Nestsky Virus - Page 2
Page 2 of 7 FirstFirst 1234 ... LastLast
Results 16 to 30 of 93

Thread: Nestsky Virus

  1. #16
    Join Date
    Dec 2009
    Posts
    63
    DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
    Run by SYSTEM at 22:57:19.22 on Fri 12/18/2009
    Internet Explorer: 8.0.6001.18865
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2577 [GMT -6:00]

    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\SYSTEM32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\config\systemprofile\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.1.0.19\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
    uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [sealmon.exe] c:\program files\oracle\information rights management\desktop\sealmon.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [PC Pitstop Optimize2 Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
    mRun: [PC Pitstop Optimize Scheduler] c:\program files\pcpitstop\optimize\PCPOptimize.exe -boot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    dRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
    StartupFolder: c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\scandisk.dll
    StartupFolder: c:\windows\system32\config\system~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    uPolicies-explorer: NoFolderOptions = 1 (0x1)
    uPolicies-system: DisableTaskMgr = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: jufuvowa.dll
    LSA: Notification Packages = scecli zazovuba.dll

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-11-12 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-11-12 171056]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-15 115312]
    S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\bhdrvx86.sys [2009-12-4 529456]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-11-12 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20091216.001\idsvix86.sys [2009-12-17 343088]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\ironx86.sys [2009-11-12 114736]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1101000.013\symtdiv.sys [2009-11-12 339504]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-12-12 73728]
    S2 gupdate1c9f3a03b359a1;Google Update Service (gupdate1c9f3a03b359a1);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
    S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-11-12 126392]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\atmfbus.sys [2009-11-2 38528]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\atmfcvsp.sys [2009-11-2 54656]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\atmfflt.sys [2009-11-2 11520]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\atmfmdm.sys [2009-11-2 54528]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\atmfnet.sys [2009-11-2 103424]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\atmfnvsp.sys [2009-11-2 54656]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\atmfvsp.sys [2009-11-2 54656]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys [2009-10-29 102448]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-24 21504]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-12 1840128]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\nwusbcdfil.sys [2007-8-16 13824]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-8-16 99200]

    =============== Created Last 30 ================

    2009-12-19 00:01:34 0 ----a-w- c:\windows\system32\19169.exe
    2009-12-18 23:41:30 0 ----a-w- c:\windows\system32\26500.exe
    2009-12-18 23:21:30 0 ----a-w- c:\windows\system32\6334.exe
    2009-12-18 23:01:29 0 ----a-w- c:\windows\system32\18467.exe
    2009-12-18 22:56:30 0 d-----w- c:\program files\InternetSecurity2010
    2009-12-18 22:41:29 0 ----a-w- c:\windows\system32\41.exe
    2009-12-18 22:41:03 22528 ----a-w- c:\windows\system32\winhelper86.dll
    2009-12-18 22:40:58 157184 ----a-w- C:\uwlwfa.exe
    2009-12-18 22:40:58 157184 ----a-w- \uwlwfa.exe
    2009-12-18 22:40:56 52224 ----a-w- C:\oqnqso.exe
    2009-12-18 22:40:56 52224 ----a-w- \oqnqso.exe
    2009-12-18 22:40:54 18944 ----a-w- C:\waxfhosk.exe
    2009-12-18 22:40:54 18944 ----a-w- \waxfhosk.exe
    2009-12-18 22:40:52 15000 ----a-w- c:\windows\system32\nwpse682v.dll
    2009-12-18 21:01:23 0 d-sh--w- C:\found.001
    2009-12-18 21:01:23 0 d-sh--w- \found.001
    2009-12-18 19:21:22 0 d-----w- c:\programdata\SealedMedia
    2009-12-18 06:42:27 1372 ----a-w- c:\windows\system32\clXoC.vbs
    2009-12-18 06:40:51 1372 ----a-w- c:\windows\system32\yC8R1.vbs
    2009-12-18 06:38:10 196608 ----a-w- c:\windows\system32\ctapo3232.dll
    2009-12-18 06:38:03 1372 ----a-w- c:\windows\system32\9mjx3Dl.vbs
    2009-12-18 06:37:37 196608 ----a-w- c:\windows\system32\dmvdsitf32.dll
    2009-12-18 06:37:36 1372 ----a-w- c:\windows\system32\3TwKe.vbs
    2009-12-17 06:50:11 307 ----a-w- c:\windows\Makeover.INI
    2009-12-17 06:50:07 0 d-----w- c:\program files\Makeover Plus
    2009-12-09 09:05:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-09 09:05:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-09 09:05:56 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-08 22:48:35 377344 ----a-w- c:\windows\system32\winhttp.dll
    2009-12-08 22:36:11 243712 ----a-w- c:\windows\system32\rastls.dll
    2009-12-06 23:02:51 0 d-----w- c:\program files\Delicious Emilys Holiday Season
    2009-12-06 17:31:03 0 d-----w- c:\program files\common files\DivX Shared
    2009-12-06 09:03:19 0 d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-12-06 09:02:36 0 d-----w- c:\program files\Windows Live SkyDrive
    2009-12-06 09:02:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-12-06 09:01:57 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-06 08:42:27 0 d-----w- c:\program files\common files\Windows Live
    2009-12-02 04:54:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-12-02 04:54:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-12-02 04:53:12 0 d-----w- c:\program files\iPod
    2009-12-02 04:53:09 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-02 04:53:09 0 d-----w- c:\program files\iTunes
    2009-11-26 09:04:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-25 19:20:18 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-25 19:20:17 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-25 19:20:13 714240 ----a-w- c:\windows\system32\timedate.cpl

