:54:49.981 Service scanning
    20:54:53.975 Modules scanning
    20:55:05.129 Disk 0 trace - called modules:
    20:55:05.176 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
    20:55:05.176 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fe0a00]
    20:55:05.207 3 CLASSPNP.SYS[8b3ab59e] -> nt!IofCallDriver -> [0x85fdf388]
    20:55:05.222 5 hpdskflt.sys[8b35d0be] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f01908]
    20:55:05.238 Scan finished successfully
    20:55:33.178 Disk 0 MBR has been saved successfully to "C:\Users\QUARTE_MATT\Desktop\MBR.dat"
    20:55:33.209 The log file has been saved successfully to "C:\Users\QUARTE_MATT\Desktop\aswMBR.txt"

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    lets see if we can help you out a bit.

    1.
    We need to run a CFScript.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the codebox below into it:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = *.local
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=-
    "ConsentPromptBehaviorUser"=-
    "EnableUIADesktopToggle"=-
    "PromptOnSecureDesktop"=-
    "EnableLinkedConnections"=-
    "disablecad"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    2.
    Open Firefox
    Then click Tools
    Then Click Options
    Then click the Advanced tab
    Click the Network tab
    Click on Settings
    Make sure No Proxies is checked.
    Ok your way out from there.

    3.
    Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.

    Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes' when done.

    Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

    4.
    Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with Dr.Web CureIt as follows:
    • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
    • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
    • The Express scan will automatically begin.
      (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
    • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
    • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
    • When complete, click Select All, then choose Cure > Move incurable.
      (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
    • Now put a check next to Complete scan to scan all local disks and removable media.
    • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
    • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
    • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
    • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
    • In the top menu, click file and choose save report list.
    • Save the DrWeb.csv report to your desktop.
    • Exit Dr.Web Cureit when done.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)



    Things to include in your next reply:
    MBAM log
    Dr Web log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    Are you still there?

    If you are please follow the instructions in my previous post.

    If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

    Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

    Thanks for understanding

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Aug 2011
    Posts
    7
    Points
    0

    Default

    Hi,

    Sorry for the delay I had some issues running the Dr. Web scan and it took longer than expected to run it. Below are both of the logs you requested. My computer is still having the same issues now. After I ran the ComboFix script I was able to get onto Firefox once without having to turn off the proxy settings, but after that one time everytime I start it up I still have to go back into the settings. Some other webpages aren't loading now that used to load before and it says I need to change my proxy settings. Also, when I log into my computer now I have to hit ctrl+alt+del before I log in.

    Malwarebytes' Anti-Malware 1.51.1.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7465

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    8/14/2011 9:47:30 PM
    mbam-log-2011-08-14 (21-47-30).txt