  2. #17
    Join Date
    Dec 2009
    Posts
    63
    ==================== Find3M ====================

    2009-12-19 04:52:37 3532976128 --sha-w- \pagefile.sys
    2009-12-19 04:35:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-12-19 04:35:03 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-12-19 04:29:29 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-12-19 04:22:49 31871 ----a-w- c:\programdata\nvModes.dat
    2009-12-18 22:41:02 157184 ----a-w- \uwlwfa.exe
    2009-12-18 22:40:57 52224 ----a-w- \oqnqso.exe
    2009-12-02 04:45:35 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-02 04:45:34 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-12-02 04:45:34 143360 ----a-w- c:\windows\inf\infstor.dat
    2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-20 03:42:56 592488 ----a-w- c:\windows\system32\nvuninst.exe
    2009-11-14 00:49:00 129784 ------w- c:\windows\system32\PxAFS.DLL
    2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-08 04:56:22 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-08 04:56:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-08 04:55:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-01 19:55:07 20 ---h--w- c:\programdata\PKP_DLec.DAT
    2009-10-29 02:04:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2009-10-29 02:04:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-10-29 02:04:07 124976 ----a-w- c:\windows\system32\drivers\symevent.sys
    2009-10-21 16:45:04 33792 ----a-w- c:\windows\system32\identprv.dll
    2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2008-05-25 06:07:46 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2007-12-12 17:57:45 76 --sha-r- c:\windows\CT4CET.bin
    2009-09-18 22:46:06 45568 --sha-w- c:\windows\system32\haji***u.dll
    2009-09-18 22:46:04 39424 --sha-w- c:\windows\system32\jobobuwi.dll
    2009-09-18 22:40:58 52224 --sha-w- c:\windows\system32\jufuvowa.dll
    2009-04-11 04:28:22 29184 --sha-w- c:\windows\system32\notepad.dll
    2009-09-18 22:40:58 52224 --sha-w- c:\windows\system32\nukubufa.dll
    2009-09-18 22:40:58 52224 --sha-w- c:\windows\system32\zazovuba.dll
    2009-09-18 22:46:04 93184 --sha-w- c:\windows\system32\zepulabe.dll
    2009-04-11 04:28:22 29184 --sha-w- c:\windows\system32\config\systemprofile\ntload.dll
    2009-09-15 04:16:16 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-04-11 04:28:22 29184 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\scandisk.dll
    2007-12-13 01:31:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 23:00:50.60 ===============
    Attached Files Attached Files

  3. #18
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    This has/had some serious infection on it .

    Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

    c:\windows\system32\19169.exe
    c:\windows\system32\26500.exe
    c:\windows\system32\6334.exe
    c:\windows\system32\18467.exe
    c:\program files\InternetSecurity2010
    c:\windows\system32\41.exe
    c:\windows\system32\winhelper86.dll
    C:\uwlwfa.exe
    C:\oqnqso.exe
    C:\waxfhosk.exe

    ==

    Don't foget the Gmer log.

  4. #19
    Join Date
    Dec 2009
    Posts
    63
    I know...I don't know what I could have possibly done to get this horrible bug.

    Here are the results so far. gmer.exe is still running.

    c:\windows\system32\19169.exe - EMPTY
    c:\windows\system32\26500.exe - EMPTY
    c:\windows\system32\6334.exe - EMPTY
    c:\windows\system32\18467.exe - EMPTY
    c:\program files\InternetSecurity2010 - TROJAN'S FOUND
    c:\windows\system32\41.exe - EMPTY
    c:\windows\system32\winhelper86.dll - TROJAN'S FOUND
    C:\uwlwfa.exe - TROJAN'S FOUND
    C:\oqnqso.exe - TROJAN'S FOUND
    C:\waxfhosk.exe - TROJAN'S FOUND

  5. #20
    Join Date
    Dec 2009
    Posts
    63
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2009-12-19 01:43:36
    Windows 6.0.6002 Service Pack 2
    Running: zd69exg4.exe; Driver: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\fxldapow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\Windows\system32\drivers\iastor.sys entry point in ".rsrc" section [0x82761024]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[324] USER32.dll!DialogBoxParamW 766A10B0 5 Bytes JMP 7200541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Windows\system32\svchost.exe[760] ole32.dll!CoCreateInstance 777F9EA6 5 Bytes JMP 00A2000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[900] USER32.dll!DialogBoxParamW 766A10B0 5 Bytes JMP 7200541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!DialogBoxParamW 766A10B0 5 Bytes JMP 7200541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1388] USER32.dll!DialogBoxParamW 766A10B0 5 Bytes JMP 7200541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!DialogBoxParamW 766A10B0 5 Bytes JMP 7200541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2028] USER32.dll!DialogBoxParamW 766A10B0 5 Bytes JMP 7200541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text ...

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device -> \Driver\iaStor \Device\Harddisk0\DR0 85955618

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\system32\drivers\iastor.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
    Attached Files Attached Files

  6. #21
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Please download FileFind from Atribune:
    http://www.atribune.org/downloads/FileFind.zip

    Unzip the file and save it to your desktop.

    To run FileFind, please do the following:
    • Click on FileFind.exe
    • In the box labeled "Enter the directory to search"
    • Enter Drive eg.. C:\
    • In the box labeled "Enter the file to search"
    • Enter the file iastor.sys
    • Now click on the "Find" button
    • Once the utility has found the files click on "Export"
    • This will save a text file to your C:\ drive as "Export.txt"
    • Double click on Export.txt, copy and paste this information in your next post.

  7. #22
    Join Date
    Dec 2009
    Posts
    63
    It isnt letting me open the .zip file. Should I download a program to assist? If so, what program?

  8. #23
    Join Date
    Dec 2009
    Posts
    63
    Update:

    I was able to "fake" the virus and run Malwarebytes by dowloading http://mbam.malwarebytes.org/program/random.php. It has been running for about 10 mins now and I have 8 infected objects so far.

    I know that the HJT icon has moved and a few others, but it is listed in the Desktop folder.

    I will keep you updated and let you know. Please let me know if you have anymore steps for me.

    Thank you so much crunchie!

  9. #24
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Try downloading 7zip and use that to open the zip file, then run Filefind for me.
    Post the MBA-M log when it is done, too.

  10. #25
    Join Date
    Dec 2009
    Posts
    63
    I have managed to boot up normal and I am currently running updated scans. Here are the results in safemode..

    Malwarebytes' Anti-Malware 1.42
    Database version: 3289
    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18865

    12/19/2009 3:33:41 PM
    mbam-log-2009-12-19 (15-33-41).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
    Objects scanned: 316456
    Time elapsed: 1 hour(s), 14 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 12
    Registry Data Items Infected: 9
    Folders Infected: 0
    Files Infected: 18

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Windows\System32\zazovuba.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: zazovuba.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\System32\haji***u.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\jobobuwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\jufuvowa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\nukubufa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\zazovuba.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\Windows\System32\zepulabe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Windows\System32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\notepad.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\winsts.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\BtwSrv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

  11. #26
    Join Date
    Dec 2009
    Posts
    63
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:41:25 PM, on 12/19/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\config\systemprofile\Desktop\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] &#37;ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\2BTCgAXVa.exe" /runcleanupscript
    O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-BJ1G2.exe" /REG
    O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [zudetovomu] Rundll32.exe "zazovuba.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exter...pAntiVirus.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9f3a03b359a1) (gupdate1c9f3a03b359a1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
    O23 - Service: rpcnetp - Unknown owner - C:\Windows\System32\rpcnetp.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 13924 bytes

  12. #27
    Join Date
    Dec 2009
    Posts
    63
    DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
    Run by SYSTEM at 16:33:39.25 on Sat 12/19/2009
    Internet Explorer: 8.0.6001.18865
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2248 [GMT -6:00]