    Scan type: Quick scan
    Objects scanned: 160416
    Time elapsed: 6 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ComboFix 11-08-08.03 - Matthew 08/12/2011 16:46:39.2.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3036.1938 [GMT -4:00]
    Running from: c:\users\QUARTE_MATT\Desktop\ComboFix.exe
    Command switches used :: c:\users\QUARTE_MATT\Desktop\CFScript.txt
    AV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-12 20:55 . 2011-08-12 20:55 -------- d-----w- c:\users\sysadmin\AppData\Local\temp
    2011-08-12 20:55 . 2011-08-12 20:55 -------- d-----w- c:\users\JIMENEZ_ANDR\AppData\Local\temp
    2011-08-12 20:55 . 2011-08-12 20:55 -------- d-----w- c:\users\jenko_juli\AppData\Local\temp
    2011-08-12 20:55 . 2011-08-12 20:55 -------- d-----w- c:\users\ithomas\AppData\Local\temp
    2011-08-12 20:55 . 2011-08-12 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-09 00:31 . 2011-08-12 20:55 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\temp
    2011-08-07 15:26 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0E431E6-7414-410D-8EB2-8051811B070D}\mpengine.dll
    2011-08-03 02:41 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{A66AFE0E-82F5-4E18-B5CA-D0022E62205F}\mpengine.dll
    2011-08-02 02:36 . 2011-08-02 02:36 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\SUPERAntiSpyware.com
    2011-08-02 02:32 . 2011-08-02 02:32 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\Malwarebytes
    2011-08-02 02:23 . 2011-08-02 02:23 -------- d-----w- c:\users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
    2011-08-02 02:23 . 2011-08-02 02:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-08-02 02:22 . 2011-08-02 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-08-02 02:05 . 2011-08-02 02:05 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes
    2011-08-02 02:05 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-02 02:05 . 2011-08-02 02:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-02 02:05 . 2011-08-02 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-02 02:05 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-01 00:09 . 2011-08-01 00:09 -------- d-----w- c:\users\Matthew\AppData\Local\Mozilla
    2011-08-01 00:05 . 2011-08-01 00:05 388096 ----a-r- c:\users\QUARTE_MATT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-01 00:05 . 2011-08-01 00:05 -------- d-----w- c:\program files\Trend Micro
    2011-07-31 23:48 . 2011-07-31 23:48 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\AVG Security Toolbar
    2011-07-31 23:42 . 2011-07-31 23:42 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\AVG10
    2011-07-31 23:38 . 2011-07-31 23:38 -------- d-----w- c:\users\Matthew\AppData\Roaming\AVG10
    2011-07-31 23:37 . 2011-07-31 23:37 -------- d--h--w- c:\programdata\Common Files
    2011-07-31 23:36 . 2011-08-02 02:26 -------- d-----w- c:\programdata\AVG10
    2011-07-31 23:36 . 2011-08-02 02:23 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-07-31 23:35 . 2011-07-31 23:35 -------- d-----w- c:\program files\AVG
    2011-07-31 23:30 . 2011-08-02 02:24 -------- d-----w- c:\programdata\MFAData
    2011-07-28 02:07 . 2011-08-01 00:03 -------- d-----w- c:\users\QUARTE_MATT\AppData\Roaming\Spotify
    2011-07-28 02:07 . 2011-07-28 02:07 -------- d-----w- c:\users\QUARTE_MATT\AppData\Local\Spotify
    2011-07-28 02:07 . 2011-07-28 02:07 -------- d-----w- c:\program files\Spotify
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-13 03:39 . 2010-08-05 20:00 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-27 15:22 . 2011-05-27 15:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 23:14 . 2010-07-21 20:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-07-08 07:16 . 2011-08-09 01:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-09_00.28.08 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-21 20:25 . 2011-08-12 20:42 44672 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2011-08-12 20:42 43570 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-08-05 19:55 . 2011-08-12 20:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-08-05 19:55 . 2011-08-09 00:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-08-05 19:55 . 2011-08-12 20:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-08-05 19:55 . 2011-08-09 00:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2011-08-09 00:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2011-08-12 20:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-08-12 04:31 . 2011-08-08 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-08-12 04:31 . 2011-08-10 02:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-21 21:06 . 2011-08-10 02:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-21 21:06 . 2011-08-08 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-09-07 15:16 . 2011-08-12 20:42 6398 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1229846427-2226813820-890958922-28202_UserData.bin
    + 2011-08-12 20:38 . 2011-08-12 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-08 23:37 . 2011-08-09 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-08 23:37 . 2011-08-09 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-12 20:38 . 2011-08-12 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:05 . 2011-08-08 23:49 642484 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2011-08-12 20:46 642484 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2011-08-12 20:46 109868 c:\windows\System32\perfc009.dat
    - 2009-07-14 02:05 . 2011-08-08 23:49 109868 c:\windows\System32\perfc009.dat
    - 2009-07-14 04:47 . 2011-08-08 02:35 429556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:47 . 2011-08-12 02:52 429556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-05-09 05:12 . 2011-08-12 02:52 858348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1229846427-2226813820-890958922-28202-8192.dat
    - 2011-05-09 05:12 . 2011-08-08 02:35 858348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1229846427-2226813820-890958922-28202-8192.dat
    - 2009-07-14 02:03 . 2011-08-08 23:58 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:03 . 2011-08-12 01:46 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-22 202256]
    "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-10-23 842816]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
    "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
    "WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-12 113664]
    Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\0\0]
    "Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28202\Scripts\Logon\1\0]
    "Script"=\\blue.ad.bentley.edu\SysVol\blue.ad.bentley.edu\scripts\SMS.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-28266\Scripts\Logon\0\0]
    "Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229846427-2226813820-890958922-42593\Scripts\Logon\0\0]
    "Script"=\\blue.ad.bentley.edu\sysvol\blue.ad.bentley.edu\scripts\StudentLogin.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-22 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-07-10 11520]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-11 1811704]
    S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2011-01-08 16896]
    S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 73120]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
    S2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [2005-07-21 134656]
    S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-09-25 599344]
    S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-14 659328]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-12 221912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
    .
    2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 02:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bentley.edu/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\v2ygc2ta.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc26595.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4124)
    c:\program files\DigitalPersona\Bin\DpoFeedb.dll
    c:\program files\DigitalPersona\Bin\DpoSet.dll
    .
    Completion time: 2011-08-12 16:57:33
    ComboFix-quarantined-files.txt 2011-08-12 20:57
    ComboFix2.txt 2011-08-09 00:31
    .
    Pre-Run: 144,909,643,776 bytes free
    Post-Run: 144,875,634,688 bytes free
    .
    - - End Of File - - 625AB03BE8B9E092438D974D02E9ADF3



    Dr. Web:


    dds.scr;C:\Users\QUARTE_MATT\Desktop;Trojan.MulDrop2.44246;;

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Are you connected to the internet through a router?


    1.
    Please double-click GooredFix.exe on your Desktop to run it.
    • Select "2. Fix Goored" by typing 2 and pressing Enter.
    • Make sure all instances of Firefox are closed at this point.
    • Type y at the prompt and press Enter again.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 1 (SCAN) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    Things to include in your next reply::
    Are you connected through a router?
    Gooredfix log
    Roguekiller log
    Is Internet Explorer running ok? Or is it doing the same things as Firefox?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Aug 2011
    Posts
    7
    Points
    0

    Default

    Hi,

    I am connected through a router. It appears that internet explorer is working.

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 10:31 on 16/08/2011 (Matthew)
    Firefox version 5.0.1 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [01:27 09/08/2011]
    {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [02:10 01/09/2010]
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [22:19 29/11/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "otis@digitalpersona.com"="C:\Program Files\DigitalPersona\Bin\FirefoxExt\" [12:48 22/07/2010]

    ---------- Old Logs ----------
    GooredFix[14.27.30_16-08-2011].txt
    GooredFix[14.30.11_16-08-2011].txt

    -=E.O.F=-

    RogueKiller V5.3.1 [08/06/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/31)

    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User: Matthew [Admin rights]
    Mode: Scan -- Date : 08/16/2011 10:31:34

    Bad processes: 0

    Registry Entries: 2
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    HOSTS File:
    127.0.0.1 localhost


    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

Page 1 of 2 12 LastLast