    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\SYSTEM32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    F:\SuperAntiSpywareRemoval\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Paige\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77B9ZS97\dds[1].scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.1.0.19\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
    uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
    uRun: [SUPERAntiSpyware] f:\superantispywareremoval\SUPERAntiSpyware.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\2BTCgAXVa.exe" /runcleanupscript
    mRun: [sealmon.exe] c:\program files\oracle\information rights management\desktop\sealmon.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [PC Pitstop Optimize2 Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
    mRun: [PC Pitstop Optimize Scheduler] c:\program files\pcpitstop\optimize\PCPOptimize.exe -boot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "c:\program files\malwarebytes' anti-malware\mbamext.dll"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-BJ1G2.exe" /REG
    dRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
    dRun: [SUPERAntiSpyware] f:\superantispywareremoval\SUPERAntiSpyware.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
    StartupFolder: c:\users\paige\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\users\paige\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\nikon\pictureproject in touch\PictureProjectInTouch.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    LSA: Notification Packages = scecli zazovuba.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\paige\appdata\roaming\mozilla\firefox\profiles\eaibke6f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1304867&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\paige\appdata\roaming\mozilla\firefox\profiles\eaibke6f.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\paige\appdata\roaming\mozilla\firefox\profiles\eaibke6f.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
    FF - plugin: c:\users\paige\appdata\roaming\mozilla\firefox\profiles\eaibke6f.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-11-12 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-11-12 171056]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-15 115312]
    S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\bhdrvx86.sys [2009-12-4 529456]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-11-12 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20091216.001\idsvix86.sys [2009-12-17 343088]
    S1 SASDIFSV;SASDIFSV;f:\superantispywareremoval\sasdifsv.sys [2009-12-16 9968]
    S1 SASKUTIL;SASKUTIL;f:\superantispywareremoval\SASKUTIL.SYS [2009-12-16 74480]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\ironx86.sys [2009-11-12 114736]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1101000.013\symtdiv.sys [2009-11-12 339504]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-12-12 73728]
    S2 gupdate1c9f3a03b359a1;Google Update Service (gupdate1c9f3a03b359a1);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]
    S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-11-12 126392]
    S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [2009-8-16 17408]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\atmfbus.sys [2009-11-2 38528]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\atmfcvsp.sys [2009-11-2 54656]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\atmfflt.sys [2009-11-2 11520]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\atmfmdm.sys [2009-11-2 54528]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\atmfnet.sys [2009-11-2 103424]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\atmfnvsp.sys [2009-11-2 54656]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\atmfvsp.sys [2009-11-2 54656]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys [2009-10-29 102448]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-24 21504]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-12 1840128]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\nwusbcdfil.sys [2007-8-16 13824]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-8-16 99200]
    S3 SASENUM;SASENUM;f:\superantispywareremoval\SASENUM.SYS [2009-12-16 7408]

    =============== Created Last 30 ================

    2009-12-19 22:27:24 0 d-----w- c:\users\paige\appdata\roaming\SUPERAntiSpyware.com
    2009-12-19 22:27:24 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-19 21:47:35 0 d-----w- c:\windows\system32\%LOCALAPPDATA%
    2009-12-19 20:06:36 0 d-----w- c:\program files\looks
    2009-12-19 19:15:47 696832 ----a-w- c:\windows\is-BJ1G2.exe
    2009-12-19 19:15:47 355 ----a-w- c:\windows\is-BJ1G2.lst
    2009-12-19 19:15:47 10498 ----a-w- c:\windows\is-BJ1G2.msg
    2009-12-19 06:30:43 93056 ----a-w- C:\fxldapow.sys
    2009-12-18 22:40:52 15000 ----a-w- c:\windows\system32\nwpse682v.dll
    2009-12-18 21:01:23 0 d-sh--w- C:\found.001
    2009-12-18 19:21:22 0 d-----w- c:\programdata\SealedMedia
    2009-12-18 06:42:27 1372 ----a-w- c:\windows\system32\clXoC.vbs
    2009-12-18 06:40:51 1372 ----a-w- c:\windows\system32\yC8R1.vbs
    2009-12-18 06:38:10 196608 ----a-w- c:\windows\system32\ctapo3232.dll
    2009-12-18 06:38:03 1372 ----a-w- c:\windows\system32\9mjx3Dl.vbs
    2009-12-18 06:37:37 196608 ----a-w- c:\windows\system32\dmvdsitf32.dll
    2009-12-18 06:37:36 1372 ----a-w- c:\windows\system32\3TwKe.vbs
    2009-12-17 06:50:11 307 ----a-w- c:\windows\Makeover.INI
    2009-12-17 06:50:07 0 d-----w- c:\program files\Makeover Plus
    2009-12-09 09:05:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-09 09:05:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-09 09:05:56 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-08 22:48:35 377344 ----a-w- c:\windows\system32\winhttp.dll
    2009-12-08 22:36:11 243712 ----a-w- c:\windows\system32\rastls.dll
    2009-12-06 23:02:51 0 d-----w- c:\program files\Delicious Emilys Holiday Season
    2009-12-06 21:58:54 0 d-----w- c:\users\paige\appdata\roaming\Gamelab
    2009-12-06 17:31:03 0 d-----w- c:\program files\common files\DivX Shared
    2009-12-06 17:31:02 0 d-----w- c:\program files\DivX
    2009-12-06 09:03:19 0 d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-12-06 09:02:36 0 d-----w- c:\program files\Windows Live SkyDrive
    2009-12-06 09:02:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-12-06 09:01:57 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-06 08:42:27 0 d-----w- c:\program files\common files\Windows Live
    2009-12-06 08:39:40 0 d-----w- c:\program files\Microsoft
    2009-12-03 17:41:16 0 d-----w- c:\users\paige\appdata\roaming\Reallusion
    2009-12-03 17:41:15 0 d-----w- c:\users\paige\appdata\roaming\tmp
    2009-12-02 04:54:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-12-02 04:54:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-12-02 04:53:12 0 d-----w- c:\program files\iPod
    2009-12-02 04:53:09 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-12-02 04:53:09 0 d-----w- c:\program files\iTunes
    2009-11-26 09:04:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-25 23:14:35 0 d-----r- c:\program files\Skype
    2009-11-25 19:20:18 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-25 19:20:17 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-25 19:20:13 714240 ----a-w- c:\windows\system32\timedate.cpl
    Attached Files Attached Files

  13. #28
    Join Date
    Dec 2009
    Posts
    63
    ==================== Find3M ====================

    2009-12-19 22:19:04 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2009-12-19 18:57:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2009-12-19 18:56:42 56680 ----a-w- c:\windows\system32\rpcnet.dll
    2009-12-19 04:22:49 31871 ----a-w- c:\programdata\nvModes.dat
    2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-02 04:45:35 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-02 04:45:34 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-12-02 04:45:34 143360 ----a-w- c:\windows\inf\infstor.dat
    2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-20 03:42:56 592488 ----a-w- c:\windows\system32\nvuninst.exe
    2009-11-14 00:49:00 129784 ------w- c:\windows\system32\PxAFS.DLL
    2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-08 04:56:22 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-08 04:56:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-08 04:55:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-01 19:55:07 20 ---h--w- c:\programdata\PKP_DLec.DAT
    2009-10-29 02:04:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2009-10-29 02:04:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-10-29 02:04:07 124976 ----a-w- c:\windows\system32\drivers\symevent.sys
    2009-10-21 16:45:04 33792 ----a-w- c:\windows\system32\identprv.dll
    2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2008-05-25 06:07:46 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2007-12-12 17:57:45 76 --sha-r- c:\windows\CT4CET.bin
    2009-09-15 04:16:16 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2007-12-13 01:31:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 16:43:33.90 ===============

  14. #29
    Join Date
    Dec 2009
    Posts
    63
    Quote Originally Posted by crunchie View Post
    Please download FileFind from Atribune:
    http://www.atribune.org/downloads/FileFind.zip

    Unzip the file and save it to your desktop.

    To run FileFind, please do the following:
    • Click on FileFind.exe
    • In the box labeled "Enter the directory to search"
    • Enter Drive eg.. C:\
    • In the box labeled "Enter the file to search"
    • Enter the file iastor.sys
    • Now click on the "Find" button
    • Once the utility has found the files click on "Export"
    • This will save a text file to your C:\ drive as "Export.txt"
    • Double click on Export.txt, copy and paste this information in your next post.
    I am able to run this program..however, when I click "Search" it says "Not Responding"...is that the way this program runs?
    Attached Files Attached Files

  15. #30
    Join Date
    Dec 2009
    Posts
    63
    It worked

    C:\Drivers\storage\R154200\iastor.sys - 277784 Bytes
    C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\drivers\iaStor.sys - 277784 Bytes
    C:\Windows\System32\drivers\iaStor.sys - 277784 Bytes
    C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys - 277784 Bytes
    C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys - 277784 Bytes

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •